28,407
社区成员
发帖
与我相关
我的任务
分享◆ 为什么 COM 组件访问被拒绝?
写了一个文件上传组件,共ASP程序调用,可是IE报告什么“对此对象的访问被拒”,这是为什么呀?
IE报告的错误如下:
错误类型:
服务器对象, ASP 0178 (0x80070005)
检查权限时Server.CreateObject 的调用失败。对此对象的访问被拒。
/eis/courbrows2/photoin.asp, 第 25 行
第25行的代码是:
Set objUpload = Server.CreateObject("aspcn.upload")
IE报告的错误如下:
错误类型:
服务器对象, ASP 0178 (0x80070005)
检查权限时Server.CreateObject 的调用失败。对此对象的访问被拒。
/eis/courbrows2/photoin.asp, 第 25 行
第25行的代码是:
Set objUpload = Server.CreateObject("aspcn.upload")
...全文
请发表友善的回复…
发表回复
DaQiangZi 2002-12-10
- 打赏
- 举报
不过按照第一种方法设置后,控件确实可以使用了,真是奇怪。
DaQiangZi 2002-12-09
- 打赏
- 举报
如果没注册回报什么 无效的ProgID。
这个控件在新装的2000 Server上曾经正常过,但装了一个VB的程序后好像就不行了。
什么情况会导致访问被拒呀?
这个控件在新装的2000 Server上曾经正常过,但装了一个VB的程序后好像就不行了。
什么情况会导致访问被拒呀?
DaQiangZi 2002-12-09
- 打赏
- 举报
注册了,注册表里都找到了。
Reker熊 2002-12-09
- 打赏
- 举报
注册了没有?
regsvr32 dll路径
regsvr32 dll路径
harryyang 2002-12-09
- 打赏
- 举报
1.是否正常註冊了
2.使用元件服務器
2.使用元件服務器
yonghengdizhen 2002-12-09
- 打赏
- 举报
其实上面的两种方案都只是针对调试情况,发行版不需要考虑这个.
yonghengdizhen 2002-12-09
- 打赏
- 举报
问题只出现在调试状态下,你发行时是不存在这个问题的,因为你发行时组件并非通过vb6.exe这个dcom server去加载.也就不存在launch user和access user不一致的可能性了.
DaQiangZi 2002-12-09
- 打赏
- 举报
我是指配置DCOM
DaQiangZi 2002-12-09
- 打赏
- 举报
谢谢 yonghengdizhen(秋叶映红了天),按照第一种方法,控件可以正常工作了。只是这种改动对于软件的发布太不利了,总不能要求用户去做这些改动吧。这个程序的发布是通过安装程序打包,再刻成光盘分发的,在运行安装程序时,会自动创建虚目录,注册控件。
请问有没有方法自动的完成这些设置?
请问有没有方法自动的完成这些设置?
yonghengdizhen 2002-12-09
- 打赏
- 举报
STATUS
This behavior is by design.
这是DCOM处于安全性考虑,设计上的限制,并非BUG
This behavior is by design.
这是DCOM处于安全性考虑,设计上的限制,并非BUG
yonghengdizhen 2002-12-09
- 打赏
- 举报
Workaround 2
For debugging purposes, configure the Application Protection of Virtual Directory where the ASP page resides to "High (Isolated)." This forces the ASP page to run in its own process, which allows the security to be changed without affecting the rest of the Web site.
Start Internet Services Manager.
Right-click the Virtual Directory where the ASP page resides, and then click Properties.
Click the Virtual Directory tab, and then select High (Isolated) in the Application Protection drop-down list.
Click Apply.
Turn off Anonymous Access for this Virtual Directory and make sure Integrated Windows authentication or Basic authentication is selected:
On the Properties dialog box for the Virtual Directory, click the Directory Security tab.
Click Edit for Anonymous access and authentication control.
Make sure that the Anonymous access check box is cleared.
Click either Integrated Windows authentication or Basic authentication.
If Integrated Windows authentication is used, then run the client browser to access the ASP page under the same user account as the Visual Basic IDE debug session. If Basic authentication is used, enter the username and password for the same user account that the Visual Basic IDE debug session is running under.
NOTE: The second workaround assumes that the COM "Default Access Permissions" have not been altered. If the "Default Access Permissions" have never been altered, then COM constructs an access control list (ACL) that grants permission to the System account and Server Identity. In this scenario, the Server Identity is the user logged in running the Visual Basic IDE debug session. If the DCOM "Default Access Permissions" have been altered, then the second workaround requires that the user account that the Visual Basic IDE debug session is running under be added to "Default Access Permissions". This can be done by using DCOMCNFG. For more information, please see the MSDN Online Library help topic on COM Security:
For debugging purposes, configure the Application Protection of Virtual Directory where the ASP page resides to "High (Isolated)." This forces the ASP page to run in its own process, which allows the security to be changed without affecting the rest of the Web site.
Start Internet Services Manager.
Right-click the Virtual Directory where the ASP page resides, and then click Properties.
Click the Virtual Directory tab, and then select High (Isolated) in the Application Protection drop-down list.
Click Apply.
Turn off Anonymous Access for this Virtual Directory and make sure Integrated Windows authentication or Basic authentication is selected:
On the Properties dialog box for the Virtual Directory, click the Directory Security tab.
Click Edit for Anonymous access and authentication control.
Make sure that the Anonymous access check box is cleared.
Click either Integrated Windows authentication or Basic authentication.
If Integrated Windows authentication is used, then run the client browser to access the ASP page under the same user account as the Visual Basic IDE debug session. If Basic authentication is used, enter the username and password for the same user account that the Visual Basic IDE debug session is running under.
NOTE: The second workaround assumes that the COM "Default Access Permissions" have not been altered. If the "Default Access Permissions" have never been altered, then COM constructs an access control list (ACL) that grants permission to the System account and Server Identity. In this scenario, the Server Identity is the user logged in running the Visual Basic IDE debug session. If the DCOM "Default Access Permissions" have been altered, then the second workaround requires that the user account that the Visual Basic IDE debug session is running under be added to "Default Access Permissions". This can be done by using DCOMCNFG. For more information, please see the MSDN Online Library help topic on COM Security:
DaQiangZi 2002-12-09
- 打赏
- 举报
to yonghengdizhen(秋叶映红了天):
现在是允许匿名访问,你的意思是禁止匿名?
现在是允许匿名访问,你的意思是禁止匿名?
yonghengdizhen 2002-12-09
- 打赏
- 举报
SYMPTOMS
When you debug a COM+ Component in Visual Basic 6.0 on a Windows 2000-based computer, the following error message may appear in the browser when the client is an Active Server Pages (ASP) page:
Server object, ASP 0178 (0x800A0005) The call to Server.CreateObject failed while checking permissions. Access is denied to this object.
This behavior only occurs when you run the COM+ Component from within the Visual Basic integrated development environment (IDE). The error does not occur when you run the COM+ Component in a compiled state within a COM+ application.
CAUSE
The authenticating user, usually the IUSR_<machinename> account if you are using anonymous access, does not have the appropriate permissions to access the DCOM Server (VB6.exe in this case). When you are debugging COM+ Components in the Visual Basic IDE, the launching user is the interactive user; the user that is accessing the DCOM Server is the authenticating user.
Because there is no DCOM entry for VB6.exe, DCOM uses the default permissions. In Windows 2000, the DCOM Default Access Permissions are only given to the System account and the launching user by default. Because the launching user and the user accessing the DCOM Server are not the same, the error message shown in the "Symptoms" section occurs.
RESOLUTION
There are two suggested workarounds:
Workaround 1
Add a DCOM entry for VB6.exe into the registry. This enables you to set specific DCOM permissions for debugging COM+ Component in Visual Basic.
Create the entry for VB ASP Debugging in DCOM:
Start Microsoft Notepad or another text editor and type the following case-sensitive syntax:
REGEDIT4
[HKEY_CLASSES_ROOT\CLSID\{70F214BA-94E2-4bdf-8F30-32CB4A905E4D}]
@="VB ASP Debugging"
[HKEY_CLASSES_ROOT\CLSID\{70F214BA-94E2-4bdf-8F30-32CB4A905E4D}\LocalServer32]
@="vb6.exe"
[HKEY_CLASSES_ROOT\AppID\vb6.exe]
"AppId"="{70F214BA-94E2-4bdf-8F30-32CB4A905E4D}"
Save the file as Vbaspdbg.reg.
Locate the folder where you saved the Vbaspdbg.reg file and double-click the file (it automatically registers itself in the Windows registry).
Add the Everyone account to the DCOM permissions for Visual Basic ASP debugging.
Start DCOMCNFG. On the Start menu, click Run, and then type dcomcnfg in the dialog box.
On the Distributed COM Configuration Properties page, click the Applications tab, select VB ASP Debugging from the list, and then click Properties.
In the VB ASP Debugging Properties property sheet, click the Securities tab, and then click to select the Use custom access permissions check box. Click Edit.
In the Registry Value Permissions window, click Add, and then add the Everyone account for Allow Access.
Click OK, and then click Apply to apply the changes and exit the Distributed COM Configuration properties page.
When you debug a COM+ Component in Visual Basic 6.0 on a Windows 2000-based computer, the following error message may appear in the browser when the client is an Active Server Pages (ASP) page:
Server object, ASP 0178 (0x800A0005) The call to Server.CreateObject failed while checking permissions. Access is denied to this object.
This behavior only occurs when you run the COM+ Component from within the Visual Basic integrated development environment (IDE). The error does not occur when you run the COM+ Component in a compiled state within a COM+ application.
CAUSE
The authenticating user, usually the IUSR_<machinename> account if you are using anonymous access, does not have the appropriate permissions to access the DCOM Server (VB6.exe in this case). When you are debugging COM+ Components in the Visual Basic IDE, the launching user is the interactive user; the user that is accessing the DCOM Server is the authenticating user.
Because there is no DCOM entry for VB6.exe, DCOM uses the default permissions. In Windows 2000, the DCOM Default Access Permissions are only given to the System account and the launching user by default. Because the launching user and the user accessing the DCOM Server are not the same, the error message shown in the "Symptoms" section occurs.
RESOLUTION
There are two suggested workarounds:
Workaround 1
Add a DCOM entry for VB6.exe into the registry. This enables you to set specific DCOM permissions for debugging COM+ Component in Visual Basic.
Create the entry for VB ASP Debugging in DCOM:
Start Microsoft Notepad or another text editor and type the following case-sensitive syntax:
REGEDIT4
[HKEY_CLASSES_ROOT\CLSID\{70F214BA-94E2-4bdf-8F30-32CB4A905E4D}]
@="VB ASP Debugging"
[HKEY_CLASSES_ROOT\CLSID\{70F214BA-94E2-4bdf-8F30-32CB4A905E4D}\LocalServer32]
@="vb6.exe"
[HKEY_CLASSES_ROOT\AppID\vb6.exe]
"AppId"="{70F214BA-94E2-4bdf-8F30-32CB4A905E4D}"
Save the file as Vbaspdbg.reg.
Locate the folder where you saved the Vbaspdbg.reg file and double-click the file (it automatically registers itself in the Windows registry).
Add the Everyone account to the DCOM permissions for Visual Basic ASP debugging.
Start DCOMCNFG. On the Start menu, click Run, and then type dcomcnfg in the dialog box.
On the Distributed COM Configuration Properties page, click the Applications tab, select VB ASP Debugging from the list, and then click Properties.
In the VB ASP Debugging Properties property sheet, click the Securities tab, and then click to select the Use custom access permissions check box. Click Edit.
In the Registry Value Permissions window, click Add, and then add the Everyone account for Allow Access.
Click OK, and then click Apply to apply the changes and exit the Distributed COM Configuration properties page.
yonghengdizhen 2002-12-09
- 打赏
- 举报
设置站点以验证用户身份访问
逍遥小贼 2002-12-09
- 打赏
- 举报
呵呵,强烈关注中。。。。。。
DaQiangZi 2002-12-09
- 打赏
- 举报
环境是IIS5.0,NTFS,2000 Server,VB6
DaQiangZi 2002-12-09
- 打赏
- 举报
已经把那个dll的安全属性改成everyone和iusr_xxx完全控制了,重起了机器,问题依旧啊!
_TMG_ 2002-12-09
- 打赏
- 举报
把xxx.dll的安全性设置为everyone可读写, 正解
colee 2002-12-09
- 打赏
- 举报
文件目录无写权限?
孟子E章 2002-12-09
- 打赏
- 举报
这是MS的 Bug,可以到msdn找到答案
加载更多回复(3)
