Microsoft Knowledge Base Article - 264080

ACC2000: How to Deploy Data Access Pages over the Internet

The information in this article applies to: Microsoft Access 2000

This article was previously published under Q264080

Advanced: Requires expert coding, interoperability, and multiuser skills.

This article applies to a Microsoft Access database (.mdb) and to a Microsoft Access project (.adp).

For a Microsoft Access 2002 version of this article, see 291783.

SUMMARY
Data access pages enable you to create data bound Web pages that can be viewed in Microsoft Internet Explorer 5 or later. These Web pages are typically intended for Intranet use; however, with special considerations, they can be deployed successfully over the Internet. Note that the Office Web Components are installed on the computer viewing the data access page. The components are installed by default with any Office 2000 installation.

This article discusses considerations for deploying data access pages over the Internet without addressing any major security concerns. This article is intended to help you deploy a page over the Internet and outline the steps necessary to get a page working. If you have any security concerns or are interested in learning about the methods that you can use to secure your page, please consult the white papers that are referenced at the end of this article.

Because the majority of the steps involved are performed on the server, this article assumes that you have a properly configured Web server on an NTFS partition for deployment. If you are not hosting the Web site to house the data access pages, you must be able to work with your Internet Service Provider (ISP) to properly configure the Web server.

This article discusses the following topics:

  • Creating a User for Anonymous Access
  • Configuring Folder and File Permissions
  • Configuring the Web Server
  • Modifying the Msdfmap.ini File
  • Where to Place the Database and Data Access Pages
  • Modifying the Data Access Page

    MORE INFORMATION

    Creating a User for Anonymous Access

    The following steps must be performed on the Web server where the data access pages are located and they are different, depending on whether you are using Microsoft Windows NT 4.0 or Microsoft Windows 2000.

    Windows NT 4.0

    1. Click Start, point to Programs, point to Administrative Tools (Common), and then click User Manager for Domains.
    2. On the User menu, click Select Domain.
    3. Enter the computer name of the Web server, and then click OK. Note that this is not the HTTP address of the server.
    4. On the User menu, click New User.
    5. Type DAPInternetAccount in the Username box.
    6. Click to clear the User Must Change Password at Next Logon check box, click to select the User Cannot Change Password check box, and then click to select the Password Never Expires check box.
    7. Click Add, and then click Close to close the dialog box.
    Windows 2000
    1. Click Start, point to Programs, point to Administrative Tools, and then click Computer Management.
    2. Expand Local Users and Groups, and then click the Users folder.
    3. On the Action menu, click New User.
    4. Type DAPInternetAccount in the User name box.
    5. Click to clear the User must change password at next logon check box, click to select the User cannot change password check box, click to select the Password never expires check box, and then click Create.
    6. Click Close to close the New User dialog box, and then close the Microsoft Management Console.

    Configuring Folder and File Permissions

    The users that interact with your data access pages over the Internet must have Windows NT file permissions to the database in order to work with the locking file (.ldb file) that is created when working with an Access database. Therefore, you must grant the appropriate permissions to the user that you created in the previous section. In addition, users must have Read permission for the folder where the Remote Data Service (RDS) components are located. These steps must be performed on the Web server.

    NOTE: If you are deploying a page in an Access project (ADP), you can omit these steps, because they will not apply to Microsoft SQL Server.

    Windows NT 4.0
    1. Double-click My Computer on the desktop.
    2. Browse to the C:\Program Files\Common Files\System folder. If your operating system is installed on a different logical drive, use that drive letter.
    3. Right-click the MSADC folder, click Properties, and then click the Security tab in the MSADC Properties dialog box.
    4. Click Permissions, and then click Add.
    5. Type <ServerName>\DAPInternetAccount in the Add Names box (where <ServerName> is the computer name of the Web server), and then click OK to close the dialog boxes.
    6. Assign Read permissions for DAPInternetAccount to the MSADC folder, and then close the MSADC Properties and folder.
    7. Repeat steps 1 through 6, but this time, select the folder where the database is located. Assign Full Control permissions to this folder.
    8. Repeat steps 1 through 6 again, but this time, select the database file itself. Assign Full Control permissions to this file.
    NOTE: If the Replace Permissions on Existing Files option is selected for the folder, the database file will inherit the permissions from the folder where it resides.

    Windows 2000
    1. Double-click My Computer on the desktop.
    2. Browse to the C:\Program Files\Common Files\System folder. If your operating system is installed on a different logical drive, use that drive letter.
    3. Right-click the MSADC folder, click Properties, click the Security tab in the Msadc Properties dialog box, and then click Add.
    4. Replace <<Type names separated by semicolons or choose from list>> with <ServerName>\DAPInternetAccount, where <ServerName> is the computer name of the Web server, and then click OK to close the dialog box.
    5. Make sure DAPInternetAccount is selected, and then click to clear the List Folder Contents check box for the MSADC folder. This will result in Read permissions being assigned to the subdirectory. Click OK to close the Msadc Properties dialog box, and then close the folder.
    6. Repeat steps 1 through 6, but this time, select the folder where the database is located, and then assign Full Control permissions to this folder.
    7. Repeat steps 1 through 6 again, but this time, select the database file itself, and assign Full Control permissions to this file.
    NOTE: If the Allow inheritable permissions from parent to propagate to this object option is selected for the file, the database file will inherit the permissions from the folder where it resides.

    Configuring the Web Server

    In order to return data to a data access page over the Internet, you must configure remote data services (RDS) on the Web server. This is done with the MSADC virtual directory on the server. These steps will show you how to configure RDS if your pages are deployed under the Default Web Site in IIS. For additional information about configuring RDS to run on a site other than the Default Web, click the article number below to view the article in the Microsoft Knowledge Base:

    184606 HOWTO: Use RDS From an IIS 4.0 Virtual Server

    IMPORTANT: Microsoft does not recommend running Internet Information Services on a domain controller (or BDC/PDC if you are running Microsoft Windows NT Server 4.0), because IIS performance is severely degraded due to the networking and the processor load imposed by authentication and other roles that are performed by domain controllers. Therefore, Microsoft does not test data access pages on a domain controller that runs IIS and does not support this configuration.

    1. Open Internet Services Manager on the Web server. On Windows NT Server 4.0, click Start, point to Programs, point to Windows NT 4.0 Option Pack, point to Microsoft Internet Information Server, and then click Internet Service Manager. On Windows 2000, click Start, point to Programs, point to Administrative Tools, and then click Internet Services Manager.
    2. Expand the Default Web Site.
    3. Right-click the MSADC virtual directory, and then click Properties.
    4. Click the Directory Security tab in the Msadc Properties dialog box.
    5. Click Edit under Anonymous Access and Authentication Control.
    6. Make sure that the Allow Anonymous Access check box is selected, and then click the Edit button beside Account used for Anonymous Access.
    7. Type DAPInternetAccount.
    8. On Windows NT 4.0, click to select the Enable Automatic Password Synchronization check box. On Windows 2000, click to select the Allow IIS to Control Password check box.
    9. Click OK to close the dialog boxes and return to the Internet Services Manager.Windows 2000 Server Only:
    10. On a clean installation of Windows 2000 Server, the MSADC virtual directory defaults to access denied for all IP addresses and domain names. For additional information about configuring RDS on Windows 2000, click the article number below to view the article in the Microsoft Knowledge Base:

    250536 HOWTO: Configure RDS for Windows 2000

    Modifying the Msdfmap.ini File

    The Msdfmap.ini file on the Web server is used to allow data connections to the server. You can modify this file in a variety of ways to allow any data connection or limit connections to a particular database.
    1. On the Web server, open the Msdfmap.ini file in Notepad. This file is found in the \WINNT folder.
    2. In the [connect default] section, change:

      Access=NoAccess
      to read:

      Access=ReadWrite
      This allows read and write connections to all data connections on the server.
    3. In the [sql default] section, change:

      sql=" "
      to:

      ;sql=" "
      This allows for any SQL statement against any data source on the Web server.
    4. Save and close the Msdfmap.ini file.

    Where to Place the Database and Data Access Pages

    Although not a requirement, storing the database on the Web server with the data access pages is the simplest means of deployment. For security purposes, however, place the database in a folder other than the Web site folder. By default, when installing IIS, this is C:\Inetpub\wwwroot. Because the wwwroot folder is typically open to the public, a malicious user could potentially download the database. For added security, place the database in a different folder on the Web server, such as C:\Inetpub.

    Modifying the Data Access Page

    Because data access pages look on the client side to find the data source, routine deployment of a page would not work over the Internet. Instead, you must configure 3-tier data access using the UseRemoteProvider property of the page. While certain steps of this article may be modified, depending upon the security settings you choose, this section must be completed to successfully deploy 3-tier data access pages.

    1. Open the data access page in Design view.
    2. If the property sheet is not displayed, on the View menu, click Properties.
    3. On the Edit menu, click Select Page.
    4. On the Data tab, change the UseRemoteProvider property to True.
    5. If the field list is not displayed, on the View menu, click Field List.
    6. Right-click the name of the database at the top of the field list, and then click Connection.
    7. Verify that the connection string is pointing to a path that can be seen from the Web server.
    8. Click OK to close the Data Link Properties dialog box.
    9. Close and save the page.

    IMPORTANT: If you are not hosting the Web site, you may not be able to save changes to data access pages that are opened directly in Access 2000 by using the URL for the page. Instead, open the page in Microsoft FrontPage 2000, and edit the connection string manually as follows. Be sure to change the UseRemoteProvider property to True in Access before you open the page in FrontPage 2000.

    1. Start FrontPage 2000, and then click Open on the File menu.
    2. Type the URL for your data access page on the Web server, and then click OK.
    3. Click the HTML tab at the lower-right side of the screen.
    4. On the Edit menu, click Find.
    5. Type ConnectionString, and then click Find Next.
    6. Edit the Data Source portion of the connection string to the path of the database on the Web server.
    7. To test the deployment, open the URL for the data access page(s) in Internet Explorer 5.0 or later.
    REFERENCES
    For additional information about deploying data access pages and additional security concerns and configurations, please see the following white paper from MSDN online at the following Microsoft Web site:

    "Deploying Data Access Pages on the Internet or Your Intranet" at http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnacc2k2/html/deploydap.asp

    For additional information about the requirements for using the Office Web Components which perform the data binding for data access pages, please see the following white paper from MSDN online at the following Microsoft Web site:

    "Requirements for Office Web Components" at http://msdn.microsoft.com/library/officedev/off2krk/05t2_3.htm

    For additional information about working with data access pages in FrontPage 2000, please see the following white paper from MSDN online at the following Microsoft Web site:

    "Working with Data Access Pages in FrontPage 2000" at http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnfp2kta/html/acfpdap.asp

    For additional information about working with .ldb files, click the article number below to view the article in the Microsoft Knowledge Base:

    208778 ACC2000: Introduction to .ldb Files

    For additional information about modifying the Msdfmap.ini file on the Web server, click the article number below to view the article in the Microsoft Knowledge Base:

    230680 INFO: Working with RDS Handlers