How to deploy data access pages over the

Internet
Data access pages permit you to create data-bound Web pages that you can view in
Microsoft Internet Explorer 5.0 or later. These Web pages are typically intended for
intranet use. However, with special considerations, data access pages can be deployed
successfully over the Internet. Office Web Components must be installed on the
computer that views the data access pages. By default, the components are installed with
any Microsoft Office 2000 installation.

This article describes considerations that you must be aware of before you can deploy
data access pages over the Internet. These considerations do not address possible security
issues. If you have possible security issues, or if you want additional information about
possible methods that you may use to enhance security for data access pages, see the
"References" section.

Because the majority of the steps that are involved are performed on the server, this
article assumes that you have a correctly configured Web server on the NTFS file system
partition for deployment. If you are not hosting the Web site to house the data access
pages, you must be able to work with your Internet Service Provider (ISP) to correctly
configure the Web server.

Create a User for Anonymous Access

Depending on whether you use Microsoft Windows NT 4.0, Microsoft Windows 2000, or
Microsoft Windows Server 2003, the steps that you must follow to create a user for
anonymous access may vary. On the Web server where the data access pages are located,
follow these steps:

Windows Server 2003

1. Click Start, point to All Programs, point to Administrative Tools, and then
click Computer Management.
2. Expand Local Users and Groups, and then click the Users folder.
3. On the Action menu, click New User.
4. In the User name box, type DAPInternetAccount.
5. Click to clear the User must change password at next logon check box, click to
select the User cannot change password check box, click to select the Password
never expires check box, and then click Create.
6. Click Close to close the New User dialog box, and then close the Microsoft
Management Console.
Configure Folder and File Permissions
The user who interacts with your data access pages over the Internet must have Windows
NT file permissions to the database to work with the locking (.ldb) file. This file is
created when the user works with an Access database. Therefore, you must grant the
appropriate permissions to the user who you created in the previous section. Additionally,
the user must have read permission for the folder where the Remote Data Service (RDS)
components are located. The following steps must be performed on the Web server:

Note If you deploy data access pages in an Access project (.adp), you can omit these
steps. These steps do not apply to Microsoft SQL Server.

Windows Server 2003

1. Click Start, and then click My Computer.

2. Move to the C:\program files\common files\system folder.

Note If your operating system is installed on a different logical drive, use that
drive letter.
3. Right-click the MSADC folder, click Properties, click the Security tab in the
MSADC Properties dialog box, and then click Add.
4. Replace <<Type names separated by semicolons or choose from list>> with
<ServerName>\DAPInternetAccount, where <ServerName> is the computer
name of the Web server. Click OK to close the dialog box.
5. Make sure DAPInternetAccount is selected, and then click to clear the List
Folder Contents check box for the MSADC folder.

This results in read permissions being assigned to the subdirectory.

6. Click OK to close the Msadc Properties dialog box, and then close the MSADC
folder.
7. Repeat step 1 through step 6, but select the folder where the database is located,
and then assign Full Control permissions to this folder.
8. Repeat step 1 through step 6 again, but select the database file, and then assign
Full Control permissions to this file.

By default, Windows Server 2003 permissions that are assigned to a folder

automatically propagate to the files that are in that folder. Therefore, the
DAPInternetAccount may have already inherited Full Control permissions on the
database file.

Configure the Web Server

To return data to data access pages over the Internet, you must configure remote data
services (RDS) on the Web server. You can configure RDS by using the MSADC virtual
directory on the server.

For additional information about how to configure RDS to run on a site other than the
default Web site, click the following article number to view the article in the Microsoft
Knowledge Base:
184606 (http://support.microsoft.com/kb/184606/ ) HOWTO: Use RDS from an IIS 4.0
Virtual Server
Important Microsoft does not recommend that you run Internet Information Services
(IIS) on a domain controller (or on a BDC, or on a PDC if you run Microsoft Windows
NT Server 4.0) because IIS performance is severely degraded because of the network
load and the processor load that is imposed by authentication and other roles that are
performed by domain controllers. Therefore, Microsoft does not test data access pages on
a domain controller that runs IIS and does not support this configuration.

Windows Server 2003

1. Click Start, point to All Programs, point to Administrative Tools, and then
click Internet Information Services (IIS) Manager.
2. Expand WebServer (local computer), and then expand Web Sites.

Note WebServer is the actual computer name that is assigned to your Web server.
3. Right-click Default Web Site, point to New, and then click Virtual Directory.
4. In the Virtual Directory Creation Wizard, click Next, type MSADC in the Alias
box, click Next, type C:\Program Files\Common Files\System\msadc in the Path
box, click Next two times, and then click Finish.
5. Right-click the new MSADC virtual directory, and then click Properties.
6. Move to the Execute Permissions drop-down list in the MSADC Properties
dialog box, and then click Scripts and Executables.
7. Click the Directory Security tab, and then click Edit under Authentication and
access control.
8. Click to select the Enable anonymous access check box, and then click Browse
that is next to the User name box.
9. In the Select User dialog box, move to the Enter the object name to select box,
type DAPInternetAccount, and then click OK.
10. Click OK to close the Authentication Methods dialog box.
11. Under IP address and domain name restrictions, click Edit.
12. In the IP Address and Domain Name Restrictions dialog box, click Granted
Access, and then click OK.
13. Click OK to close the MSADC Properties dialog box, and then close IIS
Manager.

Additional Configuration Settings for Windows Server 2003

You must apply the following configuration settings, or you may receive the following
error message:

Error: Safety settings on this computer prohibit accessing a data source on another
domain.
 1. Click Start, point to All Programs, point to Administrative Tools, and then
click Internet Information Services (IIS) Manager.
2. Expand WebServer (local computer) (where WebServer is the actual computer
name that is assigned to your Web server), and then expand Web Server
Extensions.
3. Click the Add a new Web service extension hyperlink.
4. When the New Web Service Extension dialog box appears, enter MSADC in the
Extension name box, and then click Add.
5. When the Add file dialog box appears, type C:\Program Files\Common
Files\System\msadc\msadcs.dll, and then click OK.
6. Click to select the Set extension status to Allowed check box, and then click
OK.
7. Close IIS Manager.

Modify the Msdfmap.ini File

You can use the Msdfmap.ini file on the Web server to permit data connections to the
server. You can modify this file in a variety of ways to permit data connections or to limit
connections to a particular database.

1. On the Web server, open the Msdfmap.ini file in Notepad.

This file is found in the \WINNT folder.

2. In the "[connect default]" section, change:
3. Access=NoAccess

-to-

Access=ReadWrite

You make this change to permit read connections and to permit write connections
to all data connections that are on the server.

4. In the "[sql default]" section, change:

5. sql=" "

-to-

;sql=" "

You make this change to permit you to use any SQL statement against any data
source on the Web server.
 6. Save and then close the Msdfmap.ini file.

Where to Put the Database and the Data Access Pages

Although not required, you can store the database on the Web server with the data access
pages. However, to enhance security, put the database in a folder other than the Web site
folder. By default, when you install IIS, the Web site folder is c:\inetpub\wwwroot.
Because the wwwroot folder is typically open to the public, a malicious user may
potentially download the database. To enhance security, put the database in a different
folder on the Web server, such as c:\inetpub.

Modify the Data Access Pages

Because data access pages look on the client side to find the data source, routine
deployment of data access pages does not work over the Internet. Instead, you must
configure three-tier data access pages by using the UseRemoteProvider property of the
page. While certain steps in this article may be modified depending on the security
settings that you select, this section must be completed to successfully deploy three-tier
data access pages.

1. Open the data access page in Design view.

2. On the View menu, if the property sheet does not appear, click Properties.
3. On the Edit menu, click Select Page.
4. On the Data tab, change the UseRemoteProvider property to True.
5. On the View menu, if the field list does not appear, click Field List.
6. Right-click the name of the database that is at the top of the field list, and then
click Connection.
7. Verify that the connection string points to a path that can be seen from the Web
server.
8. Click OK to close the Data Link Properties dialog box.
9. Close and then save the data access page.

Important If you are not hosting the Web site, you may not be able to save changes to
data access pages that are opened directly in Access 2000 by using the URL for the data
access pages. Instead, open the data access pages in Microsoft FrontPage 2000, and then
edit the connection string manually as follows:

Note You must change the UseRemoteProvider property to true in Access before you
open the data access pages in FrontPage 2000.

1. Start FrontPage 2000.

2. On the File menu, click Open.
3. Type the URL for your data access page on the Web server, and then click OK.
4. On the lower-right side of the screen, click the HTML tab.
5. On the Edit menu, click Find.
6. Type ConnectionString, and then click Find Next.
7. Edit the "Data Source" section of the connection string so that it points to the path
of the database on the Web server.
8. Open the URL for the data access page in Internet Explorer 5.0 or later to test the
deployment.