How IIS Launches a CGI ApplicationLast reviewed: February 3, 1998Article ID: Q160422 |
The information in this article applies to:
SYMPTOMSWhen you access an HTML page, and the anonymous account does not have access to the file, the Internet Information Server (IIS) internally reports an error message then sends the authentication method selected by the Web Administrator (Basic or Windows NT Challenge). However, CGI/ISAPI works differently. If Allow Anonymous user authentication is enabled, and you go to a URL that is protected by a Windows NT (NTFS) partition, the server will first try to run the application using the Anonymous account. If the account is allowed to run the application via NTFS, then the application will run, and the server will send the output to you.
CAUSEThe problem occurs when the Anonymous account does not have rights to the CGI. When you try to launch the CGI application, IIS uses the Anonymous user. Because the account does not have rights to the file, the process fails to run and an error message is returned via STDOUT. However, to IIS the process appears to launch and terminate normally. Because the Access Denied error message is placed in STDOUT, IIS has no way of knowing that the process failed. Therefore, it does not try any other authentication methods because the Anonymous account was able to launch the process. IIS uses the createprocessasuser API call to launch the CGI application. Createprocessasuser will terminate normally if the user does not have NTFS rights to that CGI/ISAPI application.
WORKAROUNDUse one of the following methods: WARNING: Using Registry Editor incorrectly can cause serious, system-wide problems that may require you to reinstall Windows NT to correct them. Microsoft cannot guarantee that any problems resulting from the use of Registry Editor can be solved. Use this tool at your own risk.
|
Additional query words: iis
© 1998 Microsoft Corporation. All rights reserved. Terms of Use. |