PRB: Changing Permissions May Cause Web to Be Unavailable

 Last reviewed: December 9, 1997
Article ID: Q165894
The information in this article applies to:
  • Microsoft Visual InterDev, version 1.0

SYMPTOMS

With a Web project loaded, changing the Web Permissions to "Use unique permissions for this Web" and "Only registered users have browse access" may cause a failure on subsequent project loads. This will be indicated by the message: 

  "Unable to open web <WEBNAME>. Server error. Web <WEBNAME> is busy. Try
  again later."

CAUSE

This problem occurs only when the server machine is configured so that the Anonymous User for the machine is also a member of the Administrator’s group. In this case, the standard authentication protocol for any Web client will first attempt to log on as the Anonymous User. This will result in all users being logged in to the server as the anonymous user and give any user administrator privileges.

When "Only registered users have browse access" is selected, then the anonymous user is removed from the folder permissions for the Web. This results in a condition where the user will be logged in to the Web project as the Anonymous User, but will not have read permission to the Web project. The loading of project information will fail and the server operation will time out, producing the error message.

RESOLUTION

When the Anonymous User is a member of the administrator group, then any Web browser client will be able to access the machine as an administrator. This is inherently insecure, and should be avoided unless dictated by specific circumstances. The preferred workaround is to remove the Anonymous User from the Administrators group on the Web machine.

Because browsing permissions are based on the file permissions on the Web server, the only way to ensure that only registered users have browse permission is to remove the Anonymous user's read permissions on the file. If you have added the Anonymous User to the Administrator group on the machine, then it is possible for any user to work around your security and read any file on your machine. In this case, the "Only registered users have browse access" cannot be enforced so the option should be turned off. This will restore read access to the files and allow the project to be loaded by Visual InterDev.

STATUS

This behavior is by design.

MORE INFORMATION

Steps to Reproduce Behavior

  1. On the server machine, add the Anonymous User to the Administrator group.

  2. On the client machine, open a Web in Visual InterDev and access the Project/Web Permissions dialog. Select "Use unique permissions for this Web" and "Only registered users have browse access."

  3. Close the Web project.

  4. Reopen the Web project.

REFERENCES

For the latest Knowledge Base articles and other support information on Visual InterDev and Active Server Pages, see the following page on the Microsoft Technical Support site: 

   http://support.microsoft.com/support/vinterdev/


Keywords          : kbprb
Version           : 1.0
Platform          : WINDOWS
Issue type        : kbprb

================================================================================

THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.

Last reviewed: December 9, 1997
© 1998 Microsoft Corporation. All rights reserved. Terms of Use.