ASP.NET Configuration for a .NET Project

You can configure ASP.NET for a Web service project before or after you deploy the project to an IIS 7.5 or later server.

All files and directories that you access from a Web service application on a Web server must have appropriate IIS_IUSRS (IIS 7.5 or later) user permissions.

Note

You do not need to install IIS on the development computer for PowerBuilder applications or components unless you are using the same computer as a server for Web service components. IIS is also not required on end users' computers.

For an example of granting user permissions to a directory, see Setting Up a SQL Anywhere Database Connection.

When you deploy directly to a remote computer, system information about the deployment computer, including its OS and IIS versions, is passed to PowerBuilder through the Windows Management Instrumentation (WMI) interface. Deployment through the WMI interface requires administrator privileges. If you make any changes to administrator accounts on a remote computer, you will probably need to reboot that computer before you can deploy a .NET Web project from PowerBuilder.

If you deploy to an MSI setup file, and run the setup file on a deployment computer, PowerBuilder can use the Windows API to obtain information about the OS and IIS versions on that computer.

  • IIS Installation

  • Selecting the Default ASP.NET Version

    If you installed multiple versions of the .NET Framework on the target Web server, you should make sure that IIS uses a supported version for the .NET assembilies or Web services.

  • Setting Up a SQL Anywhere Database Connection

    Full control permissions are required for directories containing databases that you need to access from your .NET Web services.

  • Configuration Requirements for Windows 7 and Later

    When you run PowerBuilder on Windows 7 or later under a standard user account, and attempt to deploy Web Service projects, the User Account Control (UAC) dialog box appears. This dialog box allows you to elevate your privileges for the purpose of deployment.

IIS Installation

On Windows 7 and later, go to the Programs and Features page in the Control Panel, select Turn Windows features on or off, and select Internet Information Services.

If IIS 7.5 or later is installed after the .NET Framework, you must register IIS with ASP.NET manually or reinstall the .NET Framework. To manually register IIS with ASP.NET, go to the .NET Framework path, run aspnet_regiis.exe -i in the command line console, and restart IIS.

Selecting the Default ASP.NET Version

If you installed multiple versions of the .NET Framework on the target Web server, you should make sure that IIS uses a supported version for .NET Assemblies or Web Services.

You can make this change globally, for all ASP.NET Web site applications, or for individual applications that you deploy to IIS.

In IIS 7.5 and later, set the .NET Framework version for the application pool your applications use. For more information, see Configuration Requirements for Windows 7 and Later.

  1. Select Start > Run from the Windows Start menu.

  2. Type InetMgr in the Run dialog box list.

  3. In the left pane of the IIS Manager, expand the local computer node and its Web Sites sub-node.

  4. One of the following:

    • For all new Web sites, right-click the Default Web Site node and select Properties.

    • For already deployed projects, expand the Web site node and right-click the .NET Assembly or Web Service that you deployed from PowerBuilder.

  5. Specify the ASP.NET or .NET Framework version.

    • On Windows 7 and later, set the .NET Framework version used by your NVO Web service deployment:

      1. In the IIS Manager, open the Application Pools node underneath the machine node.

      2. Right-click the PBDotNet4AppPool filter and choose Advanced Settings.

      3. Set the .NET Framework Version to 4.x.

Setting Up a SQL Anywhere Database Connection

Full control permissions are required for directories containing databases that you need to access from your .NET Web Service applications.

Before the .NET Web Service connects to a SQL Anywhere database, you must either start the database manually or grant the IIS_IUSRS (IIS 7.5 or later) default permissions for the Appeon\Shared and SAP SQL Anywhere directories, making sure to replace permissions of all child objects in those directories.

Note

If your database configuration uses a server name, you must provide the database server name in the start-up options when you start the database manually, in addition to the name of the database file you are accessing.

If you do not grant the appropriate user permissions for Appeon directories and your database configuration is set to start the database automatically, your application will fail to connect to the database. SQL Anywhere cannot access files unless the IIS_IUSRS user group has the right to access them.

  1. In Windows Explorer, right-click the Appeon, Appeon\Shared or SAP SQL Anywhere directory and select Properties from the context menu.

  2. Select the Security tab of the Properties dialog box for the directory and click Add. On Windows 7 and later, click Edit and then Add.

    Note

    To show the Security tab of the Select Users, Computers, or Groups dialog box, you might need to modify a setting on the View tab of the Folder Options dialog box for your current directory. You open the Folder Options dialog box by selecting the Tools > Folder Options menu item from Windows Explorer. To display the Security tab, you must clear the check box labeled "Use simple file sharing (Recommended)"

  3. Click Locations, choose the server computer name from the Locations dialog box, and click OK.

  4. Type IIS_IUSRS (IIS 7.5 or later) in the list box labeled "Enter the object names to select" and click OK.

    If valid for your server, the account name you entered is added to the Security tab for the current directory. You can check the validity of a group or user name by clicking Check Names before you click OK.

  5. Select the new account in the top list box on the Security tab, then select the check boxes for the access permissions you need under the Allow column in the bottom list box.

    You must select the Full Control check box for a directory containing a database that you connect to from your application.

  6. Click Advanced.

  7. Select the check box labeled "Replace permission entries on all child objects with entries shown here that apply to child objects" and click OK.

    A Security dialog box appears, and warns you that it will remove current permissions on child objects and propagate inheritable permissions to those objects, and prompts you to respond.

  8. Click Yes at the Security dialog box prompt, then click OK to close the Properties dialog box for the current directory.

    The pbtrace.log file is created in the applicationName_root directory. This file records all runtime exceptions thrown by the application and can be used to troubleshoot the application.

Configuration Requirements for Windows 7 and Later

When you run PowerBuilder on Windows 7 or later under a standard user account, and attempt to deploy Web Service projects, the User Account Control (UAC) dialog box appears. This dialog box allows you to elevate your privileges for the purpose of deployment.

Deploying .NET targets to a remote Windows 7 or later computer might require changes to the Windows firewall, UAC, or the Distributed Component Object Model (DCOM) settings:

Settings for

Required changes

Windows firewall

Enable exceptions for WMI and file and printer sharing

UAC (When you are not running PowerBuilder with the built-in Administrator account)

If the development and deployment computers are in the same domain, connect to the remote computer using a domain account that is in its local Administrators group. Then UAC access token filtering does not affect the domain accounts in the local Administrators group. You should not use a local, nondomain account on the remote computer because of UAC filtering, even if the account is in the Administrators group. If the development and deployment computers are in the same workgroup, UAC filtering affects the connection to the remote computer even if the account is in the Administrators group. The only exception is the native "Administrator" account of the remote computer, but you should not use this account because of security issues. Instead, you can turn off UAC on the remote computer. and if the account you use has no remote DCOM access rights, you must explicitly grant those rights to the account.

DCOM

Grant remote DCOM access, activation, and launch rights to a nondomain user account in the local Administrators group of the remote computer if that is the type of account you are using to connect to the remote computer.