C # calls Excel to function correctly on VS, deployment is not implemented on IIS, the difference between running pages in VS and running in IIS after publishing

Found an article, very well, to solve the problem; Thank Yumbo Lord! Take a note.

Address: http://www.cnblogs.com/zhongxinWang/p/3275154.html

Publish a Web program on IIS that calls the server's COM component

In general, there are many PDA points in the factory, all of which have to be scanned in real-time-printing operations. The implementation method is to use a network printer, and then the server installed drivers, management of all printers. Then the server, the release of a webservice, to each PDA on the program to make calls, PDA in order to print the time, the use of this service, pass the corresponding parameters, to the server, and then by the server to select the printer (of course, the PDA wants the printer).

In addition, when the server chooses the printer for printing, to call bartender to print, this time, the Web program published on IIS will access COM error, like the internet spread of access to Excel, Word and so on.

Thanks to the bloggers below.

Ext.: http://blog.csdn.net/yangtze_nancy/article/details/5933634

problem Description: recently made a Web application need to manipulate Excel files, in the development environment, the program test normal, after deployment to IIS program operation Excel file,IIS error, errors appear in the creation The statements for the Excel process are as follows:

New ApplicationClass ();

IIS The prompt is as follows: retrieving components of the CLSID {00024500-0000-0000-c000-000000000046} in a COM class factory failed because of the following error: 80070005.

exception Details : ASP. NET is not authorized to access the requested resource. Consider granting an ASP. NET request to identify permissions to access this resource. ASP. NET has a base process identity that is used when the application does not impersonate (typically, {machine}/aspnet on IIS 5 , and Network Service on IIS 6 ). If the application is impersonating by <identity impersonate= "true"/>, the identity will be the anonymous user (typically iusr_machinename) or the authenticated requesting user.

Problem Analysis:

Refer to "Impersonation", "Network Service user" and "anonymous user" in the exception details, then analyze these conceptual meanings first.

(i) Web. config configuration

1, identity impersonate, which is a key sentence, that the Web application will be a client-side impersonation for each request, is to use a specified account identity to access the Web application.

When you do not make client impersonation settings, the ASP. NET program calls the Excel component using the Network Service user (in XP and 2000, using the ASPNET user) setting <identity impersonate= "true" When/> Client impersonation, the default is to use the IUSR_machinename user, but the user does not have permission to invoke the Excel component. Setting up client impersonation can also use the specified user, which will access the Web app as this user, but be aware that the user's password cannot be empty due to the limit of ASP. As shown below:

<identity impersonate= "true" username= "Server System User name" password= "User password"/>

2 , authentication (authentication), you can configure the secure authentication mode that ASP. NET uses to identify incoming users through the <authentication> section. mode selects Windows, which represents the authentication mode using Windows integrated.

<authentication mode= "Windows"/>

In fact, the above two configurations correspond to the "directory Security" configuration of IIS, if configured in IIS, the Web. config can no longer be set up, usually when the IIS virtual directory is created, the default is to configure the use of client impersonation, impersonate the identity is "anonymous user" is IUSR_machinename (in XP and 2000, the ASPNET user is used). As shown in the following:

(ii) network Service system users

After installing IIS, there will be three users on the system that are worth our attention, namely, ASPNET,iusr_machinename,IWAM_machinename, as shown in:

In IIS 5, an ASP. NET application is accessed through the ASPNET user, and in IIS 6/7, the ASPNET account is replaced with a network service,asp.net application that needs to be accessed with the "network Service" process identity run. This process identifies the corresponding two accounts: IUSR_machinename and IWAM_machinename, which are seen in action. and the resources that the ASP. NET program can access are limited by Network service, which resources the account can access, ASP. NET program to access resources.

The Network Service account has only the native partial permissions, which can access the resources on the computer's behalf, as well as the resources that the authenticated user has access to.

In summary, we use the "anonymous user" in IIS to access the Web App with the "Network Service" process identity, and no need to configure the. config file. However, you cannot create an instance of Excel, stating that the network service process identity does not have enough permissions to authorize him to create an instance of Excel on the server.

(iii) DCOM Component Configuration

Excel is invoked on the server to invoke the COM component, so authorization to the Network service requires that the Excel application COM component be configured.

1. Open Excel Application COM Components

Method: In Start, run, enter Dcomcnfg.exe to start Component Services, double-click Component Services, computer, my Computer, and then click DCOM Configuration, and in DCOM configuration, locate the Microsoft Excel application, right-click on it, and then tap properties to bring up the Microsoft Excel Application Properties dialog box. As shown in the following:

2. Configuration EXCEL related COM Components

It is important to note that there are 2 Excel-related COM components on the author's server, namely: Microsoft Excel application and Microsoft Office Excel 2007 workbook, which must be configured identically for all two COM components. Otherwise, you will still be unable to create an instance of Excel.

Configuration method:

On the General tab, in Authentication level, select default;

On the Security tab, launch and activation, access permissions, and configure permissions all select Custom, add Network service users, and give maximum permissions.

Identity tab, select Start User, and then click Confirm.

As shown in the following:

After this configuration, the Web application can be successfully accessed, Excel instance can also be created,COM class factory error 80070005 successfully solved !

Here I did an experiment where "interactive user" is selected in identity and the Web app is able to access it successfully, but cannot create an instance of Excel, at which point the COM class factory reports another error 8000401a, as shown in:

It is necessary to say the difference between "Interactive user" and "Start user":

Interactive User (The Interactive user)	This is the recommended option to determine the identity of the object to which the user is currently logged on to the system (there must currently be a user logged on to the system and the object will be destroyed if the user logs off)
Start user (The launching User)	As the user of the calling client determines the identity of the object, one drawback is that the object can no longer be called remotely

Why do I choose "Interactive User" to have a 8000401a error? The reason is that the use of identity is not right, because I am using administrator logon server, so the interactive user is administrator, if you select "Start User", will be the user of the calling client to determine the object identity, the client is using "Anonymous account IUSR_ MachineName ", which is called the Network Service process identity. When we configured DCOM in front of the network service to have the appropriate permissions, but did not give administrator authorization, it is not authorized to Administrator after the selection of interactive users can create an Excel instance?

In this way, I have done five groups of experiments according to this idea:

"Test One"

After the DCOM setting uses "Interactive User", the authentication level selects "Default", the Security tab "Startup and Activation", "Access rights" and "Configure Permissions" are all selected for customization, And all join the administrator user (because the logged-on user is currently using administrator) and give maximum permissions, the IIS directory security is set by default

experimental results: normal access Web applied, but cannot be manipulated Excel , reported COM class factory error code 8000401a

"Experiment Two"

After the DCOM setting uses "Interactive User", the authentication level selects "Default", the Security tab "Startup and Activation", "Access rights" and "Configure Permissions" are all selected for customization, And both join the administrator user (because the logged-on user is currently using administrator) and give maximum permissions, IIS directory security is set by default, but the Web. config file settings use Administrator identity impersonation

experimental results: normal access Web applied, but cannot be manipulated Excel , reported COM class factory error code 8000401a

"Experiment Three"

After the DCOM setting uses "Start User", the authentication level selects "Default", the Security tab "Startup and Activation", "Access rights" and "Configure Permissions" are all selected for customization, And both join the administrator user (because the logged-on user is currently using administrator) and give maximum permissions, IIS directory security is set by default, but the Web. config file settings use Administrator identity impersonation

experimental results: normal access Web application, can be created normally Excel Example

"Experiment Four"

After the DCOM setting uses "Start User", the authentication level selects "Default", the Security tab "Startup and Activation", "Access rights" and "Configure Permissions" are all selected for customization, And both join the administrator user (because the logged-on user is currently using administrator) and give maximum permissions, IIS directory security is set by default, but the Web. config file settings use IUSR_machinename Identity impersonation

experimental results: normal access Web applied, but cannot be manipulated Excel , reported COM class factory error code 8000401a

"Experiment Five"

After the DCOM setting uses "Start User", the authentication level selects "Default", the Security tab "Startup and Activation", "Access rights" and "Configure Permissions" are all selected for customization, And both join the administrator user (because the logged-on user is currently using administrator) and give maximum permissions, IIS directory security is set by default, but no identity impersonation is used in the Web. config file

Experimental results: no normal access Web application, nor can it operate Excel

The above five experiments show that setting "Identity impersonation" in Web. config is only valid for "Start users" in DCOM, and to manipulate Excel must also give the user maximum permissions in DCOM for "identity impersonation".

To get a thorough understanding of the nature of the problem, I did several more experiments:

"Test One"

After the DCOM setting uses "Interactive User", the authentication level selects "Default", the Security tab "Startup and Activation", "Access rights" and "Configure Permissions" all Select "Default", in IIS Directory security by default, settings in the Web. config file use IUSR_ MachineName Identity Simulation

Experimental results: no normal access Web application, nor can it operate Excel

"Test Two"

After the DCOM setting uses "Interactive User", the authentication level selects "Default", the Security tab "Startup and Activation", "Access rights" and "Configure Permissions" are all selected for customization and are joined to the network Service user (at this time the administrator user has been removed) and given maximum permissions, IIS directory security is set by default in the Web. config file to impersonate using IUSR_machinename identity

Experimental results: no normal access Web application, nor can it operate Excel

"Test Three"

After the DCOM setting uses "Start User", the authentication level selects "Default", "Startup and Activation", "Access" and "Configure permissions" in the Security tab all select "Default", IIS Directory security is set by default, but the Web. config file is set using IUSR_ MachineName Identity Simulation

Experimental results: no normal access Web application, nor can it operate Excel

"Test Four"

After the DCOM setting uses "Start User", the authentication level selects "Default", the Security tab "Startup and Activation", "Access rights" and "Configure Permissions" are all selected for customization and are joined to the network Service user (at this time the administrator user has been removed) and given maximum permissions, the Web. config file does not use identity impersonation configuration by default in IIS directory security

experimental results: normal access Web application, can be created normally Excel Example

"Test Five"

After the DCOM setting uses "Start User", the authentication level selects "Default", the Security tab "Startup and Activation", "Access rights" and "Configure Permissions" are all selected for customization and are joined to the network The service user (at this time the administrator user has been removed) and given maximum permissions, the IIS directory security is set by default, but the Web. config file is set to use identity impersonation, form <identity impersonate= "true"/ > or <identityimpersonate= "true" Username= "iusr_zzudev01-vm2" password= "password"/>

experimental results: normal access Web app, but access Excel file is rejected

"Test Six"

After the DCOM setting uses "Start User", the authentication level selects "Default", the Security tab in "Startup and Activation" is selected for customization and joins the Administrator user and Network Service user and gives maximum permissions, "Access rights" Select Customize and join Network service users and give maximum permissions, select Customize and join Administrator and Network Service users in configure permissions, and give maximum permissions, by default in directory security for IIS But the Web. config file is set to use identity impersonation, form <identity impersonate= "true"/> or <identity impersonate= "true" username= "IUSR_ZZUDEV01-VM2" password= "password"/>

experimental results: normal access Web app, but access Excel file is rejected

"Test Seven"

After the DCOM setting uses "Start User", the authentication level selects "Default", the Security tab in "Startup and Activation" is selected for customization and joins the Administrator user and Network Service user and gives maximum permissions, "Access rights" SELECT "Use Default value", That is, two users do not add, "Configure Permissions" in the Select Custom and join administrator users and Network service users and give maximum permissions, IIS "Directory Security" in the default settings, but the Web. config file is set up using identity impersonation, form <identity impersonate= "true"/> or <identityimpersonate= "true" Username= "iusr_zzudev01-vm2" password= "Password"/>

experimental results: normal access Web applications, you can also access Excel file, but cannot create Excel example, reported com class factory Error 80070005

"Test Eight"

After the DCOM setting uses "Start User", the authentication level selects "Default", the Security tab in "Startup and Activation" is selected for customization and joins the Administrator user and Network Service user and gives maximum permissions, "Access rights" SELECT "Use Default value", That is, two users do not add, "Configure Permissions" Select Custom and join administrator users and Network service users and give maximum permissions, IIS in the directory security by default settings, However, settings in the Web. config file use Administrator identity impersonation, which is <identity impersonate= "true" username= "Administrator" password= "password"/>

experimental results: normal access Web applications that can access Excel files that can be created normally Excel Example

After eight sets of experiments described above, deploying Excel Web Apps on IIS requires 3 permissions: The first is access to the Web app, the second is access to Excel, and the third is the right to manipulate Excel.

Using identity impersonation only achieves the effect of accessing the Web app, you cannot have second or third permissions, you must configure the DCOM component to access, manipulate Excel, and choose to use Start user. IIS 6 uses the network service process identity by default to invoke the default "anonymous account IUSR_machinename" to access the Web app, where the "Start user" of Excel should be the network service process identity. But note that it cannot be specific to IUSR_machinename and IWAM_machinename users, through the experiment six can also be seen in DCOM, "Launch and Activation" and "access rights" are configured to add Network service users, The Web. config file uses specific IUSR_machinename identity impersonation to access Excel files that are denied, stating that the default anonymous account only has access to the Web app and does not have access to Excel and Excel.

To access the Web app, you can use any identity, IIS 6 uses the IUSR_machinename user by default, or you can set other identity impersonation in the Web. config file or in directory security in IIS 6. IUSR_machinename users do not have access to Excel and Excel, and only the network service has permission to access and manipulate Excel. When "Access" is not configured in DCOM, the "Identity impersonation" configured in Web. config acts as two roles, one for accessing the Web app and the other for accessing Excel, and if you grant "Start and activate" permissions to users in DCOM for "identity impersonation". Then the user has a third role, manipulating Excel.

Finally, add one point: the " Directory Security" ofIIS and the "identity impersonate" of the Web. config file Issues with priority for "identity impersonation"

According to the experimental personal judgment, the "identity impersonation" priority of Web. config is higher, but the identity impersonation in IIS directory security is mandatory (depending on the situation, you can choose to use Anonymous user access or authenticated user access). When both sets a different "identity impersonation", the Web app is accessed as "Identity impersonation" in Web. config.

C # calls Excel to function correctly on VS, deployment is not implemented on IIS, the difference between running pages in VS and running in IIS after publishing