(Published in NetEase virtual community Beijing Station. Net version, http://uh1.bj.163.com/cgi/readelite? I = 2292285 & guest = 1)
We already know that ASP. NET uses ADO. Net to access the database and can access the ACCESS database through the oledb connection-one of our very common low-end databases. This article discusses several error prompts that may be seen in ASP. NET, from which you can see database files created by Access 2000 and Access XP. Different error prompts will appear when access errors occur. Hope to help you. Another key point is to use this article to give you a new understanding of the NTFS permission settings for Access database files in ASP. NET.
(1) experiment process
For the sake of convenience, let's take an experiment: The application is/test, and the data inventory is stored in D: \ wwwroot \ test \ data \ db1.mdb. We already know that in ASP. net accesses the database as an ASP net virtual user. We need to grant this account specific NTFS permissions to Make ASP.. Net program runs normally.
To get the strictest NTFS permission settings, we will give the program the lowest NTFS permission at the beginning of the experiment:
A) grant the following permissions to ASPnet in the d: \ wwwroot \ test \ data \ Folder:
|
Allow |
Reject |
Full Control |
□ |
□ |
Modify |
□ |
□ |
Read and run |
√ |
□ |
List folder Directories |
√ |
□ |
Read |
√ |
□ |
Write |
□ |
□ |
B) The D: \ wwwroot \ test \ data \ db1.mdb file itself grants the user ASPnet the following permissions:
√ Allow propagation of inherited permissions from parent to this object
1.1ForOnlyThe aspx program that contains the "SELECT" command has the following permissions: these permissions are not available during running: these permissions are sufficient for running such programs.
1.2For aspx programs that contain commands such as "UPDATE", "INSERT", and "UPDATE,
(A) If db1.mdb is a database created by Access 2000,The following error occurs:
A server error occurs in the "/test" application.
---------------------------------------
The Microsoft Jet Database Engine cannot open the file 'd: \ wwwroot \ test \ data \'. It has been opened exclusively by another user or has no permission to view data.
Note:An error occurred while executing the current Web request. Check the stack trace information for details about the error and the source of the error in the code.
Exception details:System. Data. OleDb. OleDbException: the Microsoft Jet Database Engine cannot open the file 'd: \ wwwroot \ test \ data \'. It has been opened exclusively by another user or has no permission to view data.
(B) If db1.mdb is a database created by Access XP,The following error occurs:
A server error occurs in the "/test" application.
----------------------------------------------
The operation must use an updatable query.
Note:An error occurred while executing the current Web request. Check the stack trace information for details about the error and the source of the error in the code.
Exception details:System. Data. OleDb. OleDbException: The operation must use an updatable query.
(C) Initial Cause Analysis:Because there are commands such as "UPDATE", "INSERT", and "UPDATE", You need to perform write operations on the database file itself. Therefore, the preceding permissions cannot meet this requirement. We need to further open the permissions.
We release some permissions,
A) D: \ wwwroot \ test \ data \ Folder unchanged:
B) The D: \ wwwroot \ test \ data \ db1.mdb file itself grants the user ASPNET the following permissions:
|
Allow |
Reject |
Full Control |
□ |
□ |
Modify |
□ |
□ |
Read and run |
√ |
□ |
List folder Directories |
√ |
□ |
Read |
√ |
□ |
Write |
√ |
□ |
1.3Open the permission and continue the experiment,
(A) If db1.mdb is a database created by Access 2000,The following error occurs:
A server error occurs in the "/test" application.
------------------------------------------
Files cannot be locked.
Note:An error occurred while executing the current Web request. Check the stack trace information for details about the error and the source of the error in the code.
Exception details:System. Data. OleDb. OleDbException: the file cannot be locked.
(B) If db1.mdb is a database created by Access XP,No error occurs.
(C) Initial Cause Analysis:We found that when the Access database is opened, A *. ldb file with the same name will be generated in the directory where it is located. This is an Access lock mark. In view of this, we guess that when the user ASPNET accesses the Access database, it also needs to generate a lock mark, and this directory does not allow it to write, so an error occurs. The reason why the database created by Access XP does not have this error is unknown.
We further open the permissions,
A) D: \ wwwroot \ test \ data \ folder to give the user ASPNET the following permissions:
|
Allow |
Reject |
Full Control |
□ |
□ |
Modify |
□ |
□ |
Read and run |
√ |
□ |
List folder Directories |
√ |
□ |
Read |
√ |
□ |
Write |
√ |
□ |
B) The D: \ wwwroot \ test \ data \ db1.mdb file itself grants the user ASPnet the following permissions:
√ Allow propagation of inherited permissions from parent to this object
1.4Continue the experiment and find that the error has been resolved. The above permission is the "minimum permission" that we need to release ".
(A) If db1.mdb is a database created by Access 2000,We will find a small problem: the generated *. LDB file will not be deleted by itself, and the file still exists after access, but this problem will not affect the normal operation of ASP. NET.
(B) If db1.mdb is a database created by Access XP,No similar issues have been found.
(C) Initial Cause Analysis:We only gave ASPnet the permission to write folders without the permission to modify them. Therefore, once a file is written, its content cannot be modified, and *. LDB cannot be deleted.
If you have to solve this problem, you can further release the permission:
A) D: \ wwwroot \ test \ data \ folder to give the user ASPnet the following permissions:
|
Allow |
Reject |
Full Control |
□ |
□ |
Modify |
√ |
□ |
Read and run |
√ |
□ |
List folder Directories |
√ |
□ |
Read |
√ |
□ |
Write |
√ |
□ |
B) The D: \ wwwroot \ test \ data \ db1.mdb file itself grants the user ASPnet the following permissions:
√ Allow propagation of inherited permissions from parent to this object
1.5Additionally, the experiment has another situation: we open and edit db1.mdb in access and access ASP. NET at the same time.
(A) If db1.mdb is a database created by Access 2000,We found that there was no problem.
(B) If db1.mdb is a database created by Access XP,The following error occurs:
The server error in the "/Zhao" application.
------------------------------------------------
You cannot use ''; the file is already in use.
Note:An error occurred while executing the current Web request. Check the stack trace information for details about the error and the source of the error in the code.
Exception details:System. Data. OleDb. OleDbException: you cannot use ''. The file is in use.
(C) Initial Cause Analysis:The Access database is a single-user, single-threaded database. When we open and edit database files in Access, the database is actually opened as the current Windows user (such as Administrator), while ASP. by default, asp net virtual Users (affiliated to the Users group) are used. They are lower than the Administrator level and cannot "snatch" permissions with the Administrator. Therefore, a conflict error occurs. We do not need to discuss the situation where Access 2000 ignores this issue. It may be that Access 2000 does not consider so many factors.
1.6Next, change the db1.mdb attribute to "read-only". Both Access 2000 and Access XPRespectivelyAppear in and 1.2Respective.
(2) experiment conclusion
1. First, let's repeat the origin of the NTFS permission settings for Access database files:
In ASP. by default, NET accesses and operates databases as a virtual user called ASPNET, you can see this user in "Control Panel"-"Administrative Tools"-"Computer Management"-"local users and groups"-"users". The default value is:
Full name: ASP. NET computer account
The account used to run the ASP. NET auxiliary route (aspnet_wp.exe.
Affiliated to: Users Group.
Using a user in the Users group to perform file operations and database operations is much less risky than using an Administrators Group. This is also ASP. NET in terms of security.
Since such a user needs to access and operate the database file itself, we need to grant it certain NTFS permissions to allow its access. Obviously, if you do not have the NTFS permission, ASPNET will be unable to access and operate the database, and the errors shown in the above experiment will appear.
2. After the above experiment, we already know that the following NTFS permission settings can meet general requirements:
A) D: \ wwwroot \ test \ data \ folder to give the user ASPNET the following permissions:
|
Allow |
Reject |
Full Control |
□ |
□ |
Modify |
□ |
□ |
Read and run |
√ |
□ |
List folder Directories |
√ |
□ |
Read |
√ |
□ |
Write |
√ |
□ |
B) The D: \ wwwroot \ test \ data \ db1.mdb file itself grants the user ASPNET the following permissions:
√ Allow propagation of inherited permissions from parent to this object
At the same time, we also noticed that whether db1.mdb is a "read-only" file also affects asp net access.
3. The preceding permission settings can be set directly to the ASPNET user, the Users Group, or the Everyone group. Because ASPNET is affiliated to the Users group, you can set permissions for ASPNET through the user group.
4. set the NTFS permission in the "properties" dialog box-"security" tab after right-clicking a file or folder. Generally, you can give the Adminitrators group the "full control" permission, at the same time, do not easily tick in "deny". For the NTFS permission setting skills, consult the network administrator and network security experts for advice.
Note: Partition in FAT and FAT32 format does not support NTFS permission.
5. the "security" tab of Windows 2000 series and Windows Server 2003 series is easily located by default, but the "Security" tab in Windows XP Professional is disabled by default, you can remove "√" from "use simple sharing (recommended)" in "Advanced Settings" on the "control panel"-"Folder Options"-"View" tab, after "OK", follow the above method again to see the "Security" tab.