BUG: Global.asa Not Executed If Restricting Web Access

ID: Q173742

The information in this article applies to:

SYMPTOMS

Session variables initialized in Global.asa's Session_onStart are empty when access to the Web requires authentication, even though the user has sufficient permissions to access the Web site. There are many possible error messages associated with this behavior; however, here's the most common:

Microsoft OLE DB Provider for ODBC Drivers error '80004005'

[Microsoft][ODBC Driver Manager] Data source name not found and no
default driver specified

/<web name>/<asp filename>.asp, line xx

NOTE: This problem applies to Microsoft Internet Information Server on Windows NT with NTFS. This does not apply to virtual roots hosted on an FAT partition or Personal Web Server on Windows 95.


CAUSE

Active Server Pages (ASP) requires Anonymous access to Global.asa regardless of the authentication process.


RESOLUTION

To fix this behavior, change the NTFS permissions on the Global.asa file to give the Anonymous Logon account -- as defined in the "Internet Service Manager" -- Read (RX) permissions. For instructions on setting file permissions, see Windows NT Help.


STATUS

Microsoft has confirmed this to be a bug in the Microsoft products listed at the beginning of this article.


MORE INFORMATION

Steps to Reproduce Behavior

  1. Create a new project in Visual InterDev. If you are not using Visual InterDev, create a new virtual root in the "Internet Service Manager."


  2. Create a new .asp file and copy the following code into the file. Save the file. If you are not using Visual InterDev, copy the file to your virtual root folder.
    
   <%@ LANGUAGE="VBSCRIPT" %>

   <HTML>
   <HEAD>
   <META NAME="GENERATOR" Content="Microsoft Visual InterDev 1.0">
   <META HTTP-EQUIV="Content-Type" content="text/html;
    charset=iso-8859-1">
   <TITLE>Document Title</TITLE>
   </HEAD>
   <BODY>

   <%x=Session("session_var")
   if x <>"" then
      response.write "Global.asa was executed.<br> Session_var="&x
   else
      response.write "Global.asa was NOT executed.<br> Session_var="&x
   end if%>

   </BODY>
   </HTML>


  3. Copy the following code into your "Global.asa" file. Save the file. If you are not using Visual InterDev, create a new file named "Global.asa." Copy and paste the following code into the file, and copy the file to the virtual root folder. Save the file.
    
   <SCRIPT LANGUAGE="VBScript" RUNAT="Server">

   Sub Session_OnStart

      Session("session_var")="Hello"

   End Sub
   </SCRIPT>


  4. Restrict permissions on the Web. To do this, first explore out to your virtual root folder. Next, right-click the folder and click Properties from the Shortcut menu. Next, click the Security tab and click Permissions. From the Directory Permissions dialog box, remove Everyone (if present) and the Internet Guest Account from the Name list. Next, make sure the Replace Permissions on Existing Files check box is selected. Finally, click OK.


  5. Preview the file -- in a browser -- created in step 2.


Result: The Web page does not display the value of the session variable initialized in Global.asa.


REFERENCES

For the latest Knowledge Base articles and other support information on Visual InterDev and Active Server Pages, see the following page on the Microsoft Technical Support site:

http://support.microsoft.com/support/vinterdev/

Additional query words: 


Keywords          : kbcode kbASP kbASPObj kbVBScript kbVisID100 kbWebServer kbGrpASP 
Version           : winnt:
Platform          : winnt 
Issue type        : kbbug

Last Reviewed: May 27, 1999