Instantiating Remote Components in Microsoft Transaction Server and Internet Information Server

ID: Q159311

The information in this article applies to:

Microsoft Transaction Server 2.0
Microsoft Internet Information Server version 4.0

SUMMARY

This article contains information on how to use Active Server Pages (ASP) to instantiate a remote Microsoft Transaction Server (MTS) component that resides on a separate computer from the Microsoft Internet Information Server (IIS) computer. This article also addresses the issues that may arise from developing remote components for MTS 2.0 and IIS 4.0.

MORE INFORMATION

If you are using NTLM security, it is not possible to directly call remote components, regardless of the IIS application's activation setting (in- process or out-of-process) or identity (local or domain user). To call remote components when using NTLM security, you need to do the following:

Create an intermediate MTS package with a domain identity.

Set the package activation to run in a dedicated server process.

Install an intermediate component that calls the remote component into the package. This intermediate component is then called from the ASP script and in turn, calls the remote component.

NOTE: When you use this technique, the direct caller, as seen by the remote component, will not be the original IIS caller, but the identity of the intermediate package.

If you are using Basic security, it is possible to call remote components directly. However, this requires that you set the Basic Authentication Domain to the domain and not the local machine. Although this setting allows the remote components to see the direct caller as the original IIS caller and not the intermediate package identity, it is not recommended. For more information on Basic security, please see the IIS 4.0 online documentation.

If you are using Anonymous security, it is possible to call remote components directly. However, this requires that you set the Anonymous User to a domain account. Although this setting allows the remote components to see the direct caller as the original IIS caller and not the intermediate package identity, it is not recommended. Anonymous security allows access to everyone. Allowing everyone access to your domain, even through a restricted account, can be a serious security risk. Therefore, it is recommended that you do not set the Anonymous account to a domain account. Instead, you should set the Anonymous User to the default (or some other local account) and use the intermediate MTS package technique, following the steps described above, to instantiate remote MTS components (without having to use NTLM).


Keywords          : kbtool iissecurity iisapi iishowto 
Version           : WinNT:2.0,4.0
Platform          : winnt 
Issue type        : kbhowto

Last Reviewed: April 29, 1999