Instantiating Remote Components in MTS and IIS

Last reviewed: November 7, 1997
Article ID: Q159311
The information in this article applies to:
  • Microsoft Transaction Server version 2.0
  • Microsoft Internet Information Server version 4.0

SUMMARY

This article contains information on how to use Active Server Pages (ASP) to instantiate a remote Microsoft Transaction Server (MTS) component that resides on a separate computer from the Microsoft Internet Information Server (IIS) computer. This article also addresses the issues that may arise from developing remote components for MTS 2.0 and IIS 4.0.

MORE INFORMATION

If you are using NTLM security, it is not possible to directly call remote components, regardless of the IIS application's activation setting (in- process or out-of-process) or identity (local or domain user). To call remote components when using NTLM security, you need to do the following:

  1. Create an intermediate MTS package with a domain identity.

  2. Set the package activation to run in a dedicated server process.

  3. Install an intermediate component that calls the remote component into the package. This intermediate component is then called from the ASP script and in turn, calls the remote component.

NOTE: When you use this technique, the direct caller, as seen by the remote component, will not be the original IIS caller, but the identity of the intermediate package.

If you are using Basic security, it is possible to call remote components directly. However, this requires that you set the Basic Authentication Domain to the domain and not the local machine. Although this setting allows the remote components to see the direct caller as the original IIS caller and not the intermediate package identity, it is not recommended. For more information on Basic security, please see the IIS 4.0 online documentation.

If you are using Anonymous security, it is possible to call remote components directly. However, this requires that you set the Anonymous User to a domain account. Although this setting allows the remote components to see the direct caller as the original IIS caller and not the intermediate package identity, it is not recommended. Anonymous security allows access to everyone. Allowing everyone access to your domain, even through a restricted account, can be a serious security risk. Therefore, it is recommended that you do not set the Anonymous account to a domain account. Instead, you should set the Anonymous User to the default (or some other local account) and use the intermediate MTS package technique, following the steps described above, to instantiate remote MTS components (without having to use NTLM).

Keywords          : iisapi iishowto iissecurity kbtool
Version           : WinNT:2.0,4.0
Platform          : winnt
Issue type        : kbhowto


================================================================================


THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.

Last reviewed: November 7, 1997
© 1998 Microsoft Corporation. All rights reserved. Terms of Use.