Configuring a dBASE Web Application in IIS6


In earlier releases of Internet Information Services, web applications were enabled by creating a specific Application Mapping in the properties of the parent web site. Internet Information Services 6, which comes standard with Microsoft Windows Server 2003, has used some of the same configuration tools coupled with additional security features.

While previous versions of IIS allowed any applications to run just by creating the appropriate mappings, IIS6 has introduced the concept of Web Service Extensions (WSE) to define specific application permissions within the IIS environment. This has created additional configuration steps to allow dBASE web application to execute properly, as will be detailed in the instructions to follow.

Sample Web Application

A sample web application called dbtest has been created for the purpose of this tutorial. This was generated using the dQuery One Click Web Application Wizard. For the sake of simplicity, a three column table called test1 was generated with the following fields:

The web application wizard creates a series of web pages needed to add rows of data to this table. The pages and their associated screenshots are as follows:

Page 1: dbtest.htm - The first page that displays a link to the data entry page


Page 2: dbtest_TEST11.htm - The data entry form. The form tag of this HTML page reads:

<form method="post" action="dbtest.dbw" ENCTYPE="application/x-www-form-urlencoded">


Page 3: dbtest.dbw - The target script of the data entry form.

Note: The dQuery Web Application Wizard defaults to an .exe extension rather than .dbw. It was renamed for the sake of this exercise, and to avoid any IIS configuration conflicts with other application extensions. The HTTP Error 404 at the bottom of this page is to be expected. This is what the default IIS6 settings will always generate with any unknown web applications. The configuration steps to follow will create the necessary mappings to allow this and other dBASE scripts to execute properly.




Configuration Steps

  1. The first step is to configure the Application Mapping within the web site properties. Open Internet Services Manager and navigate to the web site hosting your dBASE web application. In the example below, this is the Default Web Site:

  2. Right click on the Default Web Site and select Properties. In the Web Site Properties dialog box, click on the Home Directory tab. Make sure that both the Read and Write checkboxes are checked. Under Application Settings, click on the Configuration button:

  3. In the Application Configuration dialog box, click on the Add button to open the Add/Edit Application Extension Mapping dialog box. Click on the Browse button to navigate to the PLUSrun.exe file. In this example, the executable is located in the following path: C:\Program Files\dBASE\PLUS\Runtime\PLUSrun.exe.

    After navigating to the executable and selecting it, click OK to return to Application Mapping box. The path will now be displayed in the Executable field as follows:

    Note: You must modify this text path with quotes,a space and the %s switch as follows:

    "C:\Program Files\dBASE\PLUS\Runtime\PLUSrun.exe" "%s"

    Be sure to type it exactly as it appears above, or it will not execute properly. Subsitute your path to the PLUSrun.exe if necessary.

    Finish off this dialog box with the following settings:
    Extension: .dbw
    All Verbs: selected
    Script Engine: checked
    Verify that file exists: checked

    Click OK to return to the Application Configuration dialog box. It should now look like this:

  4. Click OK twice to return to the main IIS Manager window. Click on the Web Service Extensions folder in the left panel to display the list of Web Service Extensions, as show below:

    Notice that all of the Web Service Extensions are prohibited by default. To test the Application Mapping updates completed in Steps 1-3, try executing your script from a web browser with All Unknown CGI Extensions enabled. To enable this extension, right click on it and select Allow.

    Now we can try the same sample form that we did in the initial test of the web application. On the data entry page:


    We enter the values 123, Test1 and Test2 for the fields ID, First and Last, respectively, and it should generate the following result page:

  5. We now have a working web application. The only problem is - it's not very secure. It would be much better to restore the default setting of Prohibit for the All Unkown CGI Extensions, and allow only the dBASE runtime module to execute. We will tackle this step next.

    Note: The following steps will require you to modify the IIS Metabase File. It is highly recommended that you backup this file (and your server) before proceeding with any of these modifications.

    Right click on the All Unkown CGI Extensions and select Prohibit to restore this setting.

  6. This is where things get interesting. Back in step 3, recall that we had to add the path to the runtime module by clicking the browse button in the Application Extension Mapping dialog box. After adding this file, we were able to manually add the quotes and the %s by editing this path directly in the Executable field of the properties window. The WSE wizard does not allow this level of customization, so we must add it using the command line tool IISExt.

    First, we need to open a command window. Click the Start button and choose Run. Type CMD and click OK to bring up the DOS style command window. Navigate to the location of the system files, which by default should be stored in the following location:


    At this prompt, please type the following command:

    iisext /AddFile "C:\Program Files\dBASE\PLUS\Runtime\PLUSrun.exe %s" 1 PlusRun 1 PlusRun

    Now return to the IIS Manager and refresh the contents of the Web Service Extensions folder. You should now see PlusRun listed as one of the Web Service Extensions:

    Now try right clicking on PlusRun and select Properties. Take a look at the Required Files tab and run the mouse pointer over the File Name entry to see the full path to the runtime module. Notice that it contains the trailing %s switch, but there are no quotes around it:

    We cannot edit this entry in IIS Manager, so we will have to edit the Metabase file directly.

  7. In order to be able to edit the Metabase file, we will have to shut down IIS temporarily. Open up a command window as you did in Step 6, and enter the following:


    You should see a series of messages indicating that the various Internet Information Services are shutting down. Once this is complete, use a text editor like Notepad to open the following file:


    Use the search command to locate the string PlusRun. This should bring up a block entry like the following:

    0,C:\WINDOWS\system32\inetsrv\ssinc.dll,0,SSINC,Server Side Includes
    0,C:\WINDOWS\system32\inetsrv\asp.dll,0,ASP,Active Server Pages
    0,C:\WINDOWS\system32\inetsrv\httpodbc.dll,0,HTTPODBC,Internet Data Connector
    1,C:\Program Files\dBASE\PLUS\Runtime\PLUSrun.exe %s,1,PlusRun,PlusRun"

    Notice the last line (in red) is the one we added using the IISext tool in step six. We need to edit this line to read as follows:

    1,C:\Program Files\dBASE\PLUS\Runtime\PLUSrun.exe &quot;%s&quot;,1,PlusRun,PlusRun"

    The two &quot;
    entries will add the quotes needed to allow this executable to run properly within IIS. Now that the edit has been made, save the file and restart IIS by typing the following back in the command window:


    Jump back into the IIS Manager window and refresh the contents of the Web Service Extensions folder. Right click on PlusRun, choose Properties and then the Required Files tab. You should now see the quotes around the %s as shown below:

  8. That should do it! If we execute the same dbtest application that we did earlier, it should generate the same success page as it did in step four when All Unkown CGI Extensions were enabled. Now it runs exactly the same, but in a much more secure web environment.