Accessing a Remote
Database From a dBASE Web Application
In many cases, dBASE web
applications are deployed to web servers where the tables reside on the same
physical machine. Let's look at a specific example where a dBASE application
has been deployed to a Windows 2000 Server running IIS5, called AppServer.
If the tables being accessed by this application were on AppServer,
the BDE Alias would point to a local path, such as:
However, the tables are
actually located on a Windows XP Workstation called RemotePC. They
have been placed in the same path, C:\dBASE\Samples and this Samples
folder has been shared over the network under the name SampleData.
The Universal Naming Convention (UNC) must be used to specify the location of
these tables. The UNC format for a network resource is \\ServerName\filesharename\directoryname\filename,
so for our example above, the BDE Alias Path would need to be changed to:
Please note that you cannot use a Mapped Drive when specifying this
location in the BDE Alias. The web application that will be using these
tables is running under the security context of the IIS service, which does
not have access to the user-level drive mappings. For more information on this
restriction, please see the Microsoft
Knowledgebase Article 207671.
Security issues crop up
once again when the web application is accessed through a client browser. The
session is created with the security credentials of the Guest Internet User
account on the web server RemotePC. This account does not have
the proper credentials to access the tables across the internal network domain,
so any database requests from the web application results in a Access Denied
message in the client's browser.
Here is a workaround for
Sample Web Application
A sample web application
called dbtest has been created for the purpose of this tutorial. This
was generated using the dQuery One Click Web Application Wizard. For
the sake of simplicity, a three column table called test1 was generated
with the following fields:
The web application wizard
creates a series of web pages needed to add rows of data to this table. The
pages and their associated screenshots are as follows:
Page 1: dbtest.htm
- The first
page that displays a link to the data entry page
Page 2: dbtest_TEST11.htm
- The data
entry form. The form tag of this HTML page reads:
Page 3: dbtest.dbw
- The target script of the data entry form.
The dQuery Web Application Wizard defaults to an .exe extension
rather than .dbw. It was renamed for the sake of this exercise,
and to avoid any IIS configuration conflicts with other application extensions.
The HTTP Error
404 at the bottom of this page is to be expected. This is what the
default IIS6 settings will always generate with any unknown web applications.
The configuration steps to follow will create the necessary mappings to allow
this and other dBASE scripts to execute properly.
- The first step is to
configure the Application Mapping within the web site properties. Open Internet
Services Manager and navigate to the web site hosting your dBASE web application.
In the example below, this is the Default Web Site:
- Right click on the Default Web Site and select Properties. In
the Web Site Properties dialog box, click on the Home Directory tab.
Make sure that both the Read and Write checkboxes
are checked. Under Application Settings, click on the Configuration
- In the Application Configuration dialog box, click on the
Add button to open the Add/Edit Application Extension Mapping
dialog box. Click on the Browse button to navigate to the
PLUSrun.exe file. In this example, the executable is located in the following
path: C:\Program Files\dBASE\PLUS\Runtime\PLUSrun.exe.
After navigating to the executable and selecting it, click OK to return to
Application Mapping box. The path will now be displayed in the Executable
field as follows:
Note: You must modify this text path with quotes,a
space and the %s switch as follows:
"C:\Program Files\dBASE\PLUS\Runtime\PLUSrun.exe" "%s"
Be sure to type it exactly as it appears above, or it will not execute properly.
Subsitute your path to the PLUSrun.exe if necessary.
Finish off this dialog box with the following settings:
All Verbs: selected
Script Engine: checked
Verify that file exists: checked
Click OK to return to the Application Configuration
dialog box. It should now look like this:
- Click OK twice to return to the main IIS Manager window.
Click on the Web Service Extensions folder in the left panel
to display the list of Web Service Extensions, as show below:
Notice that all of the Web Service Extensions are prohibited by default. To
test the Application Mapping updates completed in Steps 1-3, try executing
your script from a web browser with All Unknown CGI Extensions
enabled. To enable this extension, right click on it and select Allow.
Now we can try the same sample form that we did in the initial test
of the web application. On the data entry page:
We enter the values 123, Test1 and Test2 for the fields ID, First
and Last, respectively, and it should generate the
following result page:
- We now have a working web application. The only problem is - it's not very
secure. It would be much better to restore the default setting of Prohibit
for the All Unkown CGI Extensions, and allow only
the dBASE runtime module to execute. We will tackle this step next.
Note: The following steps will require you to
modify the IIS Metabase File. It is highly recommended that you backup this
file (and your server) before proceeding with any of these modifications.
Right click on the All Unkown
CGI Extensions and select Prohibit to restore this
- This is where things get interesting. Back in step 3, recall that
we had to add the path to the runtime module by clicking the browse button
in the Application Extension Mapping dialog box. After adding this file, we
were able to manually add the quotes and the %s by editing
this path directly in the Executable field of the properties
window. The WSE wizard does not allow this level of customization, so we must
add it using the command line tool IISExt.
First, we need to open a command window. Click the Start button and choose
Run. Type CMD and click OK
to bring up the DOS style command window. Navigate to the location of the
system files, which by default should be stored in the following location:
At this prompt, please type the following command:
iisext /AddFile "C:\Program Files\dBASE\PLUS\Runtime\PLUSrun.exe
%s" 1 PlusRun 1 PlusRun
Now return to the IIS Manager and refresh
the contents of the Web Service Extensions folder. You should now see PlusRun
listed as one of the Web Service Extensions:
Now try right clicking on PlusRun and select Properties.
Take a look at the Required Files tab and run the mouse pointer
over the File Name entry to see the full path to the runtime module. Notice
that it contains the trailing %s switch, but there are no
quotes around it:
We cannot edit this entry in IIS Manager, so we will have to edit the Metabase
- In order to be able to edit the Metabase file, we
will have to shut down IIS temporarily. Open up a command window as you did
in Step 6, and enter the following:
NET STOP /y IISADMIN
You should see a series of messages indicating that the various Internet
Information Services are shutting down. Once this is complete, use a text
editor like Notepad to open the following file:
Use the search command to locate the string PlusRun. This
should bring up a block entry like the following:
0,C:\WINDOWS\system32\inetsrv\ssinc.dll,0,SSINC,Server Side Includes
0,C:\WINDOWS\system32\inetsrv\asp.dll,0,ASP,Active Server Pages
0,C:\WINDOWS\system32\inetsrv\httpodbc.dll,0,HTTPODBC,Internet Data Connector
Notice the last line (in red) is the one we added using
the IISext tool in step six. We need to edit this line to
read as follows:
1,C:\Program Files\dBASE\PLUS\Runtime\PLUSrun.exe "%s",1,PlusRun,PlusRun"
The two " entries
will add the quotes needed to allow this executable to run properly within
IIS. Now that the edit has been made, save the file and restart IIS by typing
the following back in the command window:
NET START W3SVC
Jump back into the IIS Manager window and refresh the contents of
the Web Service Extensions folder. Right click on PlusRun,
choose Properties and then the Required Files tab.
You should now see the quotes around the %s as shown below:
- That should do it! If we execute the same dbtest application
that we did earlier, it should generate the same success page as it did in
step four when All Unkown CGI Extensions were enabled. Now
it runs exactly the same, but in a much more secure web environment.