When we use COM components in our ASP.NET application, some times an error occurs stating that the API failed, which is from the COM component. These types of problems
are raised by Code Access Security (CAS) due to insufficient privileges to IIS users.
This article is for solving this problem.
Using the code
When we use COM components in our application, some times an error occurs stating that the API failed, which is from COM component. E.g., when we use the Microsoft Word 11.0 Object Library
for opening Word files using Word APIs. In this case, we create an instance of Word, open a document, and count the number of words in it. Here some times
an error arises and the API fails.
The reason behind this problem is the error arising in the interaction between Internet Information Services and Component Services.
Whenever a request comes to IIS which invokes APIs from COM components, IIS with its IIS User refers to that component which is in Component Services.
But due to insufficient privileges of the IIS User on that Component, CAS (Code Access Security) which is part of the Common Language Runtime invokes an error.
CAS grants the rights to an application depending on the security configuration of the machine. But here if the IIS User doesn't have rights over the component, CAS raises
a runtime error showing that the API failed and returns a COM Exception.
The Solution over this problem is that we can give permissions to IIS User on the Component.
Following is the process to grant rights for an IIS User on a COM component:
- Go to Component Services in Administrative Tools in Control Panel.
- Right click on the component which we are going to use.
- Go to Security tab and click the Edit button in the "Launch & Activation Permissions" section.
- Go to "Group or User names" and click the Add button to add a User in IIS for the component.
- Enter a user name like MachineName\UserName of IIS in the given text box.
- Click the "Advanced" button if you want to find the IIS user.
- After adding that user, it will be displayed in the Security tab.
Give the following permissions from the "Permissions for IIS User" section:
- Local launch
- Remote launch
- Local activation
- Remote activation