Most organizations prefer to deploy browser-based applications on their intranet rather than by opening shared .htm pages. Using conventional http://servername/virtualdirectory/pagename.htm URLs is more convenient for users, and connecting through IIS 5.0+ is more secure than opening .htm files from read-write shares that contain or allow access to the data .mdb file. Tip Add a Default.htm page to the folder with descriptive links to the pages. The Default.htm page also is a good location for instruction on using the pages or links to help pages. If you want to enable private or public Internet access to pages, you must consider the security ramifications of potentially exposing your databases to hackers. Internet security issues are beyond the scope of this book, but make sure that the databases to which you allow public access contain no confidential information. Enabling Intranet Access To enable intranet access to your pages with IIS 5.0, do the following: In the Internet Information Services snap-in, right-click the node for your intranet and choose New, Virtual Directory to start the Virtual Directory Wizard. This example uses OAKLEAF-MS7 running IIS 5.0 under Windows 2000 Server as the Web server. Click Next. In the Virtual Directory Alias dialog, type a name for the directory, such as DataPages. Click Next. In the Web Site Content Directory dialog, type the path to the shared folder for the pages that you created in the preceding section. If the page folder is shared from another server, type its UNC path \\OAKMONT-MS10\DataPages, for this example. Click Next. If you specified a share on another server, in the User Name and Password dialog, type your credentials to access the share with at least read-write permissions. Click Next. The Access Permissions dialog has Read and Run Scripts (such as ASP) user permissions enabled by default. If your pages allow data updates, mark the Write check box. Click Next and Finish to create the new DataPages virtual directory. Files in the directory appear in the Name pane of the snap-in (see Figure 24.66). Figure 24.66. When you create an IIS 5+ virtual directory that points to a server share, the files in the share appear in Internet Services Manager's snap-in. On a network client, type the URL for a page http://OAKLEAF-MS7/DataPages/1997OrdersByCountry.htm for this example to test the virtual directory. Tip If you want to distribute the OWC 11 runtime files from your intranet server, add a virtual directory that points to the Office 11 installation files folder. You must change the href= attribute value to the URL for the installation files, such as <A href='http://servername/virtualdirectoryname/files/owc/setup.exe'>. Enabling Private or Public Internet Access If you deploy pages on a Web server connected to the Internet, mobile users can access them from any location. By default, IIS 5+ enables integrated Windows security for Internet access. Users with Windows NT/2000+ accounts can open the page by providing their username, password, and domain in the Enter Network Password dialog. Almost all Web servers are protected by firewalls that restrict external connections to HTTP and HTTPS traffic. If your Web server is behind a firewall that doesn't support database connections with ADO, the procedures of this section won't work. Your best bet in this case is to set up a VPN for authenticated users to connect to shared .htm files. Note | Three-tier data access using Remote Data Services (RDS) in a three-tier configuration is required for Web servers protected by a firewall and to maintain database security, especially with SQL Server. Setting up RDS is beyond the scope of this book, but Microsoft provides detailed instructions in the white paper, "Deploying Data Access Pages on the Internet or Your Intranet." Knowledge Base article Q286327 has a link to the download location for the white paper. The white paper is based on Access 2002 and IIS, but the procedures described apply without change to Access 2003. |
When a remote user attempts to open a page without having changed the default IE 6+ security settings, the two messages shown in Figure 24.67 appear. Figure 24.67. IE 6.0 displays these two warning messages when you open DAP deployed to the Internet. You must change your IE 6.0 security settings to avoid them. To change IE 6.0 security settings to permit users to open a DAP on the Internet, do this: Open the Security page of IE's Internet Options dialog. Click the Trusted Sites icon, and click the Sites button to open the Trusted Sites dialog. Clear the Require Server Verification (https:) for All Sites in This Zone check box. Type the site address http://www.whatever.com/ and click Add (see Figure 24.68). This example uses the OakLeaf Web server. Figure 24.68. Clear the server verification check box and type the URL or IP address of the Web server. Click OK twice to close the dialogs, and click Refresh in the browser to test your changes. Caution Granting Internet access to DAP by anonymous users creates a serious security risk to your data. To grant public Internet access to your page on a Web server that's not behind a firewall, do this: Open the VirtualDirectory Properties dialog's Directory Security page. Click the Edit button in the Anonymous Access and Authentication Control frame. Mark the Anonymous Access check box, and click OK twice to save the changes. Internet clients must download and install the OWC 11 runtime to view your DAP. |