I am trying to get a secure web site up that requires
user authentication. It works fine on my development
system using XP run as an administrator. On the
production server only administrators can connect -
others get the HTTP 500 - Internal Server Error page.

The problem happens on asp pages with odbc data
connections on them. NTFS permissions don't seem to be
the problem unless there are some files outside of the
web root that require authorization for non
administrators in order for the user to be able to
execute the ODBC connection code. I have created a test
site that has one asp page on it and that page has one
data connection using an ODBC data source. If I remove
the connection from the page both administrators and non
administrators can run it. With the dataconnection on
the page only administrators can run the page.

The environment is Server 2003 running IIS 6.0. Any help
or suggestions will be appreciated. Log snippets showing
a successful connection by an administrator account and
then a failed connection by a non administrator follow.

Note the |30|80020009| in the failed attempt. What does
this mean?

#Software: Microsoft Internet Information Services 6.0
#Version: 1.0
#Date: 2004-03-18 19:37:41
#Fields: date time s-sitename s-computername s-ip cs-
method cs-uri-stem cs-uri-query s-port cs-username c-ip
cs-version cs(User-Agent) cs(Cookie) cs(Referer) cs-host
sc-status sc-substatus sc-win32-status sc-bytes cs-bytes
time-taken

-- Successful access for user adminname

2004-03-18 19:37:41 W3SVC1 WEB1 nnn.nnn.nnn.116
GET /securitytest/test.asp - 443 - nnn.nnn.nnn.39
HTTP/1.1 Mozilla/4.0+
(compatible;+MSIE+6.0;+Windows+NT+5.0;+T312461;+.NET+CLR+1
..1.4322) - - web1.mydomain.dom 401 2 2148074254 1903 377
2828
2004-03-18 19:37:48 W3SVC1 WEB1 nnn.nnn.nnn.116
GET /securitytest/test.asp - 443 adminname nnn.nnn.nnn.39
HTTP/1.1 Mozilla/4.0+
(compatible;+MSIE+6.0;+Windows+NT+5.0;+T312461;+.NET+CLR+1
..1.4322) - - web1.mydomain.dom 200 0 0 1975 420 2515
2004-03-18 19:37:48 W3SVC1 WEB1 nnn.nnn.nnn.116
GET /securitytest/_ScriptLibrary/pm.js - 443 adminname
nnn.nnn.nnn.39 HTTP/1.1 Mozilla/4.0+
(compatible;+MSIE+6.0;+Windows+NT+5.0;+T312461;+.NET+CLR+1
..1.4322) ASPSESSIONIDSSRQTSAA=KEFHENPAAFLIOEFOGIFLLBLO
https://web1.mydomain.dom/securitytest/test.asp
web1.mydomain.dom 200 0 0 6880 413 0

-- Failed access for user joeuser

2004-03-18 19:40:20 W3SVC1 WEB1 nnn.nnn.nnn.116
GET /securitytest/test.asp - 443 - nnn.nnn.nnn.39
HTTP/1.1 Mozilla/4.0+
(compatible;+MSIE+6.0;+Windows+NT+5.0;+T312461;+.NET+CLR+1
..1.4322) - - web1.mydomain.dom 401 2 2148074254 1903 377
15
2004-03-18 19:40:30 W3SVC1 WEB1 nnn.nnn.nnn.116
GET /securitytest/test.asp |30|80020009|- 443 joeuser
nnn.nnn.nnn.39 HTTP/1.1 Mozilla/4.0+
(compatible;+MSIE+6.0;+Windows+NT+5.0;+T312461;+.NET+CLR+1
..1.4322) - - web1.mydomain.dom 500 0 0 546 416 5281

Hi Tom,
Thanks for your suggestions but unfortunately none of
them seem to speak to the problem that I am having where
only an administrator can run the page. The code in
question is generated by MS Scripting Objects and I will
include the specific code snippet below. Right now I am
thinking that there is a problem with non administrators
being able to register the required class - possibly a
registry permission problem. As I say, running the site
under an anonymous user or an administrator works but a
plain old power user can't run it.

--Arthur
<snippet of failing code follows>

<!--METADATA TYPE="DesignerControl" startspan
<OBJECT id=Recordset1 style="LEFT: 0px; TOP: 0px"
classid="clsid:9CF5D7C2-EC10-11D0-9862-0000F8027CA0">
<PARAM NAME="ExtentX" VALUE="12086">
<PARAM NAME="ExtentY" VALUE="1799">
<PARAM NAME="State"
VALUE="(TCConn_Unmatched=\qConnection1
\q,TCDBObject_Unmatched=\qDE\sCommands\q,TCDBObjectName_Un
matched=\qCommand1\q,TCControlID_Unmatched=\qRecordset1
\q,TCPPConn_Unmatched=\qConnection1
\q,RCDBObject=\qRCDBObject\q,TCPPDBObject_Unmatched=\qDE\s
Commands\q,TCPPDBObjectName_Unmatched=\qCommand1
\q,TCCursorType=\q3\s-\sStatic\q,TCCursorLocation=\q3\s-
\sUse\sclient-side\scursors\q,TCLockType=\q3\s-
\sOptimistic\q,TCCacheSize_Unmatched=\q100
\q,TCCommTimeout_Unmatched=\q30
\q,CCPrepared=0,CCAllRecords=1,TCNRecords_Unmatched=\q10
\q,TCODBCSyntax_Unmatched=\q\q,TCHTargetPlatform=\q\q,TCHT
argetBrowser_Unmatched=\qServer\s(ASP)
\q,TCTargetPlatform=\qInherit\sfrom\spage\q,RCCache=\qRCBo
okPage\q,CCOpen=1,GCParameters=(Rows=0))"></OBJECT>
-->

[quoted text, click to view]