Steema Central

Hi,

I've recently installed an asp.net app that uses TeeChart V3 on a Windows 2008 server. The app requires users to login to access certain resources which is achieved using standard forms authentication. Otherwise users are free to navigate the site anonymously. The app works fine except that when I navigate to the page with the chart on it I get prompted for Windows login credentials. If I supply them then then the page loads normally and the the chart is visible, otherwise a red x is visible where the chart should be. How do I get rid of the login prompt? I'm sure it a permissions thing but I cant figure it out. My app is configured as follows:

Application Pool Settings
.Net Framework: V2.0
Managed Pipeline: Classic
Identity: NetworkService

IIS Authentication Settings
Anonymous Authentication: Enabled (User Identity - IUSR [default])
ASP.NET Impersonation: Disabled
Forms Authentication: Enabled
Windows Authentication: Disabled

Application Directory (e.g. C:\Data\MyApp) Permissions
NETWORK_SERVICE: Full Control
IUSR: Read & Execute, List folder Contents and Read
IIS_IUSRS: Read & Execute, List folder Contents and Read

TeeChart Share Folder (i.e. C:\Program Files (x86)\Steema Software\TeeChart for .NET v3) Permissions
NETWORK_SERVICE: Full Control
IUSR: Full Control
IIS_IUSRS: Full Control

Thanks

Hi,

I was wondering if anybody has an update on this issue?

I'm using the temporary file method. Are there any other locations that I need to assign permissions to?

Thanks

Hello norman,

We haven't forgotten it but we try to find a good solution for you and try to answer you asap.

Thanks,

Thanks Sandra (I didn't mean to put you guys under pressure) - I look forward to hearing from you.

Hi Sandra,

I'm not sure if the following might help but I tried changing the application pool that my app was running under to 'Classic .NET AppPool' which was created by default in IIS(?). Then I gave the app pool Full Control permissions on the C:\Program Files (x86)\Steema Software\TeeChart for .NET v3\TeeChartForNET\_chart_temp folder. When I ran my app I didn't get prompted for a Windows login and a red x was still displayed where the chart should be, but I noted that a folder was created at C:\_chart_temp which contained images of the chart. I tried changing the ShareFolder key at HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Steema Software\TeeChart.NET to point to this location instead (i.e. C:\) but it didn't make a difference.

Also prior to making the above changes (i.e. when I had to enter Windows login) I noted by using Procmon.exe (Process Monitor) that files where getting written to a location under C:\Users\Administrator\AppData. I see that there is also a corresponding folder called C:\Users\Classic .NET AppPool\AppData but no similar folder exists for the app pool I was trying to use originally (which was essentially a copy of 'Classic .NET AppPool' except it was called MyApp).

Not sure if any of the above helps.

Hello Norman,

Thanks there were some useful clues in your last post. We had bypassed the login issue by assigning a username to the virtual share itself, but didn't encounter the problem of the missing chart as we were using the httphandler temporary chart. We've been through the steps with a file based temporary chart and can suggest a couple of causes for what you're seeing:

TeeChart uses two keys to save/retrieve the temporary chart, one of which you have already mentioned 'ShareFolder' and the other called 'VirtualShare'. In our tests, when initially changing to tempChart temporary files the chart wouldn't appear in the browser. The file was being saved to the same location as you observed, "c:\_chart_temp". Coincidentally we ran this test on an x64 machine. The cause of the problem is related to a registry location of the key. TeeChart is looking here: [HKEY_LOCAL_MACHINE\SOFTWARE\Steema Software\TeeChart.NET] but in the x64 machine the keys are being generated here at install time as you described: [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Steema Software\TeeChart.NET].

If you export the key on your machine and edit the resulting .reg file removing "Wow6432Node\" from the registry string you can then double-click to re-add the new values to the registry at the correct location. Before you do so, confirm the folder locations are what you require; check that the "ShareFolder" key points to the parent folder where you wish the _chart_temp folder to locate and check that the "VirtualShare" key points to the virtual share root where the _chart_temp folder will be visible. The _chart_temp folder should have access rights for 'Network Service'.

I hope there is enough information here to resolve the issue. Let us know if you come across any unclear point. I believe that the TeeReg utility on the customer download page corrects x64 registry entries for TeeChart for .NET v3 if you should wish to do so automatically in the future.

Regards,
Marc

Hi Marc,

I tried what you suggested but I still have the same issue.

To be clear I now have two registry keys with the follows details:

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Steema Software\TeeChart.NET]
"DesignKeyV3"="Steema.TeeChart.TChart is a licensed component."
"VirtualShare"="/TeeChartForNET"
"ShareFolder"="C:\\Program Files (x86)\\Steema Software\\TeeChart for .NET v3\\TeeChartForNET"
"AutoLanguage"="True"
"DemoPath"="..\\..\\"
"GalleryStyle"=dword:00000000
"Language"=dword:00000000
"RememberEditor"="True"
"ThemeFolder"="C:\\Program Files (x86)\\Steema Software\\TeeChart for .NET v3\\Themes"

and

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Steema Software\TeeChart.NET]
"VirtualShare"="/TeeChartForNET"
"ShareFolder"="C:\\Program Files (x86)\\Steema Software\\TeeChart for .NET v3\\TeeChartForNET"
"DesignKeyV3"="Steema.TeeChart.TChart is a licensed component."
"AutoLanguage"="True"
"DemoPath"="..\\..\\"
"GalleryStyle"=dword:00000000
"Language"=dword:00000000
"RememberEditor"="True"
"ThemeFolder"="C:\\Program Files (x86)\\Steema Software\\TeeChart for .NET v3\\Themes"

C:\Program Files (x86)\Steema Software\TeeChart for .NET v3\TeeChartForNET and C:\Program Files (x86)\Steema Software\TeeChart for .NET v3\TeeChartForNET\_chart_temp has (full) access rights for 'Network Service', 'IUSR' and 'IIS_IUSRS'.

Am I missing something?

I tried renaming the x64 key (i.e. the one at HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Steema Software\TeeChart.NET) to see if that made a difference but I got an error "An instance of type 'Steema.TeeChart.Chart' was being created, and a valid license could not be granted for the type 'Steema.TeeChart.Chart'.". It looks like its still looking at that location?

If I login when prompted .png files are being created at C:\Program Files (x86)\Steema Software\TeeChart for .NET v3\TeeChartForNET\_chart_temp. This location is fine for me but do I need to change it - i.e. does Windows 'like' you writing to locations in Program Files?

Thanks

Hello Norman,

We're not experts on IIS security; there's a lot of complexity and information out there to help on that but I'll recount the steps we took here that will perhaps help a little with a solution for your application.

It's a good sign/start I would say that your application is writing to the _chart_temp folder you have elected to use. You should be able to change it as you require by using the ShareFolder and VirtualShare registry keys you have added (assuming the VirtualShare is valid). I'm not aware of any special restrictions on the 'program files' location - but don't rule it out. I suggest that you leave both key locations in place as the license appears to be being consulted on Wow6432Node.

I assume that the chart is appearing correctly after you have gone through the login screen, leaving that as the point to resolve. In your penultimate post you stated that you had managed to remove the need for the login by adding rights to the locations to the AppPool. It may be worth checking that the new _chart_temp and virtual share locations have those rights. In the case of our application we didn't do that, we added a new user to windows ('our_test_iis_user' below) and gave it rights to the virtual share location of our application and the _chart_temp location (and the VirtualShare of _chart_temp if that is different to the VirtualShare of your application). We the assigned that username via the Basic Settings 'Connect as... : Specific User" to the application's virtual share.

That ran and provoked one more error:

HttpException (0x80004005): The current identity (OURSERVERNAME\our_test_iis_user) does not have write access to 'C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files'.

We added rights for the user to that folder ('C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files') and the application ran successfully without asking for login.

That may not be the best approach in your case, you may find that you can set the default anonymous user to have the correct rights for all of the locations but our experience may help when deciding where to check.

Regards,
Marc