I have developed a server that provides custom network utilities that we've been using for some time and have become heavily dependent upon. It is written almost entirely in Object REXX including many of the web pages. The system includes a REXX COM object that can be invoked from ASP (VBscript) pages to interface with the server. The old version used TCP/IP to talk directly to the server, but the new version uses RXQUEUE and event semaphores to allow the COM object/web page to talk to a REXX service.
The IIS web pages run as the same Windows user that the REXX service uses, so the two are able to communicate with each other rather efficiently by opening appropriate semaphores and using specific named queues. Or so I thought... If you log into the web page using a system administrator type account, the web page can open the correct service semaphores and all is fine.
If, however, a student logs into the web page, the semaphores cannot be opened and the connection fails. While I could rewrite this part of the code to use TCP/IP again, I'd rather not spend the time and loose the efficiency I've obtained.
Does anyone even know where I could start looking to find out what permission we might have to grant to allow this REXX COM object to open a semaphore (and use named queues)? I'd really appreciate any and all leads!
well your answer is just a workaround.
in fact the problem is, the way, rexx uses semaphores. using object rexx the only way to create a semaphore is with the DACL of the logged on user (or service). the drawback is, that no other user can access this kind of semaphore, so it works well, as long, as your tasks all run using the same user context.
as i workaround i wrote a little dll, to create semaphores, which are accessable for everyone - if you are interested in my solution, feel free to contact me any time.
Well, let me answer my own question... as with most things, its really simple when you know the answer: On the web server, simply go into "Component Services", select "COM+ Applications", and create a new one application - under "Identity", put in the same user account and password that is used by the service. Then select "Components" under that new application and add your .tlb file for the COM object. Finally, select "Users" and add in all of the MS Active Directory domain accounts that you want to be able to run the COM object. That's it! It works instantly!