Every once in a while, I see users asking about how to automate Office applications on the server, either to create a Word document, an Excel spreadsheet, or Powerpoint slidedeck. I understand the noble intentions to re-leverage the functionality of Office and make it web accessible to many simultaneous clients/co-workers. However, there are many caveats to this approach, including the fact that Office is meant to run Interactively and not meant to be simultaneously used...
I have a ASP.NET 2.0 application that is creating powerpoint documents on the fly using powerpoint com objects that are installed on the server. I am having some issues with security
It is currently working, but the website is running as administrator and I would like to tighten up those permissions.
The website is a stand alone site. I created its own AppPool called PowerpointAppPool
The website is loaded into that pool. If I set the identity to my own personal Administrator Account everything works fine.
What I tried to do:
1. I created a Domain User account called PPT ACCESS2. I set the Identity on the PowerpointAppPool to PPT ACCESS with the password i set3. then I went to AdminTools->Component Services->DCOM Config and set the PPT ACCESS user to full launch/access/config privilidges on Microsoft Powerpoint Presentation
I thought that would do it, but no good.
1. Is this what I should be doing?2. Is there another service in DCOM that needs to be enabled (eg. a global MS Office App)?3. Is there a way to debug where the access failure is coming from?
Unfortunately, your questions actually have little to do with IIS/ASP.Net and everything to do with Office Automation. Specifically, you are asking about using Office Automation interface as an automated server-side application instead of end-user client-side automation.
I suggest first researching the permissions (DCOMCNFG) and privileges (secpol.msc) needed by the Office Automation COM objects, and then make sure that the user account executing code on your behalf on IIS has those permissions.
Now, before you naysayers snicker about how Microsoft is "not making its software work better together", I suggest you take a reality pill. Office is a UI application designed for single end-user Interactive use. Meanwhile, IIS and ASP.Net are server-side platforms designed for multi-user remote access. The two environments are about as polar as it gets. One should be amazed that the two cooperate to automate at all.
At this point, I can only wish you good luck on this endeavor to reduce the necessary privileges to execute Office Automation Objects.