What security considerations exist when calling COM Components from Web Pages?


Error Type:

Server object, ASP 0178 (0x80070005)

The call to Server.CreateObject failed while checking permissions. Access is denied to this object.


When instantiating COM components from web pages, it is important that the COM component is able to be instantiated from Internet Information Server. As a general rule, when instantiating MailEnable objects from a web page, ensure that the IIS proxy account for the anonymous user (typically IUSR_[Machine]) has been granted access to specific libraries in the MailEnable Bin directory.


Ensure that the IIS proxy account has permissions to instantiate/access the appropriate COM libraries. This can be done using Windows Explorer by granting the IUSR_[Machine] account access to the file MEASP.dll in the C:\Program Files\Mail Enable\BIN directory. To do this from the Windows command prompt the following should work:

C:\>CACLS "C:\Program Files\Mail Enable\BIN\MEASP.DLL" /e /g IUSR_[Machine]:RE

Note: Substitute [Machine] with the name of the computer. Please check for the existence of this account under Administrative Tools|Computer Management.

If still experiencing problems, it is possible that an account different to the IUSR_[Machine] account is being used as the IIS proxy account. Please follow the instructions outlined below:

1. Open the Internet Service Manager and navigate to the asp file that contains the code.
2. Select the "File Security" tab
3. Under "Anonymous access and authentication control", select the Edit.. button
4. Take note of the username that is used for anonymous access to this account
5. Close all windows within the Internet Service Manager
6. From the Windows Start button, search for any files named MEASP.DLL on the system (there should only be one; and it should be in the Mail Enable BIN directory).
7. Right click on the file(s) and access its Properties.
8. Ensure that the Username (from step 4) has (Read) and (Read & Execute) permissions granted to access this file.
8. Re-test the application

Additional Considerations
As well as configuring access for the anonymous IIS Proxy account, there may be some additional steps required if there are non-standard security settings defined for web sites. These settings are sometimes put in place by third party control panels when they provision web sites. Details regarding this follow:

Internet Information Server 6 (IIS6) allows web sites to run under different application pools.
As such, when the server is making a request for COM components, the IIS Server application will need access to the DLL to load the component.

Instructions for ensuring this are below:

1. Open the Internet Information Services (IIS) Manager.
2. Under "Web Sites", open the properties of the web site to provide access to the ASP component.
3. Select the Home Directory tab
4. At the bottom of the Home Directory tab, determine what application pool this web site will run under.
5. Close the properties window
6. From within the IIS Manager expand application pools and open the properties of the application pool.
7. Select the Identity tab
8. Under this, determine the account that the IIS application will run under.
9. Ensure that this account has read and execute permissions to the MEASP.DLL file.

Note: Some third party applications can deny access to this file. If a group has been denied access to the file, this will take precedence over any granted access. Specifically, Ensim will deny access to the webppliance_siteadmins group. Ensure that this is not in effect by right clicking on the file and changing the permissions.


Error 'ASP 0177 : 800401f3' when accessing the MEMail COM component: Article ME020247

Using COM Components on Another Server.: Article ME020332

Error ASP 0178 using the MEMail.Message component from Web Pages: Article ME020163

How to send mail from an application or web page: Article ME020044

Product:MailEnable (Pro-Any Pro-1.X Ent-Any Ent-1.X)
Class:ERR: Product Error
Revised:Wednesday, May 4, 2016