Tuesday, March 06, 2012

SAS/IntrNet and IIS 7.5

First of all, I had to set up SAS/IntrNet recently. I do this at times and always struggle with security
issues in IIS. Hence, I document it below.

People may ask why use SAS/IntrNet anymore? Well, it is fast and is probably the fastest way to interact with SAS via the web. It has limitations but it implements a standard REST api that is used by loads of web companies (i.e. Twitter, Facebook, etc.). I absolutely love IntrNet due to its simplicity.

Let's make it happen:

I posted a short while back on how to get SAS/IntrNet operational on IIS 7. Well, I had to do everything again under IIS 7.5 and eiteher things have changed slightly or I didn't get it all captured last time. So here we go again, but this time with pictures:

1. Open up IIS in Windows Server 2008 R2 and right-click on sites, Add a new site:

2. Fill in the details:

3. Pay attention to the application pool and any host header information. Host headers are nice for handling lots of different sites under a single domain name.

4. You should now have a basic site. Add in a virtual directory for the scripts directory:

5. Point it to the SAS/IntrNet scripts location (normally c:\inetpub\scripts).

6. Make sure that CGI is enabled on your IIS installation. if not, go to the server roles and enable it. if it is enabled, you should see it in the site information:

7. Go to Windows Explorer, go to the scripts directory, right-click and select properties. Go to the security tab and add in the app pool identity. This is different than previous versions of IIS. If you used DefaultAppPool as shown above, use the following id:

IIS AppPool\DefaultAppPool

[Note: Even  a single space at the end of the above name will cause it to not work.]

8. Go back to IIS, click on the site, select Handler Mappings, Add Managed Handler:

 9. CRITICAL STEP. While inside of Handler Mappings, click on request restrictions, go to the Access tab, and select Execute:

 10. Finally, go to the Authentication tab for your site and open it. Under Anonymous Authentication, select edit and change it to the pool identity:

If all of the above does not work, call or email.


Alan Churchill said...

Here are 2 important notes from SAS:



Anonymous said...

Hi Alan,

We're using IIS 7.5 on W2008R2 to host the broker.exe.
We encounter verry strange behaviour.
90% of the queries pass without an issue and the results are sent correctly to the browser.
However, when we launch a query and the result is a lot of data, only part of the result is shown.
the following entry can be found in the SAS log: << Message: [SAS 7610760267] Error 'http 400 Bad request' with large query results >>
Is this due to the difference in time-out settings. (broker/IIS time-out)
Your help is appreciated


Alan Churchill said...

Check to see if the cutoff happens at the 32k barrier. If so, you are hitting a limitation inside of SAS IntrNet. there is a way around that using the new PROC STREAM. See Don Henderson's entry:


Anonymous said...

Hi Allan,
Thanks for this post.
I'm just wondering what your thoughts are about the whole SAS9.3Intrnet process. Is there anything special about it. I've set up SAS/Intrnet 9.1 before with no issues but SAS are heavily implying we need a consultant for 9.3. Thanks for any comment.

Alan Churchill said...

I asked some experts in it and they said little has changed. If I recall correctly, the blog post was done using SAS 9.3.

SAS throwing RPC error

If you are doing code in C#  and get this error when creating a LanguageService: The RPC server is unavailable. (Exception from HRESULT:...