Accessing Office Word object model through asp.net results in "failed due to the following error: 80070005 Access is denied."

Question

I have developed a website that allows users to upload office documents then uses the office object model to convert the document to an HTML file that it then displays in an iFrame.

I have, of course, included references to Office.interop.word, and the site works fine on my development machine. When I uploaded it to my production server the site functions fine until I try to upload a document. I initially got a similar error that said "COM object not registered". I realized that Word wasn't installed on my production server. So I installed word and now when the server tries to access the word object model I receive the following error:

Retrieving the COM class factory for component with CLSID {000209FF-0000-0000-C000-000000000046} failed due to the following error: 80070005 Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))

I searched the registry for the corresponding CLSID and found a corresponding folder. I added full control to the IUSR_ account and due to the persistence of the error I eventually added full control to "everyone" and ensured these permissions inherited down to the rest of the folder. I then added full control to IUSR_ and again eventually added full control to "everyone" to my microsoft office folder.

I don't know what other permissions to grant and where in order to make this "Access is denied" error go away. I must be granting them in the wrong place, because as far as I know I can't be any more permissive than "Everyone" "Full Control".

Can anyone shed any light? Thank you.

Answer 1

Look in the Event Viewer, under Windows Logs, System, on the server machine where Word is installed. Do you see an event logged that reads something similar to:

The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {148BEE7F-6123-41EE-8CCA-E390902BD0D8} to the user SomeMachine\SomeUser SID (S-1-5-21-483881670-2168941642-1987552629-1003) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

If so, run DCOMCNFG.EXE, and go to Component Services, Computers, My Computer (or whatever name), DCOM Config (and you can just answer "No" if it asks if you want to fix anything) and if the event log message is for an application, then find it by the name in the event log message, here by item name, and if the event log message is for a CLSID (like the example above) then find it by the CLSID "{148B...}" (that's just a random CLSID I pasted in -- probably it will match your 000209FF... above), and select More actions... Properties, to the Security tab.

Here, you can select [x] Customize and then Edit, to add permission for the appropriate user account to activate and access the required DCOM application or class.

It's just a guess, but give that a try, or something along these lines (i.e. granting access to the CLSID via DCOMCNFG).