Permission Checker Component

The Permission Checker component creates a PermissionChecker object that uses the password authentication protocols provided in Microsoft® Internet Information Server (IIS) to determine whether a Web user has been granted permissions to read a file.

You can use the Permission Checker component to customize an ASP-based page for different types of users. For example, if a Web page contains hyperlinks, you can use the Permission Checker component to test whether the user has permissions for the target Web pages. If the user does not have the proper permissions, you can then omit or alter the hyperlinks to those pages the user may not access.

Syntax

Set oVar = Server.CreateObject("MSWC.PermissionChecker")
 

Parameters

oVar
Specifies the name of the PermissionChecker object created by the call to Server.CreateObject.

Registry Entries

None.

Methods

HasAccess Determines whether the user has permissions to access a specified file.

Examples

The following example uses the HasAccess method to test whether the current user has access to a specified file. Note that you can specify either a physical or virtual path.

<% Set pmck = Server.CreateObject("MSWC.PermissionChecker") %>
 
Physical Path Access = <%= pmck.HasAccess("c:\pages\abc\default.htm") %>
Virtual Path  Access = <%= pmck.HasAccess("/abc/default.htm") %>
 

Remarks

IIS supports the following three types of password authentication in any combination:

When anonymous password authentication is enabled, all users are initially logged on under the IIS anonymous user account. Because anonymous users all share the same account, the Permissions Checker component cannot authenticate individual users when anonymous access is allowed.

For applications where all users have individual accounts, such as intranet-only Web sites, it is recommended that you disable anonymous authentication so that the Permissions Checker component can authenticate individual users.

For applications where some pages must be available to anonymous users and other pages need to be secure, such as mixed Internet and intranet Web sites, you should enable anonymous authentication and at least one other password authentication method, either NTLM or Basic. Then if you deny anonymous access to a specific page, the server will attempt to authenticate the user by using either NTLM or Basic password authentication.

You can use either of the following two methods to deny anonymous access to a specific page.

If all the files in your application must be available to anonymous users, the Permission Checker component will not able to distinguish individual user accounts. You can still use it, however, to ensure that the specified Web page exists and test whether the anonymous user account has access permissions for that page.

Note NTLM password authentication is currently supported only by Microsoft Internet Explorer, and may not work over a proxy server. Thus, if users connect to your site with browsers other than Internet Explorer or through a proxy server and your application requires a non-anonymous user context, you must also enable Basic password authentication.

Note This component is not installed with IIS. You can install it from the Microsoft Web site at: http://www.microsoft.com/iis/, or from the CD included with the IIS Resource Kit.


© 1997 by Microsoft Corporation. All rights reserved.