Sideway
output.to from Sideway
Draft for Information Only

Content

ASP Server Components
  Permission Checker Component
    Syntax
    Parameters
    Remark
   PermissionChecker.HasAccess Method
    Syntax
    Parameters
    Return Values
   Examples

ASP Server Components

Some of the ASP server components are the common features found in dynamic web pages. These base ASP server components are provided to enrich the pre-made functions of ASP technology for making dynamic and interactive web pages. However, some IIS pre-made components are not installed for all version of IIS. Ad Rotator, Browser Capabilities, Content Linker, Content Rotator, Counters, Logging Utility, My Info, Page Counter, Status, and tools are not installed with IIS 6.0. However, if you upgrade your Web server from a previous version of IIS, the pre-made components are not removed. Some IIS pre-made components, ASP content rotator and nextlink,  are deprecated in IIS7. And most IIS pre-made components are either not installed with IIS7 or their usage is not supported.

Permission Checker Component

The Permission Checker component can be used to create a PermissionChecker object that acts as a HTML tags holder on an ASP page that making use of the password authentication protocols provided in the IIS for determining whether a Web user has been granted permissions to read a file. One of the typical application of the PermissionChecker object is to customize an ASP page for different users groups. For example, a web page accessed  through the hyperlink on an ASP page can be limited for those user have the proper permissions by making use of the PermissionChecker object. 

Syntax

Set PermissionCheckerName = 
    Server.CreateObject("MSWC.PermissionChecker")

Parameters

PermissionCheckerName

The parameter "PermissionCheckerName" is the name assigned to the instance of the PermissionChecker object created by the call using the Server.CreateObject.

Remark

The three types of password authentication in any combination supported by IIS are:

  • Anonymous

  • Basic

  • Integrated Windows authentication      .

When anonymous authentication is enabled, all users are initially logged on under the IIS anonymous user account. Since all anonymous users share the same account, the PermissionsChecker object cannot authenticate individual users if anonymous access is allowed. Therefore, when all users of application have their own individual ccounts, such as intranet-only web sites, the anonymous authentication can be diabled for allowing he PermissionChecker object to authenticate individual users.

For the case of an application with some pages must be available to anonymous users and other pages are needed to be secure, such as mixed internet and intranet web sites, besides enabling the anonymous authentication, at least one other password authtentication method, either integrated windows authentication or basic should also be enabled so that those web pages with denied anonymous access can also be accessed through the authentication by using either integrated windows authentication or basic password authentication.

 In general, there are two ways to deny anonymous access to a specific page. One is to set the Access Control List for the ASP file to exclude the anonymous user account. The other is to block the anonymous user account from accessing the ASP file by the ASP script in the ASP file. This can be done by checking for the anonymous user account, to which the LOGON_USER server variable is empty and resplaceing the ASP page response to set the Response.Status to the 401 Unauthorized error message. And this will cause the IIS to attempt to identify the user by using NTLM or Basic authentication. For example.

ASP Page:

<%
If Request("LOGON_user")="" Then
    Response.Status="401 Unauthorized"
End If
%>

When all the files in the application must be available to anonymous users, the PermissionChecker object will not able to distinguish individual user accounts. However, the PermissionChecker object can be still used to ensure the the specified web page exists and to test whether the annoymous user account has access perimissions for the specific page.

Besides, the NTLM password authentication is currently supported only be Microsoft Internet Explorer, and it may not work over a proxy server. Thus the Basic password authentication should also be enabled in order to accept users connect to the web site with browsers other than Internet Explorer or through a proxy server.

PermissionChecker.HasAccess Method

PermissionChecker.HasAccess method is used to determine whether the user has permissions to access a specified file.

Syntax

PermissionCheckerName.HasAccess(pathInfo)

Parameters

PermissionCheckerName

The parameter "PermissionCheckerName" is the name of the instance of the PermissionChecker object to be set.

pathInfo

The parameter "pathInfo" is used to specify the path and name of the web page to be checked. The "pathInfo" can be either a physical or virtual path.

Return Values

A Boolean value indicating whether the web user has access to the specified web page. If the file does not exist, or if a directory is specified, the PermissionChecker object returns False.

Examples

  • Example of making use of the PermissionCheckerName method to check whether the web user has permissions to access a specified file..

    ASP Page, perm_checker.asp:

    <%
    If ""=Request.ServerVariables("LOGON_USER") Then
        Response.Write "Anonymous Access is enabled"
    Else
        Set PermissionCheckerName =
            Server.CreateObject("MSWC.PermissionChecker")
    %>
    For logged On User
        <%=Request.ServerVariables("LOGON_USER")%><br />
    Access to <%=Request.ServerVariables("PATH_TRANSLATED")%> is
    <%=PermissionCheckerName.HasAccess(Request.ServerVariables(
        "PATH_TRANSLATED"))%>
    <%
    End If
    %>

  • Example of making use of the PermissionCheckerName method to check whether the specified file exist or not.

    ASP Page:

    <%
    Set PermissionCheckerName =
        Server.CreateObject("MSWC.PermissionChecker")
    Response.Write "File /sideway/default.asp exist: " &    
        PermissionCheckerName.HasAccess("/sideway/default.asp")&
        "<br />"
    Response.Write "File /sideway/defaultdefault.asp exist: " &
        PermissionCheckerName.HasAccess("/sideway/defaultdefault.asp")&
        "<br />"
    %>


©sideway

ID: 130300001 Last Updated: 3/5/2013 Revision: 0 Ref:

close

References

  1. Active Server Pages,  , http://msdn.microsoft.com/en-us/library/aa286483.aspx
  2. ASP Overview,  , http://msdn.microsoft.com/en-us/library/ms524929%28v=vs.90%29.aspx
  3. ASP Best Practices,  , http://technet.microsoft.com/en-us/library/cc939157.aspx
  4. ASP Built-in Objects,  , http://msdn.microsoft.com/en-us/library/ie/ms524716(v=vs.90).aspx
  5. Response Object,  , http://msdn.microsoft.com/en-us/library/ms525405(v=vs.90).aspx
  6. Request Object,  , http://msdn.microsoft.com/en-us/library/ms524948(v=vs.90).aspx
  7. Server Object (IIS),  , http://msdn.microsoft.com/en-us/library/ms525541(v=vs.90).aspx
  8. Application Object (IIS),  , http://msdn.microsoft.com/en-us/library/ms525360(v=vs.90).aspx
  9. Session Object (IIS),  , http://msdn.microsoft.com/en-us/library/ms524319(8v=vs.90).aspx
  10. ASPError Object,  , http://msdn.microsoft.com/en-us/library/ms524942(v=vs.90).aspx
  11. ObjectContext Object (IIS),  , http://msdn.microsoft.com/en-us/library/ms525667(v=vs.90).aspx
  12. Debugging Global.asa Files,  , http://msdn.microsoft.com/en-us/library/aa291249(v=vs.71).aspx
  13. How to: Debug Global.asa files,  , http://msdn.microsoft.com/en-us/library/ms241868(v=vs.80).aspx
  14. Calling COM Components from ASP Pages,  , http://msdn.microsoft.com/en-us/library/ms524620(v=VS.90).aspx
  15. IIS ASP Scripting Reference,  , http://msdn.microsoft.com/en-us/library/ms524664(v=vs.90).aspx
  16. ASP Keywords,  , http://msdn.microsoft.com/en-us/library/ms524672(v=vs.90).aspx
  17. Creating Simple ASP Pages,  , http://msdn.microsoft.com/en-us/library/ms524741(v=vs.90).aspx
  18. Including Files in ASP Applications,  , http://msdn.microsoft.com/en-us/library/ms524876(v=vs.90).aspx
  19. ASP Overview,  , http://msdn.microsoft.com/en-us/library/ms524929(v=vs.90).aspx
  20. FileSystemObject Object,  , http://msdn.microsoft.com/en-us/library/z9ty6h50(v=vs.84).aspx
  21. http://msdn.microsoft.com/en-us/library/windows/desktop/ms675944(v=vs.85).aspx,  , ADO Object Model
  22. ADO Fundamentals,  , http://msdn.microsoft.com/en-us/library/windows/desktop/ms680928(v=vs.85).aspx
close

Latest Updated LinksValid XHTML 1.0 Transitional Valid CSS!Nu Html Checker Firefox53 Chromena IExplorerna
IMAGE

Home 5

Business

Management

HBR 3

Information

Recreation

Hobbies 8

Culture

Chinese 1097

English 339new

Travel 7new

Reference 79

Computer

Hardware 251

Software

Application 213

Digitization 32

Latex 52

Manim 205

KB 1

Numeric 19

Programming

Web 289

Unicode 504

HTML 66

CSS 65

SVG 46

ASP.NET 270

OS 431

DeskTop 7

Python 72

Knowledge

Mathematics

Formulas 8

Set 1

Logic 1

Algebra 84

Number Theory 206

Trigonometry 31

Geometry 34

Coordinate Geometry 2

Calculus 67

Complex Analysis 21

Engineering

Tables 8

Mechanical

Mechanics 1

Rigid Bodies

Statics 92

Dynamics 37

Fluid 5

Fluid Kinematics 5

Control

Process Control 1

Acoustics 19

FiniteElement 2

Natural Sciences

Matter 1

Electric 27

Biology 1

Geography 1


Copyright © 2000-2024 Sideway . All rights reserved Disclaimers last modified on 06 September 2019