WindowsXP/inetsrv/iis/img/help/iisnts/htm/asp/comp3hf8.htm

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">
<TITLE>Permission Checker Component</TITLE>
<SCRIPT LANGUAGE="JavaScript">
<!--
	TempString = navigator.appVersion
	if (navigator.appName == "Microsoft Internet Explorer"){	
// Check to see if browser is Microsoft
		if (TempString.indexOf ("4.") >= 0){
// Check to see if it is IE 4
			document.writeln('<link rel="stylesheet" type="text/css" href="/iishelp/common/coua.css">');
		}
		else {
			document.writeln('<link rel="stylesheet" type="text/css" href="/iishelp/common/cocss.css">');
		}
	}
	else if (navigator.appName == "Netscape") {						
// Check to see if browser is Netscape
		document.writeln('<link rel="stylesheet" type="text/css" href="/iishelp/common/coua.css">');
	}
	else
		document.writeln('<link rel="stylesheet" type="text/css" href="/iishelp/common/cocss.css">');
//-->
</script>
<SCRIPT LANGUAGE="VBScript">
<!--
Sub Window_OnLoad()
   Dim frmContents
   On Error Resume Next
   If Not Parent Is Nothing Then
      Set frmContents = Parent.Contents
      If Not frmContents Is Nothing Then
            frmContents.Window.TOCSynch_Click
      End If
   End If
End Sub
//--></SCRIPT><META NAME="DESCRIPTION" CONTENT="Internet Information Services reference information">
<META HTTP-EQUIV="PICS-Label" CONTENT='(PICS-1.1 "<http://www.rsac.org/ratingsv01.html>" l comment "RSACi North America Server" by "inet@microsoft.com <mailto:inet@microsoft.com>" r (n 0 s 0 v 0 l 0))'>
<META NAME="MS.LOCALE" CONTENT="EN-US">
<META NAME="MS-IT-LOC" Content="Internet Information Services"> 
</HEAD>

<BODY BGCOLOR="#FFFFFF" TEXT="#000000">

<H1><A NAME="_permission_checker_component"></A><SUP></SUP>Permission Checker Component</H1>

<P>The Permission Checker Component creates a <B>PermissionChecker</B> object that uses the password authentication protocols provided in Microsoft<sup>&reg;</sup> Internet Information Services (IIS) to determine whether a Web user has been granted permissions to read a file. </P>

<P>You can use the Permission Checker component to customize an ASP-based page for different types of users. For example, if a Web page contains hyperlinks, you can use the Permission Checker component to test whether the user has permissions for the target Web pages. If the user does not have the proper permissions, you can then omit or alter the hyperlinks to those pages the user may not access.</P>

<H6>Syntax</H6>

<P><B>Set</B> <I>oVar</I> <B>= Server.CreateObject( "MSWC.PermissionChecker" )</B></P>

<P>&nbsp;</P>

<H6>Parameters</H6>

<DL>
<DT><I>oVar</I></DT>

<DD>Specifies the name of the <B>PermissionChecker</B> object created by the call to <B>Server.CreateObject</B>. <BR>
</DD>

<DT></DT>
</DL>

<H6>Methods</H6>

<TABLE border=0 cellpadding=5 cols=2 frame=box rules=cols>

<TR VALIGN="top">
<TD width=48%><A HREF="/iishelp/iis/htm/asp/comp87ub.htm">HasAccess</A></TD>
<TD width=52%>Determines whether the user has permissions to access a specified file.</TD>
</TR>
</TABLE><BR>

<PRE></PRE>

<P><span class=le><B>Note&nbsp;</B></span> </P>

<P>IIS supports the following three types of password authentication in any combination:

<UL type=disc>
	<LI>Anonymous</li>

	<LI>Basic</li>

	<LI>Integrated Windows authentication</li>
</UL>

<P>When Anonymous authentication is enabled, all users are initially logged on under the IIS anonymous user account. Because anonymous users all share the same account, the Permissions Checker component cannot authenticate individual users when anonymous access is allowed.</P>

<P>For applications where all users have individual accounts, such as intranet-only Web sites, it is recommended that you disable anonymous authentication so that the Permissions Checker component can authenticate individual users.</P>

<P>For applications where some pages must be available to anonymous users and other pages need to be secure, such as mixed Internet and intranet Web sites, you should enable anonymous authentication and at least one other password authentication method, either integrated Windows authentication or Basic. Then if you deny anonymous access to a specific page, the server will attempt to authenticate the user by using either integrated Windows authentication or Basic password authentication.</P>

<P>You can use either of the following two methods to deny anonymous access to a specific page.

<UL type=disc>
	<LI>Set the Access Control List for the ASP-based file to exclude the anonymous user account.</li>

	<LI>In the ASP script, check for the anonymous user account (if the LOGON_USER server variable is empty) and set Response.Status to the <CODE>401 Unauthorized </CODE>error message. This will cause IIS to attempt to identify the user by using NTLM or Basic authentication. </li>
</UL>

<P>This is illustrated in the following example.</P>

<P><CODE>&lt;% </CODE></P>

<P><CODE>If Request("LOGON_USER") = "" Then</CODE></P>

<P><CODE>&nbsp;&nbsp;Response.Status = "401 Unauthorized"</CODE></P>

<P><CODE>End if</CODE></P>

<P><CODE>%&gt;</CODE></P>

<P><CODE>&nbsp;</CODE></P>

<P>If all the files in your application must be available to anonymous users, the Permission Checker component will not able to distinguish individual user accounts. You can still use it, however, to ensure that the specified Web page exists and test whether the anonymous user account has access permissions for that page.</P>

<P><span class=le><B>Important</B></span></P>

<P>NTLM password authentication is currently supported only by Microsoft Internet Explorer, and may not work over a proxy server. Thus, if users connect to your site with browsers other than Internet Explorer or through a proxy server and your application requires a non-anonymous user context, you must also enable Basic password authentication.</P>
<hr class="iis" size="1">
<p align="center"><em><a href="../../../common/colegal.htm">&copy; 1997-2001 Microsoft Corporation. All rights reserved.</a></em></p>
</BODY>
</HTML>