|
|
|
|
|
|
|
|
|
|
|
|
|
|
ASP ADVANCED
The Permission Checker
component can be used to display a link to a page only when a user is
authorized to access the page. This
component has a single property named HasAccess.
When a user has access to a file, the property returns TRUE.
If the user doesn't have access to the file or the file doesn't
exist, the property returns FALSE. Following
is an example of how this component is used: <% In this example, the hypertext link to destroy all files on the hard drive is displayed only to those users who have permission to access it. Users who aren't authorized to access this file won't even see the hypertext link to the file. When is a user authorized
to access a file? This is
determined by Windows NT security. When
Windows NT is configured to use the NTFS file system, every file has an
associated set of permissions. You
can grant permission to read a file to a particular user or a group of
users. To specify the permissions for a particular file, right-click the name of the file and choose Properties. Click the Security tab and then click the Permissions button. In the File Permissions dialog box that appears, you can specify the users or groups that have permission to access the file. The Permission Checker
component uses the permission settings to determine the users who have
access to a file. However,
the component can do this only when it knows the identity of the user.
If the users of your Web site are never forced to log in, this
component isn't useful. There are two ways to force a user to log in at your Web site. The first way is to use the Internet Service Manager to enable either Basic or Windows NT Challenge/Response authentication. When either type of password authentication is enabled, you can force anonymous users to log in. By default, all anonymous users of your Web site use the same account. From the perspective of Windows NT, every visitor to your Web site is using the IUSR_Machine account. For example, if the name of your machine is Plato, all anonymous Web visitors use the IUSR_Plato account. After enabling password authentication, you can force an anonymous Web user to log in when accessing a particular file. You do this by specifying that the IUSR_Machine account doesn't have Permission to access the file. When an anonymous user attempts to access the file, the Password dialog box appears, forcing the user to log in and allowing the Permission Checker component to identify the user. However, there's a
second way in which you can force this to happen.
You can cause the Password dialog box to appear by using a script, like
this: <% This example is the
same as the previous one except for the first few lines of the script.
The Status method of the Response object is used to send an
unauthorized status code to the browser. After the user has logged
in, the Permission Checker component cm be used to determine the files
that user has permission to access. Different
users can be assigned different permissions, depending on their roles.
The Permission Checker component can be used to display just the
options appropriate for a particular role. For example, your Web site may have multiple administrators with different permissions. You might want to allow certain administrators to have only the permission to delete messages from newsgroups. You might want a second group of administrators to have permission to do such things as delete all the files on the hard drive. By using the Permission Checker component, you can prevent people from being tempted to do things that they shouldn't do. Summary
|
 |
||||
|
|
||||||
|
|
||||||
|
|
|
|
 |
