ASP Server Components

Some of the ASP server components are the common features found in dynamic web pages. These base ASP server components are provided to enrich the pre-made functions of ASP technology for making dynamic and interactive web pages. However, some IIS pre-made components are not installed for all version of IIS. Ad Rotator, Browser Capabilities, Content Linker, Content Rotator, Counters, Logging Utility, My Info, Page Counter, Status, and tools are not installed with IIS 6.0. However, if you upgrade your Web server from a previous version of IIS, the pre-made components are not removed. Some IIS pre-made components, ASP content rotator and nextlink,  are deprecated in IIS7. And most IIS pre-made components are either not installed with IIS7 or their usage is not supported.

Permission Checker Component

The Permission Checker component can be used to create a PermissionChecker object that acts as a HTML tags holder on an ASP page that making use of the password authentication protocols provided in the IIS for determining whether a Web user has been granted permissions to read a file. One of the typical application of the PermissionChecker object is to customize an ASP page for different users groups. For example, a web page accessed  through the hyperlink on an ASP page can be limited for those user have the proper permissions by making use of the PermissionChecker object. 

Syntax

Set PermissionCheckerName = 
    Server.CreateObject("MSWC.PermissionChecker")

Parameters

PermissionCheckerName

The parameter "PermissionCheckerName" is the name assigned to the instance of the PermissionChecker object created by the call using the Server.CreateObject.

Remark

The three types of password authentication in any combination supported by IIS are:

• Anonymous

• Basic

• Integrated Windows authentication      .

When anonymous authentication is enabled, all users are initially logged on under the IIS anonymous user account. Since all anonymous users share the same account, the PermissionsChecker object cannot authenticate individual users if anonymous access is allowed. Therefore, when all users of application have their own individual ccounts, such as intranet-only web sites, the anonymous authentication can be diabled for allowing he PermissionChecker object to authenticate individual users.

For the case of an application with some pages must be available to anonymous users and other pages are needed to be secure, such as mixed internet and intranet web sites, besides enabling the anonymous authentication, at least one other password authtentication method, either integrated windows authentication or basic should also be enabled so that those web pages with denied anonymous access can also be accessed through the authentication by using either integrated windows authentication or basic password authentication.

 In general, there are two ways to deny anonymous access to a specific page. One is to set the Access Control List for the ASP file to exclude the anonymous user account. The other is to block the anonymous user account from accessing the ASP file by the ASP script in the ASP file. This can be done by checking for the anonymous user account, to which the LOGON_USER server variable is empty and resplaceing the ASP page response to set the Response.Status to the 401 Unauthorized error message. And this will cause the IIS to attempt to identify the user by using NTLM or Basic authentication. For example.

When all the files in the application must be available to anonymous users, the PermissionChecker object will not able to distinguish individual user accounts. However, the PermissionChecker object can be still used to ensure the the specified web page exists and to test whether the annoymous user account has access perimissions for the specific page.

Besides, the NTLM password authentication is currently supported only be Microsoft Internet Explorer, and it may not work over a proxy server. Thus the Basic password authentication should also be enabled in order to accept users connect to the web site with browsers other than Internet Explorer or through a proxy server.

PermissionChecker.HasAccess Method

PermissionChecker.HasAccess method is used to determine whether the user has permissions to access a specified file.

Syntax

PermissionCheckerName.HasAccess(pathInfo)

Parameters

PermissionCheckerName

The parameter "PermissionCheckerName" is the name of the instance of the PermissionChecker object to be set.

pathInfo

The parameter "pathInfo" is used to specify the path and name of the web page to be checked. The "pathInfo" can be either a physical or virtual path.

Return Values

A Boolean value indicating whether the web user has access to the specified web page. If the file does not exist, or if a directory is specified, the PermissionChecker object returns False.