The Permission Checker Component

The Permission Checker component implements the PermissionChecker object, which uses the password authentication protocols in IIS to determine whether a Web user has permission to read a file.

A typical use of the PermissionChecker object is to test whether the user has permission to read a particular Web page (by clicking a hyperlink to that page). If the PermissionChecker object determines that the user does not have permission to read the page, ASP script can be used to disable the hyperlink, or better yet, not to show the hyperlink at all. The PermissionChecker object has one method, named HasAccess.

The example in Figure 17-16 shows how to test whether a user has access to a Web page.

Figure 17-16. Permission Checker sample code, PermissionChecker.asp, showing how to read whether a user has access to a particular Web page using either a physical or a virtual path.

<%@ Language=VBScript %> <HTML> <HEAD> <META NAME="GENERATOR" Content="Microsoft Visual Studio 6.0"> </HEAD> <BODY> <H2>Permission Checker Sample</H2> <HR> <OBJECT RUNAT=server PROGID=MSWC.PermissionChecker id=oPermChk> </OBJECT> The following code checks to see if the current user has access to the PermissionChecker.asp file <P> Physical Path = <%=oPermChk.HasAccess(".\PermissionChecker.asp") %> <P> Virtual Path =      <%=oPermChk.HasAccess("/Components/PermissionChecker.asp") %> </BODY> </HTML> 

You can use physical paths, such as .\PermissionChecker.asp, as well as virtual paths, such as /Components/PermissionChecker.asp, when checking permissions using this component. Figure 17-17 shows the resulting output from the PermissionChecker.asp page.

Figure 17-17. Output from the PermissionChecker.asp page.