Setting up directory Security with ASP and IIS

iis| Safety

Introduction: I recently received a task to design a scheme to provide folder security access for Web sites.

This is done with the idea that a user can go to the site and then automatically go to the default folder, which lists files from another page, and links are already established between them.

When a user clicks on a filename, they can open the link and see the contents of that file. (This is similar to an FTP, where a user's authentication information is directly imported into a specific directory.) The difference is that this is the process of importing users from a WEB interface into a file. I'll show you step-by-step how I designed my plan. (The encoding in this article has been tested and successful and can be run in Windows Server's Internet information Services (IIS) 5.0.) )

laying the groundwork

The Web site is on a machine that has Windows 2000 installed. Because IIS is fully integrated with Windows in such an environment, I decided to make good use of this authentication mechanism. When the user enters the first page, the LOGON_USER environment variable usually gets the user's details. Because Windows is extremely cautious about identifying users and delegating to users, the only thing we need to worry about is deciding where to get the file information from the currently logged-on user. Since there is no database interaction in this scenario, my program uses an XML file that can maintain user information for a long time. The XML data will remain in the application variable for a long time, and if any changes are made to the application's XML data, it will remain in the XML file for long. In this case, of course, the only thing that remains for a long time is the authentication information of the currently logged-on user. This is also the current user's SessionID.

To make these folders more flexible, I want to allow the user to access it as an individual user or as a group user. This requires that these folders provide access paths to individual and group users, and that the information is stored in an XML file. In this way, we need three XML files: one for individual users, one for group users, and another for folders.

The user's XML file contains some information about the user. For example, each logged-on user has a user name. When a user accesses the Web site, a session is created and the session marker recognizes the session. Because each session corresponds to a user, the user node that identifies the user includes a SessionId property that holds the current session identifier.

The SessionId property can be used to find the user's ID in the access information. At this point, you also need to prepare a default folder for the user.

　　 <?xml version= ' 1.0 '?>

The group user's XML file contains information about the collective information and the users in each group. Each group of nodes includes a group of users who are identified by their IDs.

<?xml version= ' 1.0 '?>
<groups>
<group id= "1" username= "Administrators" >
<users>
<user id= "1"/>
</users>
</group>
</groups>