|
Q. I want the ability in ASP to take away content that a logged on user without sufficient privileges shouldn't see, for a particular page in a protected directory. A. The answer is very similar to the question above. Setup three groups in AuthentiX: Group1, Group2, Group3.
Protect /Main (the directory containing the page with the "variable" content")
with all three groups.
in /Main/variable.asp have the following code:
' change this value if you are using AuthentiX ISP
usingAuthentiXStandard = false
if (usingAuthentiXStandard) then
axCtrlString = "AUTHXOCX.AuthXOCXCtrl.1"
Set auth = Server.CreateObject(axCtrlString)
else
axCtrlString = "AUTHXISP.AuthXOCXCtrl.1"
Set auth = Server.CreateObject(axCtrlString)
' use this line to automatically set
' the domain to be the requesting IP
protectedDomain = Request.ServerVariables("LOCAL_ADDR")
' use this alternative if you are protecting by host header,
' set protectedDomain to be -your- host header
'protectedDomain = "hostheader.com"
auth.SetVirtualDomain
protectedDomain, Request.ServerVariables("SCRIPT_NAME")
' check with your isp for your password, initially it is empty
auth.SetVirtualDomainPassword("")
end if
l = Request.ServerVariables("LOCAL_ADDR")
s = Request.ServerVariables("SCRIPT_NAME")
h = Request.ServerVariables("HTTP_AUTHORIZATION")
currentUser =
auth.CurrentUserName(l, s, h)
if (0 = auth.GroupHasUser("Group1", currentUser)) Then
response.Write("<P>Content for privilege level 1<P>")
elseif (0 = auth.GroupHasUser("Group2", currentUser)) Then
response.Write("<P>Content for privilege level 2<P>")
elseif (0 = auth.GroupHasUser("Group3", currentUser)) Then
response.Write("<P>Content for privilge level 3<P>")
else
response.Write("Error - user not in any Group!")
response.End
End If
The same mechanism can be used from cgi applications such as Cold Fusion
(sample),
Perl
(sample), etc.
|
|