Active News 15 Seconds Weekly Newsletter • Complete Coverage • Site Updates • Upcoming Features More Free Newsletters Reference News Articles Code Samples Components Tools New Free Downloads Vendors FAQ Feedback Books Links DL Archives Community Messageboard List Servers Mailing List WebHosts Consultants Tech Jobs 15 Seconds Home Site Map Press Legal Privacy Policy internet.commerce internet.com IT Developer Internet News Small Business Personal Technology International Search internet.com Advertise Corporate Info Newsletters Tech Jobs E-mail Offers Compare products, prices, and stores at Hardware Central!	Checking NT Group for User Permissions To check to see if users have rights to login to your IIS server, check their NT group. First, get their NT group list in the Global.asa file: Sub Session_OnStart on error resume next strUsername=Replace(ucase(Request.ServerVariables("LOGON_USER")) , "\", "/") set adsUser = getobject("WinNT://" & strUsername) for each group in adsUser.groups GrpList = GrpList & lcase(trim(group.name)) & ";" next if instr(1, GrpList ,"SecureNTGroupName") then session("permission") = "OK" End sub Then in your ASP page, check on a session variable to see if they are allowed in or not.: <% if session("permission") <> "OK" then Response.Redirect "loginfailure.asp" %> submitted by Ian Vink email this code sample to a colleague Related Articles Aug 28, 1997 - Designing Multiple Web Sites with IIS 4.0 IIS 4.0 allows you to have multiple web sites on one machine. Though IIS 3.0 has this capability, IIS 4.0 expands the functionality of multiple web sites by adding additional characteristics to sub-directories, and allow for multiple applications. Special considerations need to be made when designing and administrating multiple web sites on a single machine, including when to use sub-directories, when to use virtual directories, how to handle security, and the handling of multiple applications. [Read This Article]  [Top] Nov 27, 1997 - Performance Tuning This article is a reprint of chapter 15, by Nelson Howell , in a new book called 'Using Microsoft Internet Information Server 4' from Que Education & Training (ISBN 0789712636) due for publication in early March 1998. The chapter covers performance tuning of the Internet Information Server version 4.0. Including: What is performance, building web sites for speed, and the performance monitor. [Read This Article]  [Top] Nov 28, 1997 - Understanding and Planning for Server-Side Loading This article is a reprint of chapter 16, by Nelson Howell , in a new book called 'Using Microsoft Internet Information Server 4' from Que Education & Training (ISBN 0789712636) due for publication in early March 1998. This chapter covers understanding and planning for server-side loading with the Internet Information Server version 4.0. Including determining load using performance monitor, using event viewer to discover errors, using TCP/IP troubleshooting utilities, configuring ODBC loads and understanding IIS logging. [Read This Article]  [Top] Nov 29, 1997 - Be Your Own ISP: Allowing Dynamic User Access This article is a reprint of chapter 19, by Nelson Howell , in a new book called 'Using Microsoft Internet Information Server 4' from Que Education & Training (ISBN 0789712636) due for publication in early March 1998. This chapter covers being your own ISP: allowing dynamic user access. Including: setting up and providing clients with the ability to control their own Web site is a simple matter and getting the content there are two ways of uploading content to client Web sites: the traditional FTP method and the newer HTTP PUT facility. [Read This Article]  [Top] Nov 30, 1997 - Advanced Security Concepts This article is a reprint of chapter 19, by Nelson Howell , in a new book called 'Using Microsoft Internet Information Server 4' from Que Education & Training (ISBN 0789712636) due for publication in early March 1998. This chapter covers advanced security concepts. Including: how to secure content Enforce security permissions for sensitive and private content and configuring user authentication understand and use authentication methods for securing content. [Read This Article]  [Top] Jul 20, 1997 - Running ISAPI applications Within IIS 4.0 This issue discusses and demonstrates how to run isolated ISAPI applications. Included are considerations for moving your ISAPI application from IIS 3.0 to IIS 4.0, performance considerations and the effects of isolated ISAPI applications on ODBC connection pooling. [Read This Article]  [Top] Feb 10, 1998 - Custom Error Pages with IIS 4.0 In this issue, we will discuss how to use custom error pages with IIS 4.0. With IIS 4.0, you can return special pages for each web site error instead of the default pages. So instead of the message "404 File Not Found," the user could have a list of optional links with your company header and an apologetic message. We will demonstrate how to get the most from custom error pages by using Active Serve pages to customize the message. [Read This Article]  [Top] Feb 20, 1998 - Dynamic Banner Administration This article will describe how to implement a banner rotation scenario where the pages served are static, i.e. .htm, and do not have the flexibility to call components. The task is to dynamically serve banners and statically serve pages. This is the opposite of the scenario for banner rotation components, which statically serve banners and dynamically serve pages. [Read This Article]  [Top] Mar 4, 1998 - Programming IIS 4.0 with ADSI Have you wanted to add virtual roots through VBScript? Create ISAPI server extensions that install themselves in IIS 4.0? Or script the installation of your entire web site including user permissions? You can do this and more with ADSI. [Read This Article]  [Top] Mar 16, 1998 - ADSI Part II: Configuring NTLM with ADSI ADSI Part II describes and demonstrations the power of ADSI by showing how to manipulate the NTLM database. Examples in this article show how to add a user to a domain, delete the user, add a group, and add the user to the group. There is also a discussion on security and an overview of the Group, User and Domain ADSI objects. [Read This Article]  [Top] Mar 25, 1998 - Collaboration Data Object and IIS 4.0 Collaboration Data Object (CDO) is a COM library designed to send mail through SMTP or Microsoft Exchange. If you install the SMTP server that comes with Microsoft Option Pack 4, you can send mail from an Active Server page using CDO. Because CDO is comes with Microsoft Option Pack 4, CDO is free. [Read This Article]  [Top] Nov 2, 1997 - Creating a Push Server with ASP Have your own push server with Active Server and a little help from 15 Seconds. The Active Server page code that 15 Seconds presents is not a hack nor a work-around. This code manipulates HTTP headers to give the client the impression that you have a push server. [Read This Article]  [Top] Feb 10, 2000 - Creating Dynamic JavaScript with ASP and Databases Travis Giggy demonstrates how to put ASP tags inside of JavaScript blocks so developers can fit large amounts of data into one form on a single page. He offers an overview of things that can be done with dynamic JavaScript with ASP and data queries. [Read This Article]  [Top] Oct 16, 2001 - Implementing an E-mail Content Filter Using CDO Stop SPAM from sliding through your e-mail system. George Walker shows how to create an e-mail content filter for the Windows 2000 SMTP service using Microsoft Collaboration Data Objects. [Read This Article]  [Top] Oct 30, 2001 - Protecting Your IIS Server and Web Application Internet viruses such as Code Red and Nimbda have brought down numerous IIS Web servers recently. Fortify and defend your system with this comprehensive strategy authored by 30-year industry veteran, Andrew Novick. [Read This Article]  [Top] Dec 27, 2001 - Working With IIS Packet Filtering Brien Posey discusses IP packet filtering and other ways in which to control access through IIS. [Read This Article]  [Top] Jan 18, 2002 - Running IIS on Windows XP Home Edition? Members of the 15Seconds discussion list may have found a way to run IIS on Windows XP Home Edition, so developers can run ASP pages. Attempt at your own risk! [Read This Article]  [Top] Jan 23, 2002 - Troubleshooting IIS Access Problems Spending countless hours developing a Web site only to discover that no one can access it is frustrating. This article guides you through the process of troubleshooting Web-site access problems. [Read This Article]  [Top] Feb 27, 2002 - Moving Your IIS Server to a New Server - Part 1 Upgrading your server? Brien Posey takes a look at the process and pitfalls of migrating IIS to a completely different server. [Read This Article]  [Top] Mar 25, 2002 - Moving IIS To A Different Server - Part 2 Brien Posey evaluates two additional methods for migrating a Web server and it settings, backup/restore and ghosting. [Read This Article]  [Top] Apr 18, 2003 - IIS 6.0: Lessons in Trustworthy Computing Microsoft's Trustworthy Computing initiative significantly changed the way in which Microsoft builds and designs software. In this article, Jeff Gonzalez explores some of the new options and architecture in Internet Information Services 6.0. [Read This Article]  [Top] Mar 25, 1998 - Collaboration Data Object and IIS 4.0 Collaboration Data Object (CDO) is a COM library designed to send mail through SMTP or Microsoft Exchange. If you install the SMTP server that comes with Microsoft Option Pack 4, you can send mail from an Active Server page using CDO. Because CDO is comes with Microsoft Option Pack 4, CDO is free. [Read This Article]  [Top] Sep 29, 2005 - Migrating to a Load Balanced IIS 6 Environment Migration to IIS 6 can present itself as a daunting challenge. Depending on your existing hosting configuration, the process can number in hours, days, or even weeks. Careful planning and research is integral to achieve a successful migration. [Read This Article]  [Top] Nov 30, 1997 - Advanced Security Concepts This article is a reprint of chapter 19, by Nelson Howell , in a new book called 'Using Microsoft Internet Information Server 4' from Que Education & Training (ISBN 0789712636) due for publication in early March 1998. This chapter covers advanced security concepts. Including: how to secure content Enforce security permissions for sensitive and private content and configuring user authentication understand and use authentication methods for securing content. [Read This Article]  [Top] Nov 4, 1998 - ASP Authentication Using IP Address This article by Alain Trottier explains how to control web application access by validating the user’s login and password against a database using Active Server Pages. Once validated the IP Address of the user is ensure that the user has access to the database. [Read This Article]  [Top] Jan 14, 1999 - Easy Application State Securely This article by Dmitry Khanine shows how to make your web site 100-percent secure when maintain your application state. [Read This Article]  [Top] Feb 11, 1999 - Programming a Visual Basic Component to Change NLTM Passwords The application we will develop in this article is a browser-based Windows NT domain account password-changing utility that runs as a component in an MTS package on IIS and is accessible via the Internet. While IIS 4.0 provides native account password-changing functionality through the use of .htr files and an Internet Server API (ISAPI) extension, it does not provide for easy modification and does not run as an MTS component by default. The application we will develop demonstrates an extensible framework that could be easily enhanced to provide additional account-maintenance functionality specific to your individual requirements. [Read This Article]  [Top] Dec 17, 1999 - How to Send Secure Mail in ASP-Based E-Commerce Applications Peter Persits' article explains how Secure Multipurpose Internet Mail Extensions, or S/MIME, has come to rescue of e-commerce Web sites that need some order information to be contained in encrypted E-mail. Customers don't want to use automatic on-line credit card authorization, so order information instead is sent over an SSL-protected HTML form and credit card numbers are sent via encrypted E-mail for manual processing. [Read This Article]  [Top] Dec 16, 1999 - Crash Course in Cryptography Peter Persits' article "Crash Course in Cryptography" explains encryption so that you can grasp secure multipurpose Internet mail extensions, or S/MIME. [Read This Article]  [Top] Feb 17, 2000 - Protecting Passwords with a One-way Hash Function Peter Persits’ article shows that the path to a password-protected Web site involves using one-way hash functions. The hash-based password-protection method uses an encryption algorithm that does not require a key and produces an irreversibly encrypted cipher-text. Even if your site’s password database is compromised, it’s still tough for an intruder to recover the original passwords because they are stored by their one-way encrypted values. Persits also demonstrates a third-party component that is necessary to compute the one-way hash function of a string in the ASP environment. [Read This Article]  [Top] Apr 13, 2000 - Web Applications: Securing Access to Your Pages Edward Mason examines how to secure access to your Web pages, specifically pages that are intended to be displayed in a set order. He offers sample code from one of his custom Web applications that includes a folder structure and an ASP file structure. The article also addresses bookmarking, special cases, adding or changing page links, and adding more process screens. [Read This Article]  [Top] Aug 16, 2000 - The Wonders of the File System Object The file system object (FSO) is a wonderful tool that few web developers know about. You can do nearly anything with the FSO, from making databases, to message boards, to content management. The FSO is an essential block in an ASP developer's foundation. We'll discuss the basic operations of the FSO here, along with some examples on creating a guestbook, and some more complex features. [Read This Article]  [Top] Dec 5, 2000 - Random Passwords Want to Create a random password and mail it to the person who tried to register at your site? Here is a quick and easy example of how to do this task. It is fairly straight forward. [Read This Article]  [Top] Jan 4, 2001 - JavaScript Protection With An ISAPI Filter This article by Itay Weinberger describes how to use an ISAPI filter to prevent unauthorized access to your JavaScript or VBScript files. [Read This Article]  [Top] Jan 22, 2001 - Eliminating Some Credit Card Risk for E-Business Creator of the SC Profanity Check ASP component explains how Webmasters can take a proactive approach to eliminating some online credit-card fraud. [Read This Article]  [Top] Jan 31, 2001 - Using MS Certificate Server To Create SSL Read what advice members of the 15Seconds Discussion list had to offer on using Microsoft's Certificate Server instead of a third-party SSL solution. [Read This Article]  [Top] May 2, 2001 - Storing Sensitive Data Securely Members of the 15Seconds discussion list provide some general ideas on how to secure credit-card numbers stored in SQL Server. [Read This Article]  [Top] Oct 30, 2001 - Protecting Your IIS Server and Web Application Internet viruses such as Code Red and Nimbda have brought down numerous IIS Web servers recently. Fortify and defend your system with this comprehensive strategy authored by 30-year industry veteran, Andrew Novick. [Read This Article]  [Top] Mar 5, 2002 - Using Forms Authentication in ASP.NET - Part 2 Creating custom authentication schemes just became easier. Jeff Gonzalez continues to explain Forms Authentication, this time using a custom XML file. [Read This Article]  [Top] Feb 20, 2002 - Using Forms Authentication in ASP.NET - Part 1 Creating custom authentication schemes just became easier. Jeff Gonzalez shows us how to use Forms Authentication in ASP.NET. [Read This Article]  [Top] May 14, 2002 - Complying with IT's Security Requirements for Web Applications The application is done. It's been tested, documented and is ready for deployment or sale. Finally, you can relax and start working on version 2. Well, not so fast ... [Read This Article]  [Top] Jul 15, 2002 - Securing SQL Server for Web Applications If your SQL Server is exposed to the Internet, then hackers are probing it. This article shows how to secure a SQL Server database that's being used with a Web application [Read This Article]  [Top] Aug 21, 2002 - Web Application Error Handling and Logging For ASP One of the most important aspects of an application is how well it responds to the user, and this includes response to errors. In this article, Adam Tuliper shares techniques for catching ASP errors and shows how to create a notification system that is sure to keep customers at bay. [Read This Article]  [Top] Dec 10, 2002 - Encrypting Cookie Data with ASP.NET You don't have to be a cryptography expert or spend lots of money on third-party components to secure sensitive data in .NET. In this article, Wayne Plourde shows just how easy it is to encrypt cookie data using encryption classes in the .NET System.Security.Cryptography namespace. [Read This Article]  [Top] Jan 15, 2003 - Exploring Machine.Config - User Security and More Christopher Spann offers a .NET configuration tip that should help ease system administrators' fears of security compromise and thus assuage growing developer demand for a .NET environment. [Read This Article]  [Top] Mar 10, 2003 - Platform Neutral and Transparent Encryption of Sensitive Customer Information Zhenlei Cai combines an open source C++ encryption library with SQL Server extended stored procedures to create a platform neutral, transparent encryption solution that resides at the database layer. [Read This Article]  [Top] Mar 12, 2002 - Web Services Security in The .NET Framework The proliferation of Web Services on the market and their universal acceptance on the Internet makes them more vulnerable to security threats. Therefore, we need to tighten security for our Web Services and pay attention to it. With ASP.NET, Microsoft has provided the necessary features for securing our Web Services and other Web resources. In this article, Mansoor Ahmed Siddiqui explains how to unleash the power of ASP.NET security. [Read This Article]  [Top] Jul 1, 2002 - Protecting Your Web Application Against Dangerous Requests Enrico Di Cesare provides a solution for hiding and securing querystring values that pass through a url. [Read This Article]  [Top] Jan 21, 2004 - Configuring .NET Code Access Security Code Access Security (CAS) is the .NET Framework security model that grants code permission to resources based on "evidence" pertaining to the encapsulating assembly. In this article, David Myers examines CAS and explains different configuration methods. [Read This Article]  [Top] Feb 2, 2004 - Fighting Spambots with .NET and AI Bill Gates, in a recent interview, predicted the end of spam by 2006. One of the methods he mentioned involved a challenge only a real live person could handle. Adnan Masood shows how to use AI and .NET to create a user verification scheme that incorporates similar concepts Gates alluded to. [Read This Article]  [Top] Feb 3, 2004 - Fighting Spambots with .NET and AI -- Cont'd [Read This Article]  [Top] Feb 4, 2004 - Fighting Spambots with .NET and AI -- Cont'd [Read This Article]  [Top] Feb 5, 2004 - Fighting Spambots with .NET and AI - Cont'd [Read This Article]  [Top] Feb 24, 2004 - How to Send Secure Mail in ASP-Based E-Commerce Applications - Part II Businesses that utilize encrypted e-mail may find Secure Multipurpose Internet Mail Extensions (S/MIME) to be somewhat restrictive. This article shows how to use security features in PDF as an alternative to S/MIME. [Read This Article]  [Top] Feb 25, 2004 - How to Send Secure Mail in ASP-Based E-Commerce Applications - Part II, Cont'd Businesses that utilize encrypted e-mail may find Secure Multipurpose Internet Mail Extensions (S/MIME) to be somewhat restrictive. This article shows how to use security features in PDF as an alternative to S/MIME. [Read This Article]  [Top] Feb 26, 2004 - How to Send Secure Mail in ASP-Based E-Commerce Applications - Part II, Cont'd Businesses that utilize encrypted e-mails may find Secure Multipurpose Internet Mail Extensions (S/MIME) to be somewhat restrictive. This article shows how to use security features in PDF as an alternative to S/MIME. [Read This Article]  [Top] Mar 10, 2004 - Intellectual Property Protection and Code Obfuscation Learn about the execution process of CLR-based programs and how to protect your applications from being easily disassembled back into source code. [Read This Article]  [Top] Mar 11, 2004 - Intellectual Property Protection and Code Obfuscation -- Cont'd Learn about the execution process of CLR-based programs and how to protect your applications from being easily disassembled back into source code. [Read This Article]  [Top] Mar 12, 2004 - Intellectual Property Protection and Code Obfuscation -- Cont'd Learn about the execution process of CLR-based programs and how to protect your applications from being easily disassembled back into source code. [Read This Article]  [Top] Mar 13, 2004 - Intellectual Property Protection and Code Obfuscation -- Cont'd Learn about the execution process of CLR-based programs and how to protect your applications from being easily disassembled back into source code. [Read This Article]  [Top] Mar 14, 2004 - Intellectual Property Protection and Code Obfuscation -- Cont'd Learn about the execution process of CLR-based programs and how to protect your applications from being easily disassembled back into source code. [Read This Article]  [Top] May 11, 2004 - SharePoint Security and .NET Impersonation When implementing custom components that require access to restricted resources, implicit impersonation must be used. Jay Nathan shows how to create a class that makes using .NET Impersonation a snap. [Read This Article]  [Top] Aug 11, 2000 - Servers-Side Validations on the Client Side Servers-side validations on the client side...isn't that an oxymoron? Maybe, but Pandurang Nayak shows us how to accomplish a type of remote scripting using a mix of Javascript and ASP. [Read This Article]  [Top] Dec 8, 2004 - Designing Role-Based Security Models for .NET In this article, Michele Leroux Bustamante discusses authentication, authorization and role-based security in .NET. Along the way, he provides some best practices for implementing role-based security in some typical .NET application scenarios including rich clients, Web applications, and Web services. [Read This Article]  [Top] Feb 3, 2005 - ASP.NET Mixed Mode Authentication In many web applications it is desirable for both intranet users and external parties to be able to seamlessly log onto the system. The problem this raises is that it is not easy to allow intranet users to log in via Windows integrated authentication while also allowing external parties to log in to the same application using standard forms authentication. This article will show you one way to achieve the best of both worlds when it comes to authentication. [Read This Article]  [Top] Related Knowledge Base Articles ASP May Fail When IIS Is in Low Memory Condition Q192596 - 1998.09.29 PRB: Web Server Related Errors On Multi-Process... Q192638 - 1998.09.29 IIS Logging to SQL Server Fails w/ Blank Userna... Q149398 - 1998.09.29 IIS Fails to Display Custom Error Messages for ... Q176919 - 1998.09.29 FP/VID VSS Control of OOP Application Causes Ra... Q177232 - 1998.09.29 Related Products AspCodeLock ServerObjects Inc. announces AspCodeLock. This product will allow you to encrypt ASP script code at development time. AspCodeLock will dynamically decode the script when requested by IIS and execute it under the ASP environment. Your ASP code is processed in memory and is not written unencrypted to disk by AspCodeLock [Top]
Support the Active Server Industry Search: Jupitermedia Corporation has two divisions: Jupiterimages and JupiterOnlineMedia Jupitermedia Corporate Info Legal Notices, Licensing, Reprints, & Permissions, Privacy Policy. Advertise | Newsletters | Tech Jobs | Shopping | E-mail Offers Solutions Whitepapers and eBooks Adobe Acrobat Connect Pro: Web Conferencing and eLearning Whitepapers Microsoft Article: Will Hyper-V Make VMware This Decade's Netscape? Avaya Article: Avaya AE Services Provide Rapid Telephony Integration with Facebook Intel Go Parallel Article: Getting Started with TBB on Windows Microsoft Article: 7.0, Microsoft's Lucky Version? Intel Go Parallel Article: Intel Threading Tools and OpenMP HP eBook: Storage Networking , Part 1 Avaya Article: Speech Sandbox: Application Simulation in Avaya Dialog Designer MORE WHITEPAPERS, EBOOKS, AND ARTICLES Webcasts HP Video: StorageWorks EVA4400 and Oracle HP Webcast: Storage Is Changing Fast - Be Ready or Be Left Behind MORE WEBCASTS, PODCASTS, AND VIDEOS Downloads and eKits 30-Day Trial: SPAMfighter Exchange Module Red Gate Download: SQL Toolbelt and free High-Performance SQL Code eBook Iron Speed Designer Application Generator MORE DOWNLOADS, EKITS, AND FREE TRIALS Tutorials and Demos Featured Algorithm: Intel Threading Building Blocks - parallel_reduce Silverlight 2 App and Walkthrough: Leverage Silverlight 2 with SQL Server and XML HP Demo: StorageWorks EVA4400 MORE TUTORIALS, DEMOS AND STEP-BY-STEP GUIDES