One of the benefits of using Microsoft's Internet Information Server is its close connection to Windows NT and its security model. The Permission Checker component allows you to utilize this connection to determine whether a user on your web site has permission to view a given file stored on an NTFS volume. This allows you to customize your site's pages according to the permissions granted a given user. For example, you could use the Permission Checker component to check whether a user has access to a certain downloadable file before creating a link to the file. This way, if the user does not have access to the file, she does not even see the link to it. Conceivably, you could use this strategy to prevent unauthorized users from ever seeing any indication that files to which they do not have access exist.

There are two requirements for using the Permission Checker component. The first is that your site must be running on Windows NT or Windows 2000. (Personal Web Server for Windows 95/98 will not work.) Second, your web site must not rely exclusively on anonymous connections and the (low-level) security such an access method provides. You must have either Basic Clear Text or Windows NT Challenge Response authentication selected as a security option for your web site. These authentication methods provide the Permission Checker object with a security context in which to test for various permissions. If you do not have Basic or NT Challenge ...