See Also
 Important: |
|---|
| This is retired content. This content is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies. This content may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist. |
The authentication level for a virtual directory can be set to zero (0), 1, or 2. The following table describes each value. The values are set in the registry in HKEY_LOCAL_MACHINE\COMM\HTTPD\VROOTS\</ Vroot Name> subkeys. For more information, see Virtual Path Registry Settings.
| Value : type | Description |
|---|---|
|
A=0 |
Anonymous users can access the virtual directory and may have permission to read and execute scripts, depending on the P value for the virtual directory. With A=0, anyone who can access the Web Server can access files in that virtual directory. |
|
A=1 |
A valid user identifier and password are required to access a virtual directory with authentication that is set to A=1. |
|
A=2 |
Virtual directories with an authentication value set to A=2 require the browser user to have Administrator privileges. A valid user identifier and password are required to gain access to this virtual directory. |
The first attempt by a user to access a virtual directory that has an authentication value of 1 or 2 results in a 401 - Unauthorized status code that is sent back to the browser. The forms of acceptable authentication are sent to the browser in the Httpd header fields of the message. The authentication types that are sent depend on the values that are set for Basicand NTLMunder the HKEY_LOCAL_MACHINE\COMM\HTTPDprotected registry key described in Base Registry Settings. By setting both Basicand NTLMvalues to 1, the Web Server sends both authentication types in response to the same request, allowing the client browser to select the authentication method. A script can also include an authentication scheme by setting the WWW-Authenticate field and the desired value in the Httpd headers.
If Basic authentication is used, the client browser sends the user name and password over the network in plain text unless SSL is enabled for the connection. If the client uses NTLM authentication, the Web Server and the client browser negotiate a means through which the client browser can send credentials to the Web Server without using a cleartext password. Regardless of how the user's credentials are sent to the Web Server, the mechanism for checking whether the password entered is valid is the same. If the registry value HKEY_LOCAL_MACHINE\COMM\Redir\DefaultDomainis specified, the Web Server will only act as a middle man. It will rely upon a domain controller on the DefaultDomain registry value to determine whether the credentials provided are valid for that domain. If this registry value is not indicated, the Web Server will check the local user database to see if the credentials are valid. New users can be programatically added to the local user database via a call to NTLMSetUserInfo.
If the user name and password are not valid, the Web Server sends another 401 - Unauthorized status code to the browser.