A Web page requires authentication when the authorization level set in Avalue in the registry in HKEY_LOCAL_MACHINE\COMM\HTTPD\VROOTS\</ Vroot Name> subkey is greater than zero (0). For more information, see Virtual Path Registry Settings.

The following steps must be performed sequentially to gain access to a Web page that requires authentication:

1. The user must be authenticated for the given virtual path by using NTLM authentication or Basic authentication. If this step fails, the user is denied access to the page.
   
   
2. If NTLM authentication is used, the Web Server requests information regarding the groups in which the user has membership. If this step fails, the user is assumed to not have membership in any group.
   
   
3. If 0< A<3 and the name of the authenticated user (or a group containing the user) is listed in the HKEY_LOCAL_MACHINE\COMM\HTTPD\AdminUsersregistry key, the user is granted access to the page as an Administrator. For more information about the registry setting, see Base Registry Settings.
   
   

   Note:

   Users that are members of this list have access to all virtual roots on the device, even if they have been explicitly denied access in the UserListregistry value for a specific virtual root. If A=1 and the name of the authenticated user (or a group containing the user) is listed in the HKEY_LOCAL_MACHINE\COMM\HTTPD\VROOTS\</ Vroot Name> \UserListregistry key, the user is granted access to the Web page.If the previous conditions fail, the user is denied access to the Web page.

The Administrative group check is performed only when using NTLM authentication. The user name check is done for both types of authentication.

The authentication registry keys support individual users and groups, as well as the ability to exclude specific users and groups. For more information, see Web Server User Lists.

See Also