Web Server Permissions

Important:
This is retired content. This content is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies. This content may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.

A version of this page is also available for

Windows Embedded CE 6.0 R3

4/8/2010

The permissions registry value ( P) in each virtual path specifies the permissions that the client browser has to the files under the virtual path, assuming that the client is authorized at the required level for the particular virtual path. P is a DWORDthat is set by a bitwise-OR of the HSE_URL_FLAGS flags, which are defined in the file Httpext.h. The Web Server only uses the HSE_URL_FLAGS_READ, HSE_URL_FLAGS_EXECUTE, HSE_URL_FLAGS_SSL, and HSE_URL_FLAGS_SCRIPT flags. By default, read, execute, and script execution permissions are granted.

Within the Httpext.h file, the HSE_URL_FLAGS flags are defined as follows.

	Copy Code
#define HSE_URL_FLAGS_READ 0x00000001 // Allow for Read. #define HSE_URL_FLAGS_WRITE 0x00000002 // Allow for Write. #define HSE_URL_FLAGS_EXECUTE 0x00000004 // Allow for Execute. #define HSE_URL_FLAGS_SSL 0x00000008 // Require SSL. #define HSE_URL_FLAGS_NEGO_CERT 0x00000020 // Allow client SSL certs. #define HSE_URL_FLAGS_REQUIRE_CERT 0x00000040 // Require client SSL certs. #define HSE_URL_FLAGS_MAP_CERT 0x00000080 // Map SSL cert to "CE Web server pseudo account". #define HSE_URL_FLAGS_SSL128 0x00000100 // Require 128 bit SSL. #define HSE_URL_FLAGS_SCRIPT 0x00000200 // Allow for Script execution. #define HSE_URL_FLAGS_SCRIPT_SOURCE 0x00000400 // Allow client to access script source.

Copy Code

#define HSE_URL_FLAGS_READ		 0x00000001  // Allow for Read.
#define HSE_URL_FLAGS_WRITE		 0x00000002  // Allow for Write.
#define HSE_URL_FLAGS_EXECUTE	0x00000004  // Allow for
Execute.
#define HSE_URL_FLAGS_SSL		0x00000008  // Require SSL.
#define HSE_URL_FLAGS_NEGO_CERT	0x00000020  // Allow client SSL
certs.
#define HSE_URL_FLAGS_REQUIRE_CERT 0x00000040  // Require client
SSL certs.
#define HSE_URL_FLAGS_MAP_CERT	 0x00000080  // Map SSL cert to
"CE Web server pseudo account".
#define HSE_URL_FLAGS_SSL128	 0x00000100  // Require 128 bit
SSL.
#define HSE_URL_FLAGS_SCRIPT	 0x00000200  // Allow for Script
execution.
#define HSE_URL_FLAGS_SCRIPT_SOURCE 0x00000400  // Allow client to
access script source.

To create a virtual root that allows only read permission, set P = 1. No ASP or ISAPI DLLs will run from that virtual root.

To set a virtual root that has execute and script permissions, but no read permission, set P = 516 (bitwise-OR 0x00000004 with 0x00000200 = 0x204 = 516).

The virtual path must have the HSE_URL_FLAGS_EXECUTE or HSE_URL_FLAGS_SCRIPT flags set for ASP pages in the directory to be interpreted; otherwise, the Web Server returns the 403 – Forbidden status code to the client browser.

The Web Server supports ISAPI extensions. To be run by the Web Server, the ISAPI extension must be in a directory that has the HSE_URL_FLAGS_EXECUTE flag set. If an ISAPI DLL is in a directory that has HSE_URL_FLAGS_READ permissions, but does not have the HSE_URL_FLAGS_EXECUTE flag set, the DLL itself is downloaded to the client browser and not executed on the server.

If the HSE_URL_FLAGS_SCRIPT_SOURCE flag is set, users will be able to view the source to ISAPI extensions and ASP pages. To require files under a virtual path to be accessed through SSL and not through plain text, set the permissions to HSE_URL_FLAGS_SSL. If a virtual path does not have the HSE_URL_FLAGS_SSL flags set, it can be accessed through plain text or through SSL.

See Also

Concepts