Security on Windows NT
When an author or administrator performs an operation in the FrontPage client that requires the FrontPage Server Extensions on IIS, the FrontPage client and the server extensions communicate with each other using a Remote Procedure Call (RPC) protocol that is layered on top of HTTP and HTML. A POST request is sent from the FrontPage client to one of three FrontPage Server Extensions DLLs:
When an action of a visitor to a FrontPage-extended Web site requires the FrontPage Server Extensions, such as when the visitor submits a search form, the Web browser sends a POST request to the browse-time FrontPage Server Extension program, Shtml.dll.
When IIS receives a request for the FrontPage Server Extensions, it first logs on and impersonates the user and then passes the request directly to Admin.dll, Author.dll, or Shtml.dll. The FrontPage Server Extensions DLL then checks the permissions of the impersonated administrator, author, or site visitor against the ACL in the root folder of the FrontPage-extended web or subweb. (If the subweb inherited its permissions, the DLL makes the same check in its parent web.) The FrontPage Server Extensions perform this check using standard Windows NT system calls. If the check is successful, the FrontPage Server Extensions DLL performs the requested action. If the check fails, the DLL returns this information to IIS, which sends a "Permission Denied" message to the FrontPage client or the Web browser.
Note that a single set of FrontPage Server Extensions DLLs are installed on IIS servers in the folder
Using the IIS MMC snap-in, you can create a new virtual directory on a Universal Naming Convention (UNC) share. When you do this, you are prompted for a user name and password for access to the mapped directory. You do not have to supply a name and password when prompted, and should not. If you supply a name and password, every request that goes to the virtual directory would be run as the account you supply, creating a security hole.
|5 of 9||TOP|
|Last Updated June 1999