The FrontPage Server Extensions on IIS
The FrontPage DLLs
In FrontPage, there are three kinds of users defined for every FrontPage
web: administrators, authors and browsers (end-users). All permissions are
cumulative; all authors also have browsing permission, and all
administrators also have authoring and browsing permissions.
In FrontPage, the list of administrators, authors and browsers is defined on
a per-web basis. All content in a FrontPage web will be accessible to the
same set of users and groups. It is not possible to control permissions on a
per-file or per-directory basis with FrontPage. All FrontPage sub-webs
either inherit the permissions (list of administrators, authors and
browsers) of the FrontPage root web or use their own, unique permissions.
Each FrontPage web (including each sub-web) contains copies of three ISAPI
DLLs that make up the FrontPage Sever Extensions. These DLLs are created in
directories below the top-level directory of a FrontPage web:
.. _vti_bin/_vti_adm/admin.dll for administrative tasks
.. _vti_bin/_vti_aut/author.dll for authoring FrontPage webs
.. _vti_bin/shtml.dll for browse-time FrontPage components such as form
handlers.
FrontPage performs all authoring and administrative tasks by sending HTTP
POST requests to these DLLs. The FrontPage Server Extensions are stored in
separate directories in the customer's document root:
/document root
/_vti_bin
shtml.dll
/_vti_adm
admin.dll
/_vti_aut
author.dll
FrontPage Access Control List Settings
FrontPage implements web security on IIS by changing the access-control
lists (ACLs) for all files and directories in each FrontPage web. FrontPage
controls who can administer a FrontPage web by setting the ACL on admin.dll,
the administrative DLL. Similarly, FrontPage sets authoring permissions by
setting the ACLs on author.dll. The default ACL sets browsing permission on
Web content and lets all users execute the run-time DLL, shtml.dll.
You set the ACLs for a FrontPage web using the FrontPage Explorer's
Permissions command, on the Tools menu. To add new users and groups, this
command makes the Windows NT computer account list available. In FrontPage
98, you can set up a restricted list of users and groups that does not
expose the entire contents of the Windows NT computer and domain account
lists. This lets you protect the confidentiality of your user community. For
details, see Restricting Windows NT Account Lists.
FrontPage sub-webs can have unique permissions by maintaining separate
access-control lists on their own copies of the admin.dll, author.dll and
shtml.dll DLLs. Alternatively, a FrontPage sub-web can inherit the
permissions of the root web by keeping the access-control lists on its
admin.dll, author.dll and shtml.dll the same as the root web's lists.
The set of ACLS for a FrontPage web is illustrated in the following two
diagrams. The first diagram shows the ACLs for the content of a FrontPage
web: the directories, files, and executable files that an author creates.
The second diagram shows the ACLs for the FrontPage _vti directories.
Note in these diagrams that two sets of permissions are given. The first set
applies to the directory, and the second set applies to the files in the
directory. For example, the permissions (rx) (r) specify read and
execute-permissions on the directory but only read permissions on the files
in the directory.
For the complete set of ACLs set on FrontPage files, along with a list of
the entire contents of a FrontPage installation, see FrontPage Windows NT
File Permissions.
-----Original Message-----
From: emerald-request@iea-software.com
[mailto:emerald-request@iea-software.com]On Behalf Of Dale E. Reed Jr.
Sent: Jueves 7 de Octubre de 1999 10:51 AM
To: emerald@iea-software.com
Subject: Re: [Emerald] FrontPage Web authentication
dan@dmn.com.au wrote:
>
> Anybody can decompile FrontPage authentication DLLs, and hook it up to
ODBC
> source out there? In FrontPage 2000 Server extension, there are three
small
> DLLs site on server root authenticate the client, each about 15KB. It
simply
> answer YES/NO to three type of users, administrator,author,browser.
Willing
> to pay upto $1000 for a solid performer.
Where did you get the information on the three DLLs?
--Dale E. Reed Jr. Emerald and RadiusNT__________________________________________IEA Software, Inc. www.iea-software.com
For more information about this list (including removal) go to:http://www.iea-software.com/support/maillists/liststart
For more information about this list (including removal) go to:http://www.iea-software.com/support/maillists/liststart