The primary function of Internet Information Server is to download, under controlled access conditions, HTML and ASP pages from the local server to the remote browser. You can limit access to your application's Web pages and graphics by setting directory and file permissions on the .htm, .asp, and .gif files.
You can also programmatically control access to certain pages by establishing user-level permissions in a Session object. Let the user provide a logon name and password, and then validate the information against a database. Once you identify a legitimate user, get the user's permission level and store it in a Session object for later use. Then you can hide certain HTML links based on the permission level that is stored in that user's Session object.
For More Information For an overview of setting directory and file permissions on the NTFS file system, see Protecting Files in this chapter.