Web Server Access Rights (Windows Embedded CE 6.0)
1/6/2010
A Web page requires authentication when the authorization level set in A value in the registry in HKEY_LOCAL_MACHINE\COMM\HTTPD\VROOTS\</Vroot Name> subkey is greater than zero (0). For more information, see Virtual Path Registry Settings.
The following steps must be performed sequentially to gain access to a Web page that requires authentication:
The user must be authenticated for the given virtual path by using NTLM authentication or Basic authentication. If this step fails, the user is denied access to the page.
If NTLM authentication is used, the Web Server requests information regarding the groups in which the user has membership. If this step fails, the user is assumed to not have membership in any group.
If 0<A<3 and the name of the authenticated user (or a group containing the user) is listed in the HKEY_LOCAL_MACHINE\COMM\HTTPD\AdminUsers registry key, the user is granted access to the page as an Administrator. For more information about the registry setting, see Base Registry Settings.
Note
Users that are members of this list have access to all virtual roots on the device, even if they have been explicitly denied access in the UserList registry value for a specific virtual root.
If A=1 and the name of the authenticated user (or a group containing the user) is listed in the HKEY_LOCAL_MACHINE\COMM\HTTPD\VROOTS\</Vroot Name>\UserList registry key, the user is granted access to the Web page.If the previous conditions fail, the user is denied access to the Web page. **
Note
In the Web Server version that shipped with Windows CE 3.0, if no AdminUsers registry value is set, any user granted A=1 access was automatically promoted to A=2 access. This behavior has been changed for the Windows Embedded CE–based Web Server to enhance the default security infrastructure. If no AdminUsers registry value is set, no one can gain access to pages with A>=2.
The Administrative group check is performed only when using NTLM authentication. The user name check is done for both types of authentication.
The authentication registry keys support individual users and groups, as well as the ability to exclude specific users and groups. For more information, see Web Server User Lists.
See Also
Concepts
Web Server Authentication and Permissions
Web Server User Lists
Base Registry Settings
Virtual Path Registry Settings