Share via

Configuration Scenarios

  • Article

Configuration Scenarios

This content is no longer actively maintained. It is provided as is, for anyone who may still be using these technologies, with no warranties or claims of accuracy with regard to the most recent product version or service release.

You can design your application to accommodate the following scenarios:

  • Use the Security on Client configuration so Microsoft® Internet Explorer clients can use XMLHTTP for modifying security descriptors.
  • Use the Security on Server configuration so security descriptors are modified only by Microsoft ActiveX® Data Objects (ADO) objects on the server.
  • Set the configuration according to your own business logic or requirements.
  • Set the configuration according to the browser, and accommodate browsers that do not create ActiveX objects such as Netscape Navigator. This scenario, used by the Exchange Application Security Module sample application, accommodates all browsers that support Microsoft JScript®.

The following figure depicts the program flow for the Exchange Application Security Module sample application.

Program flow for the Application Security Module sample application

Detecting the Browser

You can use the ASP server variable "HTTP_USER_AGENT" to determine a browser's type. The DACLEditFrame.asp file contains the code that implements this logic.

Implementing Client XMLHTTP Usage

If the browser is Internet Explorer, include LoadEditDacl.js in your application so the browser can use XMLHTTP to manipulate a discretionary access control list (DACL) object remotely. Create the DACL object with security set on the client.

The following ASP code snippet shows how this configuration is implemented.

<script language="jscript""  runat=server  src="loadsavedacl.js"></script>
<script language="jscript"  runat=server  src="security.js"></script>
<Script language="jscript" runat=client src="addusrs.js"> </script>
<%
// Create the DACL object with Security on Client.
var objDacl = CreateSecurityDACL(SECURITY_ON_CLIENT());
objDacl.Load("https://server/folder");
%>

Accommodating Other Browsers

If the browser is not Internet Explorer, include the CustomLoadEditDacl.js file so that inputs for ADO operations on the server are retrieved from FORM posts and no client objects are created. Create the DACL object with security set on the server.

The following ASP code snippet shows how this configuration is implemented.

<Script language="jscript" src="customLoadSaveDACL.js"> </script>
<Script language="jscript" src="security.js"> </script>
<Script language="jscript" src="daclstrutil.js"> </script>
<Script language="jscript" src="addusrs.js"> </script>
<%
// Create the DACL object with Security on Server.
var objDacl = CreateSecurityDACL(SECURITY_ON_SERVER());
objDacl.Load("https://server/folder");
%>

The DACLEditFrame.asp file of the Sample Application implements this logic. When customLoadSaveDACL.js is called, browsers that are not Internet Explorer manipulate the DACL object by posting values through hidden form elements and call CustomSaveDACL.asp to save the DACL. The daclstrutil.js file contains routines to parse the text in these form elements to create DACL objects and to extract DACL object values.

Send us your feedback about the Microsoft Exchange Server 2003 SDK.

Build: June 2007 (2007.618.1)

© 2003-2006 Microsoft Corporation. All rights reserved. Terms of use.