Connecting Tech Pros Worldwide Forums | Help | Site Map
bytes > topic > asp classic > answers

ASP security (anonymouse vs integrated) problem...

Graeme Coutts
Guest
  
Posts: n/a
#1: Jul 19 '05
Developed a web application which adopts a custom security model which displays a login page and requests a username/password combination. The username works in a mixed-mode of usernames matched with the windows login name and some extra accounts (similar to SQL mixed-mode security). Web application is executed both in the corporate intranet and externally on the web.
Getting user complaints about having to login to the web application when they have already logged-on to windows. I have coded a challenge/response (response.status=401) to get a user's window login through the ServerVariables. This seems to work OK for the intranet access. If the user's windows account is not located in the application database then I redirect to the standard login page for the username/password combination. When the application is executed across the internet through a firewall, the user is prompted by IE to enter the windows domain, username, and password. There seems to be no mechanism to avoid this because of the challenge/response code. I wish that with external access from the internet that users are automatically directed to the application login screen and not faced with the IE windows authentication dialog.
Anyone care to offer a solution?

Ken Schaefer
Guest
  
Posts: n/a
#2: Jul 19 '05

re: ASP security (anonymouse vs integrated) problem...

I think the information you need is here:
http://support.microsoft.com/?id=258063

Cheers
Ken

"Graeme Coutts" <GraemeCoutts@discussions.microsoft.com> wrote in message
news:F708C834-962A-4278-AD8B-AD972728D82E@microsoft.com...
: Developed a web application which adopts a custom security model which
displays a login page and requests a username/password combination. The
username works in a mixed-mode of usernames matched with the windows login
name and some extra accounts (similar to SQL mixed-mode security). Web
application is executed both in the corporate intranet and externally on the
web.
: Getting user complaints about having to login to the web application when
they have already logged-on to windows. I have coded a challenge/response
(response.status=401) to get a user's window login through the
ServerVariables. This seems to work OK for the intranet access. If the
user's windows account is not located in the application database then I
redirect to the standard login page for the username/password combination.
When the application is executed across the internet through a firewall, the
user is prompted by IE to enter the windows domain, username, and password.
There seems to be no mechanism to avoid this because of the
challenge/response code. I wish that with external access from the internet
that users are automatically directed to the application login screen and
not faced with the IE windows authentication dialog.
: Anyone care to offer a solution?
Cowboy \(Gregory A. Beamer\) [MVP]
Guest
  
Posts: n/a
#3: Jul 19 '05

re: ASP security (anonymouse vs integrated) problem...

Unless a user is logged into the domain, they will always get the popup box.
Period.

If they are loggeed in, from outside, the machine can be set up to help you.
Most users home machines are not set up to automagically have the browser
pick up domain account, however. I am not sure what has to be set, as it has
been ages since I have been on the SE side of the world.

--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA

************************************************
Think Outside the Box!
************************************************
"Graeme Coutts" <GraemeCoutts@discussions.microsoft.com> wrote in message
news:F708C834-962A-4278-AD8B-AD972728D82E@microsoft.com...[color=blue]
> Developed a web application which adopts a custom security model which[/color]
displays a login page and requests a username/password combination. The
username works in a mixed-mode of usernames matched with the windows login
name and some extra accounts (similar to SQL mixed-mode security). Web
application is executed both in the corporate intranet and externally on the
web.[color=blue]
> Getting user complaints about having to login to the web application when[/color]
they have already logged-on to windows. I have coded a challenge/response
(response.status=401) to get a user's window login through the
ServerVariables. This seems to work OK for the intranet access. If the
user's windows account is not located in the application database then I
redirect to the standard login page for the username/password combination.
When the application is executed across the internet through a firewall, the
user is prompted by IE to enter the windows domain, username, and password.
There seems to be no mechanism to avoid this because of the
challenge/response code. I wish that with external access from the internet
that users are automatically directed to the application login screen and
not faced with the IE windows authentication dialog.[color=blue]
> Anyone care to offer a solution?[/color]
Closed Thread

« previous question | next question »

Similar ASP / Active Server Pages bytes

/bytes/development

/bytes/it

Forums
Visit our community forums for general discussions and latest on Bytes

Our staff and community areas have moved to bytes.com/forums/

/bytes/about

We are a network of experts and professionals in IT and software development that help one another with answers to tough questions and share insights. Get the best answers to your questions from over 226,501 network members.

dev questions:
algorithms | asp | asp.net | c/c++ | coldfusion | c# | flash | html/css | java | javascript |
mobile dev | .net | perl | php | python | ruby | software dev | vb.net | visual basic | xml
it questions:
access | apache | careers | db2 | iis | macosx | mysql | networking | oracle | postgresql | sql server | unix | windows

About Bytes | Copyright 1995-2009 BYTES. All rights Reserved