How to everybody,
how it is possible to change the value of the AUTH_USER server variable?
Is this possible?
If no, how I could change the logged user?
Thanks for help 8 10869
Server variables are read only. To change the auth_user, the visitor of the
site would have to authenticate as a different user, afaIk.
Ray at work
"MeAndI" <se******@liber o.it> wrote in message
news:fT******** **************@ twister1.libero .it... How to everybody, how it is possible to change the value of the AUTH_USER server variable? Is this possible? If no, how I could change the logged user?
Thanks for help
> how it is possible to change the value of the AUTH_USER server variable?
As Ray said, ServerVariables are read only. If no, how I could change the logged user?
Tell them to log in as someone else. If you're trying to find a way to
sneak around Windows Authentication, stop using it, because you're missing
its purpose.
--
Aaron Bertrand
SQL Server MVP http://www.aspfaq.com/
How can I force the user to insert username and password?
I don't want to disable anonymous access to my site.
"Ray at <%=sLocation% >" <myfirstname at lane34 dot com> ha scritto nel
messaggio news:e7******** *****@tk2msftng p13.phx.gbl... Server variables are read only. To change the auth_user, the visitor of
the site would have to authenticate as a different user, afaIk.
Ray at work
"MeAndI" <se******@liber o.it> wrote in message news:fT******** **************@ twister1.libero .it... How to everybody, how it is possible to change the value of the AUTH_USER server variable? Is this possible? If no, how I could change the logged user?
Thanks for help
> How can I force the user to insert username and password? I don't want to disable anonymous access to my site.
Um, this sounds like a contradiction to me. The way to force users to enter
their username and password is to disable anonymous access.
Wait, you're not expecting users to send their Windows password to an ASP
script, are you? That'd be one of the biggest security holes your network
has ever seen.
--
Aaron Bertrand
SQL Server MVP http://www.aspfaq.com/
My site is structured as follow:
a part on an external server (where the users have free access), and a part
on an internal server (where the users have to enter username and
passwords).
The login is managed by windows (I modify the folder security to set what
user are able to access). But (I don't understand why), someone cannot
access to the restricted area because the system never ask the username and
password and returns the following error: "You are not authorized to view
this page".
Do you have any idea?
"Aaron Bertrand [MVP]" <aa***@TRASHasp faq.com> ha scritto nel messaggio
news:OQ******** ******@TK2MSFTN GP10.phx.gbl... How can I force the user to insert username and password? I don't want to disable anonymous access to my site. Um, this sounds like a contradiction to me. The way to force users to
enter their username and password is to disable anonymous access.
Wait, you're not expecting users to send their Windows password to an ASP script, are you? That'd be one of the biggest security holes your network has ever seen.
-- Aaron Bertrand SQL Server MVP http://www.aspfaq.com/
I have seen this behavior before. I think it is because the user is already
logged onto windows so IE sends the user's credentials to IIS without asking
for id and password. If the user does not have access granted to the
resources on the web-server then they get an error message.
You can force IIS to ask id and password again by enabling "basic"
authentication instead of "integrated " authentication. However, this sends
the user's id and password through the network in clear-text.
--
Mark Schupp
Head of Development
Integrity eLearning www.ielearning.com
"MeAndI" <se******@liber o.it> wrote in message
news:F8******** *************@t wister2.libero. it... My site is structured as follow: a part on an external server (where the users have free access), and a
part on an internal server (where the users have to enter username and passwords). The login is managed by windows (I modify the folder security to set what user are able to access). But (I don't understand why), someone cannot access to the restricted area because the system never ask the username
and password and returns the following error: "You are not authorized to view this page". Do you have any idea?
"Aaron Bertrand [MVP]" <aa***@TRASHasp faq.com> ha scritto nel messaggio news:OQ******** ******@TK2MSFTN GP10.phx.gbl... How can I force the user to insert username and password? I don't want to disable anonymous access to my site.
Um, this sounds like a contradiction to me. The way to force users to
enter their username and password is to disable anonymous access.
Wait, you're not expecting users to send their Windows password to an
ASP script, are you? That'd be one of the biggest security holes your
network has ever seen.
-- Aaron Bertrand SQL Server MVP http://www.aspfaq.com/
OK!
But if the login is incorrect I believe that the system asks for the correct
username and password. or not?
"Mark Schupp" <ms*****@ielear ning.com> ha scritto nel messaggio
news:uD******** ******@tk2msftn gp13.phx.gbl... I have seen this behavior before. I think it is because the user is
already logged onto windows so IE sends the user's credentials to IIS without
asking for id and password. If the user does not have access granted to the resources on the web-server then they get an error message.
You can force IIS to ask id and password again by enabling "basic" authentication instead of "integrated " authentication. However, this sends the user's id and password through the network in clear-text.
-- Mark Schupp Head of Development Integrity eLearning www.ielearning.com
"MeAndI" <se******@liber o.it> wrote in message news:F8******** *************@t wister2.libero. it... My site is structured as follow: a part on an external server (where the users have free access), and a part on an internal server (where the users have to enter username and passwords). The login is managed by windows (I modify the folder security to set
what user are able to access). But (I don't understand why), someone cannot access to the restricted area because the system never ask the username and password and returns the following error: "You are not authorized to
view this page". Do you have any idea?
"Aaron Bertrand [MVP]" <aa***@TRASHasp faq.com> ha scritto nel messaggio news:OQ******** ******@TK2MSFTN GP10.phx.gbl... > How can I force the user to insert username and password? > I don't want to disable anonymous access to my site.
Um, this sounds like a contradiction to me. The way to force users to enter their username and password is to disable anonymous access.
Wait, you're not expecting users to send their Windows password to an ASP script, are you? That'd be one of the biggest security holes your network has ever seen.
-- Aaron Bertrand SQL Server MVP http://www.aspfaq.com/
Not in my experience it doesn't. My example:
We have a "vendor's" area on our web site that I wanted to protect with
integrated authentication. Set up accounts and NTFS permission. Worked fine
from home on dialup and for some of the vendors. Got permission error and no
prompting for id/pw when logged onto our lan at work (web-server is not on
lan, it is outside of firewall). Possibly there is a setting somewhere to
modify this behavior but I don't know what it is.
--
Mark Schupp
Head of Development
Integrity eLearning www.ielearning.com
"MeAndI" <se******@liber o.it> wrote in message
news:TP******** *************@t wister2.libero. it... OK! But if the login is incorrect I believe that the system asks for the
correct username and password. or not?
"Mark Schupp" <ms*****@ielear ning.com> ha scritto nel messaggio news:uD******** ******@tk2msftn gp13.phx.gbl... I have seen this behavior before. I think it is because the user is already logged onto windows so IE sends the user's credentials to IIS without asking for id and password. If the user does not have access granted to the resources on the web-server then they get an error message.
You can force IIS to ask id and password again by enabling "basic" authentication instead of "integrated " authentication. However, this
sends the user's id and password through the network in clear-text.
-- Mark Schupp Head of Development Integrity eLearning www.ielearning.com
"MeAndI" <se******@liber o.it> wrote in message news:F8******** *************@t wister2.libero. it... My site is structured as follow: a part on an external server (where the users have free access), and a part on an internal server (where the users have to enter username and passwords). The login is managed by windows (I modify the folder security to set what user are able to access). But (I don't understand why), someone cannot access to the restricted area because the system never ask the
username and password and returns the following error: "You are not authorized to view this page". Do you have any idea?
"Aaron Bertrand [MVP]" <aa***@TRASHasp faq.com> ha scritto nel
messaggio news:OQ******** ******@TK2MSFTN GP10.phx.gbl... > > How can I force the user to insert username and password? > > I don't want to disable anonymous access to my site. > > Um, this sounds like a contradiction to me. The way to force users
to enter > their username and password is to disable anonymous access. > > Wait, you're not expecting users to send their Windows password to
an ASP > script, are you? That'd be one of the biggest security holes your network > has ever seen. > > -- > Aaron Bertrand > SQL Server MVP > http://www.aspfaq.com/ > >
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: |
last post by:
I am trying to use AUTH_USER from request.servervariables but the field is
blank. I am using Windoze server 2003 with IIS5. I know there is a fix
because I did it a long time ago with our old NT server running IIS4 but I
cant remember how I got it to work. We are all authenticated users on our
Domain so this is available, I am able to get IP...
|
by: Ian Staines |
last post by:
In asp the following code:
Request.Servervarables("AUTH_USER") will return the header variable
AUTH_USER
In .NET the code
Request.Servervariables("AUTH_USER") returns the server variable
AUTH_USER, but if you want the header variable you must request it
with
Request.Headers("AUTH_USER")
|
by: Dave |
last post by:
Hi,
I have a dev machine, part of a domain, with a site set to Integrated
security only. I want to determine the username of person accessing the
page. When I run the page with the following code:
Response.Write(Request.ServerVariables);
Response.Write("<BR>");
Response.Write(HttpContext.Current.User.Identity.Name);
|
by: Jim in Arizona |
last post by:
I'm new to aspnet with only limited experience with classic asp. Since
I'm on a domain and all users are authenticated. In the past using
classic asp I used request.servervariables("auth_user") to grab the
domain logon name of the user. Is there a better way or more detailed
way in aspnet? Like, instead of putting "mydomain\bobjones" into a...
|
by: z f |
last post by:
trying to achieve windows authentication on the fly (without the file
configured to deny anonymous access in IIS)
i returned a 401 status if the
Request.ServerVariables("auth_user") = ""
this is OK, the 401 status Code returned with additional headers and the
browser performed windows authentication
and the next time i had auth_user...
| |
by: nikou_70 |
last post by:
I use auth_user for get username from windows, when I upload that page
on server and user open the page that contain this code ,it shows a
prompt window and wants username and password ,it's common or it must
get automatically from windows?
|
by: Mark Rae |
last post by:
Hi,
I apologise that this isn't *specifically* an ASP.NET issue - I will also
post it to the IIS newsgroup - but I thought I'd ask here anyway on the
off-chance that someone may have come across this before...
It's an intranet system written in ASP.NET v1.1 using C#. The site is
running on IIS6 on Win2k3S with all the SPs and patches etc....
|
by: prashanthg |
last post by:
Hi Friends,
I am having an asp application in which i am capturing the Auth_User for authentication.
My problem is when i am trying to turn off the anonymous access tab in the properties window.I am unable to even Run th local host in my machine.
If I turn on the anonymous access check box i am able to run the local host but...
|
by: =?Utf-8?B?SlA=?= |
last post by:
I have an application that uses Forms Authentication in connection with
Active Directory for granting access to an application. When a user logs on
with AD, it populates the AUTH_USER ServerVariable and I can then use:
Request.ServerVeriables
to retrieve the value of this variable or any other value in the
ServerVariableCollection.
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that...
| |
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes...
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating...
| |