By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
446,212 Members | 1,096 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 446,212 IT Pros & Developers. It's quick & easy.

Log on a user via ASP script?

P: n/a
Hello Everyone,

This is sort of a followup to the protecting files question I asked earlier
today.

I would like to protect a file so that only certain users could download it
from my website. It would be very easy for me to simply use IIS Admin to
remove anonymous access to that file and to create a new account on the web
server and give those account credentials to my users. That would prohibit
people from directly accessing the file unless they knew the username and
password.

My question is this: Is there a way for me to write an ASP page that
"embeds" these logon credentials into a hyperlink to a page, or that
automatically logs a user on with hard-coded credentials?

What I'm thinking is that I can authenticate my users against my own app's
database, and then if successful I could perform a behind-the-scenes basic
Windows logon (with all users using the same Windows account) to actually
provide the file to the users. (In my case, my user accounts are stored in
SQL--they are not windows accounts.)

I'm pretty good at figuring out stuff for myself, but I'm not sure that I'm
searching on the right terms in Google and MSDN. What would I use to do what
I want to do?

My flow would look like this:
1. default.asp (has html form for credentials)
2. nextpage.asp (authenticates user to my DB and if successful, performs
Windows basic logon to authenticate the user to IIS with a generic account.
At this point we would switch over from "iusr_computername" to "user1" or
whatever generic name I pick)
3. Now that we're authenticated to IIS, the page could link to the
NTFS-permissioned files.

Using ASP to perform a basic windows logon in step 2 is the section I'm
having trouble with.

Thanks a million,
Brian
Jul 22 '05 #1
Share this Question
Share on Google+
2 Replies


P: n/a
I should add to this question:

I'm thinking that since basic windows authentication is done via the HTTP
header, that maybe I could write an ASP page that forwards (like
response.redirect) to another page but that includes my custom header with
the credentials inside?

a. Is that possible?
b. Would that prevent users from seeing my custom header and then user
credentials?

Thanks again,
Brian

"Brian Madden" <br***@brianmadden.com> wrote in message
news:ua**************@TK2MSFTNGP10.phx.gbl...
Hello Everyone,

This is sort of a followup to the protecting files question I asked
earlier today.

I would like to protect a file so that only certain users could download
it from my website. It would be very easy for me to simply use IIS Admin
to remove anonymous access to that file and to create a new account on the
web server and give those account credentials to my users. That would
prohibit people from directly accessing the file unless they knew the
username and password.

My question is this: Is there a way for me to write an ASP page that
"embeds" these logon credentials into a hyperlink to a page, or that
automatically logs a user on with hard-coded credentials?

What I'm thinking is that I can authenticate my users against my own app's
database, and then if successful I could perform a behind-the-scenes basic
Windows logon (with all users using the same Windows account) to actually
provide the file to the users. (In my case, my user accounts are stored in
SQL--they are not windows accounts.)

I'm pretty good at figuring out stuff for myself, but I'm not sure that
I'm searching on the right terms in Google and MSDN. What would I use to
do what I want to do?

My flow would look like this:
1. default.asp (has html form for credentials)
2. nextpage.asp (authenticates user to my DB and if successful, performs
Windows basic logon to authenticate the user to IIS with a generic
account. At this point we would switch over from "iusr_computername" to
"user1" or whatever generic name I pick)
3. Now that we're authenticated to IIS, the page could link to the
NTFS-permissioned files.

Using ASP to perform a basic windows logon in step 2 is the section I'm
having trouble with.

Thanks a million,
Brian

Jul 22 '05 #2

P: n/a

Try these articles:

http://www.htmlgoodies.com/beyond/as...le.php/3470031

http://tinyurl.com/4e9ad

http://tinyurl.com/yuhtg

http://tinyurl.com/439ed

--
sjoyce
------------------------------------------------------------------------
Posted via http://www.codecomments.com
------------------------------------------------------------------------

Jul 22 '05 #3

This discussion thread is closed

Replies have been disabled for this discussion.