By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
440,291 Members | 3,096 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 440,291 IT Pros & Developers. It's quick & easy.

Need Help if Possible

P: 1

I'm currently a student at Ashford University and a couple of my fellow classmates are having a difficult time accessing an area of our online school. It is called What's the Rule - practice center. The problem is that they are getting an error message about not being authorized to use the site. Which of course they should be through the school. This problem is with only 2 of 36 students?

the Error reads PATH_INFO /NotAuthorized.asp



Any help or suggestions would be greatly appreciated. This students are getting affraid they won't be able to complete their work. And the schools Tech Support unit is stumped?

Thank you
Aug 8 '06 #1
Share this Question
Share on Google+
1 Reply

P: 35
hi friends,

There are a number of things you can do here. For the login, is it
necessary to give your applications its own user account system? Nothing
frightens users more than yet another username and password to remember. If
you have a domain, I suggest using Windows authentication and managing your
users by their usernames, or better yet, by their SIDs.

As far as keeping unauthorized people out, if you use Windows
authentication, you don't have to worry about people logging in and out and
having sessions. Instead, you have to develop a system by which you can
manage users permissions or access. If your app is as simple as users have
all access or no access, then it's a matter of having a DB with a list of
user accounts that are authorized to the application. Or you can go a
totally different route and have domain group membership determine which
users are authorized to your application. Using group memberships will make
things much simpler to manage, imo.

JoeUser: "Can I have access to this application?"
You: "Yes, one moment."
net group MyApplicationGroup JoeUser /add /domain
You: "Okay, go ahead. You have access now."

And then within your application, create an include file that is in all your
protected pages with a test like so:


If Not IsAuthorized Then Response.Redirect "/notauthorized.asp"

Function IsAuthorized()
Const GROUP_NAME = "YOURDOMAIN/MyApplicationGroup"
Dim sAuthUser
Dim oGroup, oUser

IsAuthorized = False

sAuthUser = Request.ServerVariables("AUTH_USER")
If Len(sAuthUser) > 0 Then
sAuthUser = Replace(sAuthUser, "/", "\")

Set oGroup = GetObject("WinNT://" & GROUP_NAME & ",group")
Set oUser = GetObject("WinNT://" & sAuthUser & ",user")
IsAuthorized = oGroup.IsMember(oUser.ADsPath)
Set oGroup = Nothing
Set oUser = Nothing
End If
End Function


If you put that in an include and include it in all your pages, it will
protect them (assuming I didn't screw up the code). In order for the
AUTH_USER variable to be populated, you have to turn off anonymous access
for your application within IIS. If I
babbled, it's because I thought as I typed.
Aug 8 '06 #2

Post your reply

Sign in to post your reply or Sign up for a free account.