How to everybody,
how it is possible to change the value of the AUTH_USER server variable?
Is this possible?
If no, how I could change the logged user?
Thanks for help 8 10847
Server variables are read only. To change the auth_user, the visitor of the
site would have to authenticate as a different user, afaIk.
Ray at work
"MeAndI" <se******@libero.it> wrote in message
news:fT**********************@twister1.libero.it.. . How to everybody, how it is possible to change the value of the AUTH_USER server variable? Is this possible? If no, how I could change the logged user?
Thanks for help
> how it is possible to change the value of the AUTH_USER server variable?
As Ray said, ServerVariables are read only. If no, how I could change the logged user?
Tell them to log in as someone else. If you're trying to find a way to
sneak around Windows Authentication, stop using it, because you're missing
its purpose.
--
Aaron Bertrand
SQL Server MVP http://www.aspfaq.com/
How can I force the user to insert username and password?
I don't want to disable anonymous access to my site.
"Ray at <%=sLocation%>" <myfirstname at lane34 dot com> ha scritto nel
messaggio news:e7*************@tk2msftngp13.phx.gbl... Server variables are read only. To change the auth_user, the visitor of
the site would have to authenticate as a different user, afaIk.
Ray at work
"MeAndI" <se******@libero.it> wrote in message news:fT**********************@twister1.libero.it.. . How to everybody, how it is possible to change the value of the AUTH_USER server variable? Is this possible? If no, how I could change the logged user?
Thanks for help
> How can I force the user to insert username and password? I don't want to disable anonymous access to my site.
Um, this sounds like a contradiction to me. The way to force users to enter
their username and password is to disable anonymous access.
Wait, you're not expecting users to send their Windows password to an ASP
script, are you? That'd be one of the biggest security holes your network
has ever seen.
--
Aaron Bertrand
SQL Server MVP http://www.aspfaq.com/
My site is structured as follow:
a part on an external server (where the users have free access), and a part
on an internal server (where the users have to enter username and
passwords).
The login is managed by windows (I modify the folder security to set what
user are able to access). But (I don't understand why), someone cannot
access to the restricted area because the system never ask the username and
password and returns the following error: "You are not authorized to view
this page".
Do you have any idea?
"Aaron Bertrand [MVP]" <aa***@TRASHaspfaq.com> ha scritto nel messaggio
news:OQ**************@TK2MSFTNGP10.phx.gbl... How can I force the user to insert username and password? I don't want to disable anonymous access to my site. Um, this sounds like a contradiction to me. The way to force users to
enter their username and password is to disable anonymous access.
Wait, you're not expecting users to send their Windows password to an ASP script, are you? That'd be one of the biggest security holes your network has ever seen.
-- Aaron Bertrand SQL Server MVP http://www.aspfaq.com/
I have seen this behavior before. I think it is because the user is already
logged onto windows so IE sends the user's credentials to IIS without asking
for id and password. If the user does not have access granted to the
resources on the web-server then they get an error message.
You can force IIS to ask id and password again by enabling "basic"
authentication instead of "integrated" authentication. However, this sends
the user's id and password through the network in clear-text.
--
Mark Schupp
Head of Development
Integrity eLearning www.ielearning.com
"MeAndI" <se******@libero.it> wrote in message
news:F8*********************@twister2.libero.it... My site is structured as follow: a part on an external server (where the users have free access), and a
part on an internal server (where the users have to enter username and passwords). The login is managed by windows (I modify the folder security to set what user are able to access). But (I don't understand why), someone cannot access to the restricted area because the system never ask the username
and password and returns the following error: "You are not authorized to view this page". Do you have any idea?
"Aaron Bertrand [MVP]" <aa***@TRASHaspfaq.com> ha scritto nel messaggio news:OQ**************@TK2MSFTNGP10.phx.gbl... How can I force the user to insert username and password? I don't want to disable anonymous access to my site.
Um, this sounds like a contradiction to me. The way to force users to
enter their username and password is to disable anonymous access.
Wait, you're not expecting users to send their Windows password to an
ASP script, are you? That'd be one of the biggest security holes your
network has ever seen.
-- Aaron Bertrand SQL Server MVP http://www.aspfaq.com/
OK!
But if the login is incorrect I believe that the system asks for the correct
username and password. or not?
"Mark Schupp" <ms*****@ielearning.com> ha scritto nel messaggio
news:uD**************@tk2msftngp13.phx.gbl... I have seen this behavior before. I think it is because the user is
already logged onto windows so IE sends the user's credentials to IIS without
asking for id and password. If the user does not have access granted to the resources on the web-server then they get an error message.
You can force IIS to ask id and password again by enabling "basic" authentication instead of "integrated" authentication. However, this sends the user's id and password through the network in clear-text.
-- Mark Schupp Head of Development Integrity eLearning www.ielearning.com
"MeAndI" <se******@libero.it> wrote in message news:F8*********************@twister2.libero.it... My site is structured as follow: a part on an external server (where the users have free access), and a part on an internal server (where the users have to enter username and passwords). The login is managed by windows (I modify the folder security to set
what user are able to access). But (I don't understand why), someone cannot access to the restricted area because the system never ask the username and password and returns the following error: "You are not authorized to
view this page". Do you have any idea?
"Aaron Bertrand [MVP]" <aa***@TRASHaspfaq.com> ha scritto nel messaggio news:OQ**************@TK2MSFTNGP10.phx.gbl... > How can I force the user to insert username and password? > I don't want to disable anonymous access to my site.
Um, this sounds like a contradiction to me. The way to force users to enter their username and password is to disable anonymous access.
Wait, you're not expecting users to send their Windows password to an ASP script, are you? That'd be one of the biggest security holes your network has ever seen.
-- Aaron Bertrand SQL Server MVP http://www.aspfaq.com/
Not in my experience it doesn't. My example:
We have a "vendor's" area on our web site that I wanted to protect with
integrated authentication. Set up accounts and NTFS permission. Worked fine
from home on dialup and for some of the vendors. Got permission error and no
prompting for id/pw when logged onto our lan at work (web-server is not on
lan, it is outside of firewall). Possibly there is a setting somewhere to
modify this behavior but I don't know what it is.
--
Mark Schupp
Head of Development
Integrity eLearning www.ielearning.com
"MeAndI" <se******@libero.it> wrote in message
news:TP*********************@twister2.libero.it... OK! But if the login is incorrect I believe that the system asks for the
correct username and password. or not?
"Mark Schupp" <ms*****@ielearning.com> ha scritto nel messaggio news:uD**************@tk2msftngp13.phx.gbl... I have seen this behavior before. I think it is because the user is already logged onto windows so IE sends the user's credentials to IIS without asking for id and password. If the user does not have access granted to the resources on the web-server then they get an error message.
You can force IIS to ask id and password again by enabling "basic" authentication instead of "integrated" authentication. However, this
sends the user's id and password through the network in clear-text.
-- Mark Schupp Head of Development Integrity eLearning www.ielearning.com
"MeAndI" <se******@libero.it> wrote in message news:F8*********************@twister2.libero.it... My site is structured as follow: a part on an external server (where the users have free access), and a part on an internal server (where the users have to enter username and passwords). The login is managed by windows (I modify the folder security to set what user are able to access). But (I don't understand why), someone cannot access to the restricted area because the system never ask the
username and password and returns the following error: "You are not authorized to view this page". Do you have any idea?
"Aaron Bertrand [MVP]" <aa***@TRASHaspfaq.com> ha scritto nel
messaggio news:OQ**************@TK2MSFTNGP10.phx.gbl... > > How can I force the user to insert username and password? > > I don't want to disable anonymous access to my site. > > Um, this sounds like a contradiction to me. The way to force users
to enter > their username and password is to disable anonymous access. > > Wait, you're not expecting users to send their Windows password to
an ASP > script, are you? That'd be one of the biggest security holes your network > has ever seen. > > -- > Aaron Bertrand > SQL Server MVP > http://www.aspfaq.com/ > >
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: |
last post by:
I am trying to use AUTH_USER from request.servervariables but the field is
blank. I am using Windoze server 2003 with IIS5. I know there is a fix
because I did it a long time ago with our old NT...
|
by: Ian Staines |
last post by:
In asp the following code:
Request.Servervarables("AUTH_USER") will return the header variable
AUTH_USER
In .NET the code
Request.Servervariables("AUTH_USER") returns the server variable...
|
by: Dave |
last post by:
Hi,
I have a dev machine, part of a domain, with a site set to Integrated
security only. I want to determine the username of person accessing the
page. When I run the page with the following...
|
by: Jim in Arizona |
last post by:
I'm new to aspnet with only limited experience with classic asp. Since
I'm on a domain and all users are authenticated. In the past using
classic asp I used request.servervariables("auth_user") to...
|
by: z f |
last post by:
trying to achieve windows authentication on the fly (without the file
configured to deny anonymous access in IIS)
i returned a 401 status if the
Request.ServerVariables("auth_user") = ""
this...
|
by: nikou_70 |
last post by:
I use auth_user for get username from windows, when I upload that page
on server and user open the page that contain this code ,it shows a
prompt window and wants username and password ,it's common...
|
by: Mark Rae |
last post by:
Hi,
I apologise that this isn't *specifically* an ASP.NET issue - I will also
post it to the IIS newsgroup - but I thought I'd ask here anyway on the
off-chance that someone may have come across...
|
by: prashanthg |
last post by:
Hi Friends,
I am having an asp application in which i am capturing the Auth_User for authentication.
My problem is when i am trying to turn off the anonymous access tab in the...
|
by: =?Utf-8?B?SlA=?= |
last post by:
I have an application that uses Forms Authentication in connection with
Active Directory for granting access to an application. When a user logs on
with AD, it populates the AUTH_USER...
|
by: ryjfgjl |
last post by:
In our work, we often need to import Excel data into databases (such as MySQL, SQL Server, Oracle) for data analysis and processing. Usually, we use database tools like Navicat or the Excel import...
|
by: taylorcarr |
last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: aa123db |
last post by:
Variable and constants
Use var or let for variables and const fror constants.
Var foo ='bar';
Let foo ='bar';const baz ='bar';
Functions
function $name$ ($parameters$) {
}
...
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
| |