By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
432,175 Members | 1,767 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 432,175 IT Pros & Developers. It's quick & easy.

AUTH_USER server variable

P: n/a
How to everybody,
how it is possible to change the value of the AUTH_USER server variable?
Is this possible?
If no, how I could change the logged user?

Thanks for help
Jul 19 '05 #1
Share this Question
Share on Google+
8 Replies


P: n/a
Server variables are read only. To change the auth_user, the visitor of the
site would have to authenticate as a different user, afaIk.

Ray at work

"MeAndI" <se******@libero.it> wrote in message
news:fT**********************@twister1.libero.it.. .
How to everybody,
how it is possible to change the value of the AUTH_USER server variable?
Is this possible?
If no, how I could change the logged user?

Thanks for help

Jul 19 '05 #2

P: n/a
> how it is possible to change the value of the AUTH_USER server variable?

As Ray said, ServerVariables are read only.
If no, how I could change the logged user?


Tell them to log in as someone else. If you're trying to find a way to
sneak around Windows Authentication, stop using it, because you're missing
its purpose.

--
Aaron Bertrand
SQL Server MVP
http://www.aspfaq.com/
Jul 19 '05 #3

P: n/a
How can I force the user to insert username and password?
I don't want to disable anonymous access to my site.

"Ray at <%=sLocation%>" <myfirstname at lane34 dot com> ha scritto nel
messaggio news:e7*************@tk2msftngp13.phx.gbl...
Server variables are read only. To change the auth_user, the visitor of the site would have to authenticate as a different user, afaIk.

Ray at work

"MeAndI" <se******@libero.it> wrote in message
news:fT**********************@twister1.libero.it.. .
How to everybody,
how it is possible to change the value of the AUTH_USER server variable?
Is this possible?
If no, how I could change the logged user?

Thanks for help


Jul 19 '05 #4

P: n/a
> How can I force the user to insert username and password?
I don't want to disable anonymous access to my site.


Um, this sounds like a contradiction to me. The way to force users to enter
their username and password is to disable anonymous access.

Wait, you're not expecting users to send their Windows password to an ASP
script, are you? That'd be one of the biggest security holes your network
has ever seen.

--
Aaron Bertrand
SQL Server MVP
http://www.aspfaq.com/
Jul 19 '05 #5

P: n/a
My site is structured as follow:
a part on an external server (where the users have free access), and a part
on an internal server (where the users have to enter username and
passwords).
The login is managed by windows (I modify the folder security to set what
user are able to access). But (I don't understand why), someone cannot
access to the restricted area because the system never ask the username and
password and returns the following error: "You are not authorized to view
this page".
Do you have any idea?

"Aaron Bertrand [MVP]" <aa***@TRASHaspfaq.com> ha scritto nel messaggio
news:OQ**************@TK2MSFTNGP10.phx.gbl...
How can I force the user to insert username and password?
I don't want to disable anonymous access to my site.
Um, this sounds like a contradiction to me. The way to force users to

enter their username and password is to disable anonymous access.

Wait, you're not expecting users to send their Windows password to an ASP
script, are you? That'd be one of the biggest security holes your network
has ever seen.

--
Aaron Bertrand
SQL Server MVP
http://www.aspfaq.com/

Jul 19 '05 #6

P: n/a
I have seen this behavior before. I think it is because the user is already
logged onto windows so IE sends the user's credentials to IIS without asking
for id and password. If the user does not have access granted to the
resources on the web-server then they get an error message.

You can force IIS to ask id and password again by enabling "basic"
authentication instead of "integrated" authentication. However, this sends
the user's id and password through the network in clear-text.

--
Mark Schupp
Head of Development
Integrity eLearning
www.ielearning.com
"MeAndI" <se******@libero.it> wrote in message
news:F8*********************@twister2.libero.it...
My site is structured as follow:
a part on an external server (where the users have free access), and a part on an internal server (where the users have to enter username and
passwords).
The login is managed by windows (I modify the folder security to set what
user are able to access). But (I don't understand why), someone cannot
access to the restricted area because the system never ask the username and password and returns the following error: "You are not authorized to view
this page".
Do you have any idea?

"Aaron Bertrand [MVP]" <aa***@TRASHaspfaq.com> ha scritto nel messaggio
news:OQ**************@TK2MSFTNGP10.phx.gbl...
How can I force the user to insert username and password?
I don't want to disable anonymous access to my site.


Um, this sounds like a contradiction to me. The way to force users to

enter
their username and password is to disable anonymous access.

Wait, you're not expecting users to send their Windows password to an ASP script, are you? That'd be one of the biggest security holes your network has ever seen.

--
Aaron Bertrand
SQL Server MVP
http://www.aspfaq.com/


Jul 19 '05 #7

P: n/a
OK!
But if the login is incorrect I believe that the system asks for the correct
username and password. or not?

"Mark Schupp" <ms*****@ielearning.com> ha scritto nel messaggio
news:uD**************@tk2msftngp13.phx.gbl...
I have seen this behavior before. I think it is because the user is already logged onto windows so IE sends the user's credentials to IIS without asking for id and password. If the user does not have access granted to the
resources on the web-server then they get an error message.

You can force IIS to ask id and password again by enabling "basic"
authentication instead of "integrated" authentication. However, this sends
the user's id and password through the network in clear-text.

--
Mark Schupp
Head of Development
Integrity eLearning
www.ielearning.com
"MeAndI" <se******@libero.it> wrote in message
news:F8*********************@twister2.libero.it...
My site is structured as follow:
a part on an external server (where the users have free access), and a

part
on an internal server (where the users have to enter username and
passwords).
The login is managed by windows (I modify the folder security to set what
user are able to access). But (I don't understand why), someone cannot
access to the restricted area because the system never ask the username

and
password and returns the following error: "You are not authorized to view this page".
Do you have any idea?

"Aaron Bertrand [MVP]" <aa***@TRASHaspfaq.com> ha scritto nel messaggio
news:OQ**************@TK2MSFTNGP10.phx.gbl...
> How can I force the user to insert username and password?
> I don't want to disable anonymous access to my site.

Um, this sounds like a contradiction to me. The way to force users to

enter
their username and password is to disable anonymous access.

Wait, you're not expecting users to send their Windows password to an

ASP script, are you? That'd be one of the biggest security holes your network has ever seen.

--
Aaron Bertrand
SQL Server MVP
http://www.aspfaq.com/



Jul 19 '05 #8

P: n/a
Not in my experience it doesn't. My example:

We have a "vendor's" area on our web site that I wanted to protect with
integrated authentication. Set up accounts and NTFS permission. Worked fine
from home on dialup and for some of the vendors. Got permission error and no
prompting for id/pw when logged onto our lan at work (web-server is not on
lan, it is outside of firewall). Possibly there is a setting somewhere to
modify this behavior but I don't know what it is.

--
Mark Schupp
Head of Development
Integrity eLearning
www.ielearning.com
"MeAndI" <se******@libero.it> wrote in message
news:TP*********************@twister2.libero.it...
OK!
But if the login is incorrect I believe that the system asks for the correct username and password. or not?

"Mark Schupp" <ms*****@ielearning.com> ha scritto nel messaggio
news:uD**************@tk2msftngp13.phx.gbl...
I have seen this behavior before. I think it is because the user is

already
logged onto windows so IE sends the user's credentials to IIS without

asking
for id and password. If the user does not have access granted to the
resources on the web-server then they get an error message.

You can force IIS to ask id and password again by enabling "basic"
authentication instead of "integrated" authentication. However, this sends
the user's id and password through the network in clear-text.

--
Mark Schupp
Head of Development
Integrity eLearning
www.ielearning.com
"MeAndI" <se******@libero.it> wrote in message
news:F8*********************@twister2.libero.it...
My site is structured as follow:
a part on an external server (where the users have free access), and a

part
on an internal server (where the users have to enter username and
passwords).
The login is managed by windows (I modify the folder security to set what user are able to access). But (I don't understand why), someone cannot
access to the restricted area because the system never ask the username and
password and returns the following error: "You are not authorized to view this page".
Do you have any idea?

"Aaron Bertrand [MVP]" <aa***@TRASHaspfaq.com> ha scritto nel
messaggio news:OQ**************@TK2MSFTNGP10.phx.gbl...
> > How can I force the user to insert username and password?
> > I don't want to disable anonymous access to my site.
>
> Um, this sounds like a contradiction to me. The way to force users to enter
> their username and password is to disable anonymous access.
>
> Wait, you're not expecting users to send their Windows password to

an ASP
> script, are you? That'd be one of the biggest security holes your

network
> has ever seen.
>
> --
> Aaron Bertrand
> SQL Server MVP
> http://www.aspfaq.com/
>
>



Jul 19 '05 #9

This discussion thread is closed

Replies have been disabled for this discussion.