473,225 Members | 1,317 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,225 software developers and data experts.

AUTH_USER server variable

How to everybody,
how it is possible to change the value of the AUTH_USER server variable?
Is this possible?
If no, how I could change the logged user?

Thanks for help
Jul 19 '05 #1
8 10837
Server variables are read only. To change the auth_user, the visitor of the
site would have to authenticate as a different user, afaIk.

Ray at work

"MeAndI" <se******@libero.it> wrote in message
news:fT**********************@twister1.libero.it.. .
How to everybody,
how it is possible to change the value of the AUTH_USER server variable?
Is this possible?
If no, how I could change the logged user?

Thanks for help

Jul 19 '05 #2
> how it is possible to change the value of the AUTH_USER server variable?

As Ray said, ServerVariables are read only.
If no, how I could change the logged user?


Tell them to log in as someone else. If you're trying to find a way to
sneak around Windows Authentication, stop using it, because you're missing
its purpose.

--
Aaron Bertrand
SQL Server MVP
http://www.aspfaq.com/
Jul 19 '05 #3
How can I force the user to insert username and password?
I don't want to disable anonymous access to my site.

"Ray at <%=sLocation%>" <myfirstname at lane34 dot com> ha scritto nel
messaggio news:e7*************@tk2msftngp13.phx.gbl...
Server variables are read only. To change the auth_user, the visitor of the site would have to authenticate as a different user, afaIk.

Ray at work

"MeAndI" <se******@libero.it> wrote in message
news:fT**********************@twister1.libero.it.. .
How to everybody,
how it is possible to change the value of the AUTH_USER server variable?
Is this possible?
If no, how I could change the logged user?

Thanks for help


Jul 19 '05 #4
> How can I force the user to insert username and password?
I don't want to disable anonymous access to my site.


Um, this sounds like a contradiction to me. The way to force users to enter
their username and password is to disable anonymous access.

Wait, you're not expecting users to send their Windows password to an ASP
script, are you? That'd be one of the biggest security holes your network
has ever seen.

--
Aaron Bertrand
SQL Server MVP
http://www.aspfaq.com/
Jul 19 '05 #5
My site is structured as follow:
a part on an external server (where the users have free access), and a part
on an internal server (where the users have to enter username and
passwords).
The login is managed by windows (I modify the folder security to set what
user are able to access). But (I don't understand why), someone cannot
access to the restricted area because the system never ask the username and
password and returns the following error: "You are not authorized to view
this page".
Do you have any idea?

"Aaron Bertrand [MVP]" <aa***@TRASHaspfaq.com> ha scritto nel messaggio
news:OQ**************@TK2MSFTNGP10.phx.gbl...
How can I force the user to insert username and password?
I don't want to disable anonymous access to my site.
Um, this sounds like a contradiction to me. The way to force users to

enter their username and password is to disable anonymous access.

Wait, you're not expecting users to send their Windows password to an ASP
script, are you? That'd be one of the biggest security holes your network
has ever seen.

--
Aaron Bertrand
SQL Server MVP
http://www.aspfaq.com/

Jul 19 '05 #6
I have seen this behavior before. I think it is because the user is already
logged onto windows so IE sends the user's credentials to IIS without asking
for id and password. If the user does not have access granted to the
resources on the web-server then they get an error message.

You can force IIS to ask id and password again by enabling "basic"
authentication instead of "integrated" authentication. However, this sends
the user's id and password through the network in clear-text.

--
Mark Schupp
Head of Development
Integrity eLearning
www.ielearning.com
"MeAndI" <se******@libero.it> wrote in message
news:F8*********************@twister2.libero.it...
My site is structured as follow:
a part on an external server (where the users have free access), and a part on an internal server (where the users have to enter username and
passwords).
The login is managed by windows (I modify the folder security to set what
user are able to access). But (I don't understand why), someone cannot
access to the restricted area because the system never ask the username and password and returns the following error: "You are not authorized to view
this page".
Do you have any idea?

"Aaron Bertrand [MVP]" <aa***@TRASHaspfaq.com> ha scritto nel messaggio
news:OQ**************@TK2MSFTNGP10.phx.gbl...
How can I force the user to insert username and password?
I don't want to disable anonymous access to my site.


Um, this sounds like a contradiction to me. The way to force users to

enter
their username and password is to disable anonymous access.

Wait, you're not expecting users to send their Windows password to an ASP script, are you? That'd be one of the biggest security holes your network has ever seen.

--
Aaron Bertrand
SQL Server MVP
http://www.aspfaq.com/


Jul 19 '05 #7
OK!
But if the login is incorrect I believe that the system asks for the correct
username and password. or not?

"Mark Schupp" <ms*****@ielearning.com> ha scritto nel messaggio
news:uD**************@tk2msftngp13.phx.gbl...
I have seen this behavior before. I think it is because the user is already logged onto windows so IE sends the user's credentials to IIS without asking for id and password. If the user does not have access granted to the
resources on the web-server then they get an error message.

You can force IIS to ask id and password again by enabling "basic"
authentication instead of "integrated" authentication. However, this sends
the user's id and password through the network in clear-text.

--
Mark Schupp
Head of Development
Integrity eLearning
www.ielearning.com
"MeAndI" <se******@libero.it> wrote in message
news:F8*********************@twister2.libero.it...
My site is structured as follow:
a part on an external server (where the users have free access), and a

part
on an internal server (where the users have to enter username and
passwords).
The login is managed by windows (I modify the folder security to set what
user are able to access). But (I don't understand why), someone cannot
access to the restricted area because the system never ask the username

and
password and returns the following error: "You are not authorized to view this page".
Do you have any idea?

"Aaron Bertrand [MVP]" <aa***@TRASHaspfaq.com> ha scritto nel messaggio
news:OQ**************@TK2MSFTNGP10.phx.gbl...
> How can I force the user to insert username and password?
> I don't want to disable anonymous access to my site.

Um, this sounds like a contradiction to me. The way to force users to

enter
their username and password is to disable anonymous access.

Wait, you're not expecting users to send their Windows password to an

ASP script, are you? That'd be one of the biggest security holes your network has ever seen.

--
Aaron Bertrand
SQL Server MVP
http://www.aspfaq.com/



Jul 19 '05 #8
Not in my experience it doesn't. My example:

We have a "vendor's" area on our web site that I wanted to protect with
integrated authentication. Set up accounts and NTFS permission. Worked fine
from home on dialup and for some of the vendors. Got permission error and no
prompting for id/pw when logged onto our lan at work (web-server is not on
lan, it is outside of firewall). Possibly there is a setting somewhere to
modify this behavior but I don't know what it is.

--
Mark Schupp
Head of Development
Integrity eLearning
www.ielearning.com
"MeAndI" <se******@libero.it> wrote in message
news:TP*********************@twister2.libero.it...
OK!
But if the login is incorrect I believe that the system asks for the correct username and password. or not?

"Mark Schupp" <ms*****@ielearning.com> ha scritto nel messaggio
news:uD**************@tk2msftngp13.phx.gbl...
I have seen this behavior before. I think it is because the user is

already
logged onto windows so IE sends the user's credentials to IIS without

asking
for id and password. If the user does not have access granted to the
resources on the web-server then they get an error message.

You can force IIS to ask id and password again by enabling "basic"
authentication instead of "integrated" authentication. However, this sends
the user's id and password through the network in clear-text.

--
Mark Schupp
Head of Development
Integrity eLearning
www.ielearning.com
"MeAndI" <se******@libero.it> wrote in message
news:F8*********************@twister2.libero.it...
My site is structured as follow:
a part on an external server (where the users have free access), and a

part
on an internal server (where the users have to enter username and
passwords).
The login is managed by windows (I modify the folder security to set what user are able to access). But (I don't understand why), someone cannot
access to the restricted area because the system never ask the username and
password and returns the following error: "You are not authorized to view this page".
Do you have any idea?

"Aaron Bertrand [MVP]" <aa***@TRASHaspfaq.com> ha scritto nel
messaggio news:OQ**************@TK2MSFTNGP10.phx.gbl...
> > How can I force the user to insert username and password?
> > I don't want to disable anonymous access to my site.
>
> Um, this sounds like a contradiction to me. The way to force users to enter
> their username and password is to disable anonymous access.
>
> Wait, you're not expecting users to send their Windows password to

an ASP
> script, are you? That'd be one of the biggest security holes your

network
> has ever seen.
>
> --
> Aaron Bertrand
> SQL Server MVP
> http://www.aspfaq.com/
>
>



Jul 19 '05 #9

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

6
by: | last post by:
I am trying to use AUTH_USER from request.servervariables but the field is blank. I am using Windoze server 2003 with IIS5. I know there is a fix because I did it a long time ago with our old NT...
0
by: Ian Staines | last post by:
In asp the following code: Request.Servervarables("AUTH_USER") will return the header variable AUTH_USER In .NET the code Request.Servervariables("AUTH_USER") returns the server variable...
4
by: Dave | last post by:
Hi, I have a dev machine, part of a domain, with a site set to Integrated security only. I want to determine the username of person accessing the page. When I run the page with the following...
4
by: Jim in Arizona | last post by:
I'm new to aspnet with only limited experience with classic asp. Since I'm on a domain and all users are authenticated. In the past using classic asp I used request.servervariables("auth_user") to...
2
by: z f | last post by:
trying to achieve windows authentication on the fly (without the file configured to deny anonymous access in IIS) i returned a 401 status if the Request.ServerVariables("auth_user") = "" this...
2
by: nikou_70 | last post by:
I use auth_user for get username from windows, when I upload that page on server and user open the page that contain this code ,it shows a prompt window and wants username and password ,it's common...
0
by: Mark Rae | last post by:
Hi, I apologise that this isn't *specifically* an ASP.NET issue - I will also post it to the IIS newsgroup - but I thought I'd ask here anyway on the off-chance that someone may have come across...
1
by: prashanthg | last post by:
Hi Friends, I am having an asp application in which i am capturing the Auth_User for authentication. My problem is when i am trying to turn off the anonymous access tab in the...
0
by: =?Utf-8?B?SlA=?= | last post by:
I have an application that uses Forms Authentication in connection with Active Directory for granting access to an application. When a user logs on with AD, it populates the AUTH_USER...
1
isladogs
by: isladogs | last post by:
The next online meeting of the Access Europe User Group will be on Wednesday 6 Dec 2023 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, Mike...
0
by: jianzs | last post by:
Introduction Cloud-native applications are conventionally identified as those designed and nurtured on cloud infrastructure. Such applications, rooted in cloud technologies, skillfully benefit from...
0
by: mar23 | last post by:
Here's the situation. I have a form called frmDiceInventory with subform called subfrmDice. The subform's control source is linked to a query called qryDiceInventory. I've been trying to pick up the...
0
by: abbasky | last post by:
### Vandf component communication method one: data sharing ​ Vandf components can achieve data exchange through data sharing, state sharing, events, and other methods. Vandf's data exchange method...
2
by: jimatqsi | last post by:
The boss wants the word "CONFIDENTIAL" overlaying certain reports. He wants it large, slanted across the page, on every page, very light gray, outlined letters, not block letters. I thought Word Art...
0
by: stefan129 | last post by:
Hey forum members, I'm exploring options for SSL certificates for multiple domains. Has anyone had experience with multi-domain SSL certificates? Any recommendations on reliable providers or specific...
0
Git
by: egorbl4 | last post by:
Скачал я git, хотел начать настройку, а там вылезло вот это Что это? Что мне с этим делать? ...
1
by: davi5007 | last post by:
Hi, Basically, I am trying to automate a field named TraceabilityNo into a web page from an access form. I've got the serial held in the variable strSearchString. How can I get this into the...
0
by: MeoLessi9 | last post by:
I have VirtualBox installed on Windows 11 and now I would like to install Kali on a virtual machine. However, on the official website, I see two options: "Installer images" and "Virtual machines"....

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.