470,619 Members | 2,036 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 470,619 developers. It's quick & easy.

AUTH_USER server variable

How to everybody,
how it is possible to change the value of the AUTH_USER server variable?
Is this possible?
If no, how I could change the logged user?

Thanks for help
Jul 19 '05 #1
8 10701
Server variables are read only. To change the auth_user, the visitor of the
site would have to authenticate as a different user, afaIk.

Ray at work

"MeAndI" <se******@libero.it> wrote in message
news:fT**********************@twister1.libero.it.. .
How to everybody,
how it is possible to change the value of the AUTH_USER server variable?
Is this possible?
If no, how I could change the logged user?

Thanks for help

Jul 19 '05 #2
> how it is possible to change the value of the AUTH_USER server variable?

As Ray said, ServerVariables are read only.
If no, how I could change the logged user?


Tell them to log in as someone else. If you're trying to find a way to
sneak around Windows Authentication, stop using it, because you're missing
its purpose.

--
Aaron Bertrand
SQL Server MVP
http://www.aspfaq.com/
Jul 19 '05 #3
How can I force the user to insert username and password?
I don't want to disable anonymous access to my site.

"Ray at <%=sLocation%>" <myfirstname at lane34 dot com> ha scritto nel
messaggio news:e7*************@tk2msftngp13.phx.gbl...
Server variables are read only. To change the auth_user, the visitor of the site would have to authenticate as a different user, afaIk.

Ray at work

"MeAndI" <se******@libero.it> wrote in message
news:fT**********************@twister1.libero.it.. .
How to everybody,
how it is possible to change the value of the AUTH_USER server variable?
Is this possible?
If no, how I could change the logged user?

Thanks for help


Jul 19 '05 #4
> How can I force the user to insert username and password?
I don't want to disable anonymous access to my site.


Um, this sounds like a contradiction to me. The way to force users to enter
their username and password is to disable anonymous access.

Wait, you're not expecting users to send their Windows password to an ASP
script, are you? That'd be one of the biggest security holes your network
has ever seen.

--
Aaron Bertrand
SQL Server MVP
http://www.aspfaq.com/
Jul 19 '05 #5
My site is structured as follow:
a part on an external server (where the users have free access), and a part
on an internal server (where the users have to enter username and
passwords).
The login is managed by windows (I modify the folder security to set what
user are able to access). But (I don't understand why), someone cannot
access to the restricted area because the system never ask the username and
password and returns the following error: "You are not authorized to view
this page".
Do you have any idea?

"Aaron Bertrand [MVP]" <aa***@TRASHaspfaq.com> ha scritto nel messaggio
news:OQ**************@TK2MSFTNGP10.phx.gbl...
How can I force the user to insert username and password?
I don't want to disable anonymous access to my site.
Um, this sounds like a contradiction to me. The way to force users to

enter their username and password is to disable anonymous access.

Wait, you're not expecting users to send their Windows password to an ASP
script, are you? That'd be one of the biggest security holes your network
has ever seen.

--
Aaron Bertrand
SQL Server MVP
http://www.aspfaq.com/

Jul 19 '05 #6
I have seen this behavior before. I think it is because the user is already
logged onto windows so IE sends the user's credentials to IIS without asking
for id and password. If the user does not have access granted to the
resources on the web-server then they get an error message.

You can force IIS to ask id and password again by enabling "basic"
authentication instead of "integrated" authentication. However, this sends
the user's id and password through the network in clear-text.

--
Mark Schupp
Head of Development
Integrity eLearning
www.ielearning.com
"MeAndI" <se******@libero.it> wrote in message
news:F8*********************@twister2.libero.it...
My site is structured as follow:
a part on an external server (where the users have free access), and a part on an internal server (where the users have to enter username and
passwords).
The login is managed by windows (I modify the folder security to set what
user are able to access). But (I don't understand why), someone cannot
access to the restricted area because the system never ask the username and password and returns the following error: "You are not authorized to view
this page".
Do you have any idea?

"Aaron Bertrand [MVP]" <aa***@TRASHaspfaq.com> ha scritto nel messaggio
news:OQ**************@TK2MSFTNGP10.phx.gbl...
How can I force the user to insert username and password?
I don't want to disable anonymous access to my site.


Um, this sounds like a contradiction to me. The way to force users to

enter
their username and password is to disable anonymous access.

Wait, you're not expecting users to send their Windows password to an ASP script, are you? That'd be one of the biggest security holes your network has ever seen.

--
Aaron Bertrand
SQL Server MVP
http://www.aspfaq.com/


Jul 19 '05 #7
OK!
But if the login is incorrect I believe that the system asks for the correct
username and password. or not?

"Mark Schupp" <ms*****@ielearning.com> ha scritto nel messaggio
news:uD**************@tk2msftngp13.phx.gbl...
I have seen this behavior before. I think it is because the user is already logged onto windows so IE sends the user's credentials to IIS without asking for id and password. If the user does not have access granted to the
resources on the web-server then they get an error message.

You can force IIS to ask id and password again by enabling "basic"
authentication instead of "integrated" authentication. However, this sends
the user's id and password through the network in clear-text.

--
Mark Schupp
Head of Development
Integrity eLearning
www.ielearning.com
"MeAndI" <se******@libero.it> wrote in message
news:F8*********************@twister2.libero.it...
My site is structured as follow:
a part on an external server (where the users have free access), and a

part
on an internal server (where the users have to enter username and
passwords).
The login is managed by windows (I modify the folder security to set what
user are able to access). But (I don't understand why), someone cannot
access to the restricted area because the system never ask the username

and
password and returns the following error: "You are not authorized to view this page".
Do you have any idea?

"Aaron Bertrand [MVP]" <aa***@TRASHaspfaq.com> ha scritto nel messaggio
news:OQ**************@TK2MSFTNGP10.phx.gbl...
> How can I force the user to insert username and password?
> I don't want to disable anonymous access to my site.

Um, this sounds like a contradiction to me. The way to force users to

enter
their username and password is to disable anonymous access.

Wait, you're not expecting users to send their Windows password to an

ASP script, are you? That'd be one of the biggest security holes your network has ever seen.

--
Aaron Bertrand
SQL Server MVP
http://www.aspfaq.com/



Jul 19 '05 #8
Not in my experience it doesn't. My example:

We have a "vendor's" area on our web site that I wanted to protect with
integrated authentication. Set up accounts and NTFS permission. Worked fine
from home on dialup and for some of the vendors. Got permission error and no
prompting for id/pw when logged onto our lan at work (web-server is not on
lan, it is outside of firewall). Possibly there is a setting somewhere to
modify this behavior but I don't know what it is.

--
Mark Schupp
Head of Development
Integrity eLearning
www.ielearning.com
"MeAndI" <se******@libero.it> wrote in message
news:TP*********************@twister2.libero.it...
OK!
But if the login is incorrect I believe that the system asks for the correct username and password. or not?

"Mark Schupp" <ms*****@ielearning.com> ha scritto nel messaggio
news:uD**************@tk2msftngp13.phx.gbl...
I have seen this behavior before. I think it is because the user is

already
logged onto windows so IE sends the user's credentials to IIS without

asking
for id and password. If the user does not have access granted to the
resources on the web-server then they get an error message.

You can force IIS to ask id and password again by enabling "basic"
authentication instead of "integrated" authentication. However, this sends
the user's id and password through the network in clear-text.

--
Mark Schupp
Head of Development
Integrity eLearning
www.ielearning.com
"MeAndI" <se******@libero.it> wrote in message
news:F8*********************@twister2.libero.it...
My site is structured as follow:
a part on an external server (where the users have free access), and a

part
on an internal server (where the users have to enter username and
passwords).
The login is managed by windows (I modify the folder security to set what user are able to access). But (I don't understand why), someone cannot
access to the restricted area because the system never ask the username and
password and returns the following error: "You are not authorized to view this page".
Do you have any idea?

"Aaron Bertrand [MVP]" <aa***@TRASHaspfaq.com> ha scritto nel
messaggio news:OQ**************@TK2MSFTNGP10.phx.gbl...
> > How can I force the user to insert username and password?
> > I don't want to disable anonymous access to my site.
>
> Um, this sounds like a contradiction to me. The way to force users to enter
> their username and password is to disable anonymous access.
>
> Wait, you're not expecting users to send their Windows password to

an ASP
> script, are you? That'd be one of the biggest security holes your

network
> has ever seen.
>
> --
> Aaron Bertrand
> SQL Server MVP
> http://www.aspfaq.com/
>
>



Jul 19 '05 #9

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

4 posts views Thread by Dave | last post: by
4 posts views Thread by Jim in Arizona | last post: by
2 posts views Thread by z f | last post: by
2 posts views Thread by nikou_70 | last post: by
reply views Thread by Mark Rae | last post: by
reply views Thread by =?Utf-8?B?SlA=?= | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.