By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
443,866 Members | 1,660 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 443,866 IT Pros & Developers. It's quick & easy.

Authentication against file token

P: n/a
Somewhere I read about authenticating against a file token on the user's
hard drive - but I can't find the book I read it in anymore. If you
know what I'm talking about please let me know.

Here's what I remember. Evidently there's a standard filename that can
be created in a local directory and you can right click it and set
properties to it. Once this file is created on a user's computer you
can send a request from ASP or VBscript to check it and use it for an
Intranet authentication.

I was using TCP/IP restriction for security combined with
username/password but our network guys want to give up on static IPs.
So I'm looking for another token on the local computer I can check on
and validate along with username/password. I'm open for suggestions.

Jim Harris
Memphis, TN
Jul 19 '05 #1
Share this Question
Share on Google+
4 Replies


P: n/a
If it's on an intranet, you can set the security to Windows Authentication
(assuming Windows 2000) then using Request.ServerVariables("LOGON_USER") you
will "know" who the user is.
"Jim Harris" <jh*****@memphis.edu> wrote in message
news:ek**************@TK2MSFTNGP09.phx.gbl...
Somewhere I read about authenticating against a file token on the user's
hard drive - but I can't find the book I read it in anymore. If you
know what I'm talking about please let me know.

Here's what I remember. Evidently there's a standard filename that can
be created in a local directory and you can right click it and set
properties to it. Once this file is created on a user's computer you
can send a request from ASP or VBscript to check it and use it for an
Intranet authentication.

I was using TCP/IP restriction for security combined with
username/password but our network guys want to give up on static IPs.
So I'm looking for another token on the local computer I can check on
and validate along with username/password. I'm open for suggestions.

Jim Harris
Memphis, TN

Jul 19 '05 #2

P: n/a
I might can make use of that idea, especially for tracking users. Thanks.

My idea was to quietly put a hidden file on each user's computer and
then on the login page check for that file and if it wasn't there just
send a warning message. If it was there, I'd let them log in. And then
on all other pages check for session("authenticated") and redirect to
login.asp if not. I figured combined with Verisign that would be good
enough security.

The thing is I swear I saw an article about this but using a file that
Microsoft has set up for this purpose. Can't find it. My memory is
getting so bad I should log what I read.

Jim Harris

TomB wrote:
If it's on an intranet, you can set the security to Windows Authentication
(assuming Windows 2000) then using Request.ServerVariables("LOGON_USER") you
will "know" who the user is.
"Jim Harris" <jh*****@memphis.edu> wrote in message
news:ek**************@TK2MSFTNGP09.phx.gbl...
Somewhere I read about authenticating against a file token on the user's
hard drive - but I can't find the book I read it in anymore. If you
know what I'm talking about please let me know.

Here's what I remember. Evidently there's a standard filename that can
be created in a local directory and you can right click it and set
properties to it. Once this file is created on a user's computer you
can send a request from ASP or VBscript to check it and use it for an
Intranet authentication.

I was using TCP/IP restriction for security combined with
username/password but our network guys want to give up on static IPs.
So I'm looking for another token on the local computer I can check on
and validate along with username/password. I'm open for suggestions.

Jim Harris
Memphis, TN


Jul 19 '05 #3

P: n/a
ljb
I have tried this concept, it is very easy to implement and it works most of
the time,. There are times however when this server variable only returns
null. Something periodically happens on our server and this type of
authentication fails until the server is rebooted. I don't know what the
problem is that causes this and neither do our administrators. Any ideas
what might cause this?

LJB

"TomB" <sh*****@hotmailXXX.com> wrote in message
news:eH**************@tk2msftngp13.phx.gbl...
If it's on an intranet, you can set the security to Windows Authentication
(assuming Windows 2000) then using Request.ServerVariables("LOGON_USER") you will "know" who the user is.

Jul 19 '05 #4

P: n/a
We've been using it for about two and a half years, without any indication
of it not working.

"ljb" <.> wrote in message news:ef**************@TK2MSFTNGP10.phx.gbl...
I have tried this concept, it is very easy to implement and it works most of the time,. There are times however when this server variable only returns
null. Something periodically happens on our server and this type of
authentication fails until the server is rebooted. I don't know what the
problem is that causes this and neither do our administrators. Any ideas
what might cause this?

LJB

"TomB" <sh*****@hotmailXXX.com> wrote in message
news:eH**************@tk2msftngp13.phx.gbl...
If it's on an intranet, you can set the security to Windows Authentication (assuming Windows 2000) then using Request.ServerVariables("LOGON_USER")

you
will "know" who the user is.


Jul 19 '05 #5

This discussion thread is closed

Replies have been disabled for this discussion.