473,320 Members | 2,012 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

unreliable ServerVariables?

ljb
Why does Request.ServerVariables("AUTH_USER") suddenly start returning a 0
length string? I've experience this before...it works fine for a while and
suddenly it quits returning values. Other ASP on the same server continues
to return valid values. Any ideas what is causing this?

thanks
LJB
Jul 19 '05 #1
16 1832
When you are not authenticated and accessing the page anonymously?

--
Aaron Bertrand
SQL Server MVP
http://www.aspfaq.com/
"ljb" <.> wrote in message news:eJ**************@TK2MSFTNGP11.phx.gbl...
Why does Request.ServerVariables("AUTH_USER") suddenly start returning a 0
length string? I've experience this before...it works fine for a while and
suddenly it quits returning values. Other ASP on the same server continues
to return valid values. Any ideas what is causing this?

thanks
LJB

Jul 19 '05 #2
"Aaron Bertrand [MVP]" <aa***@TRASHaspfaq.com> wrote in message news:<u9**************@TK2MSFTNGP10.phx.gbl>...
When you are not authenticated and accessing the page anonymously?

--
Aaron Bertrand
SQL Server MVP
http://www.aspfaq.com/


What causes the loss of authentication? This is on an intranet and
everyone logs in to an NT network. Its particularly annoying for me as
a developer when suddenly I can't even test my own code. I can re-boot
my workstation and login again but often Authenticated_User will not
work for days. In this project I'm trying to allow editing a database
record from ASP if the user is in a short list of names. Everyone
outside my list is read only.

LJB
Jul 19 '05 #3
Do you have Windows authentication and anonymous access enabled? If so,
disable the latter.

--
Aaron Bertrand
SQL Server MVP
http://www.aspfaq.com/
"Lawrence" <lj******@juno.com> wrote in message
news:ec**************************@posting.google.c om...
"Aaron Bertrand [MVP]" <aa***@TRASHaspfaq.com> wrote in message

news:<u9**************@TK2MSFTNGP10.phx.gbl>...
When you are not authenticated and accessing the page anonymously?

--
Aaron Bertrand
SQL Server MVP
http://www.aspfaq.com/


What causes the loss of authentication? This is on an intranet and
everyone logs in to an NT network. Its particularly annoying for me as
a developer when suddenly I can't even test my own code. I can re-boot
my workstation and login again but often Authenticated_User will not
work for days. In this project I'm trying to allow editing a database
record from ASP if the user is in a short list of names. Everyone
outside my list is read only.

LJB

Jul 19 '05 #4
Hi LJB,

From the description, you used the Request.ServerVariables("AUTH_USER") to
get the authenticated user's account. in your ASP web application. However
you found the variable will suddently become empty(return 0 length string)
after a while ,yes?

As for this problem, I'd like to confirm some things first:
1. The server's OS version and IIS version.
2. What's the Authentication setting for the ASP app's virutal directory,
Integrated Windows authentication or Basic authentiation or both checked
or..? Also, Anonymous access denied?

3. Have you any other ISAPI filters installed on the machine. Some times
some addition filter may caues such problems.

In addition, I've found some former similar cases which are caused by the
permission setting on the web app. some are caused by incorrect permissions
in nested subwebs. So please sure Anonymous was disabled on all pages,
otherwise the AUTH_USER info retrieved from the HTTPAUTHENTIATION header
will be lost. Also, please check another two variables "LOGON_USER" and
"REMOTE_USER" to see whether they're also blank when suffering the problem.

Please check out the above items. And here is a kb article on IIS
Authentication and Security features:
#IIS: Authentication and Security Features
http://support.microsoft.com/?id=142868
Hope also helpful.
Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Get Preview at ASP.NET whidbey
http://msdn.microsoft.com/asp.net/whidbey/default.aspx

Jul 19 '05 #5
Hi LJB,

Have you had a chance to check out the suggestions in our replies or have
you got any further progress on this issue? If you have any new findings,
please feel free to post here. Thanks.
Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Get Preview at ASP.NET whidbey
http://msdn.microsoft.com/asp.net/whidbey/default.aspx

Jul 19 '05 #6
ljb
Very strange...I don't see any replies to my question except for this one!
I'm using Outlook Newsreader. Will try Google.

LJB

"Steven Cheng[MSFT]" <v-******@online.microsoft.com> wrote in message
news:sc**************@cpmsftngxa06.phx.gbl...
Hi LJB,

Have you had a chance to check out the suggestions in our replies or have
you got any further progress on this issue? If you have any new findings,
please feel free to post here. Thanks.
Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Get Preview at ASP.NET whidbey
http://msdn.microsoft.com/asp.net/whidbey/default.aspx

Jul 19 '05 #7
> Very strange...I don't see any replies to my question except for this one!
I'm using Outlook Newsreader.


You mean Outlook Express. Don't go to Google, you can read posts at
groups.google.com but it is pretty convoluted to reply to them.

As for the missing replies, what happens is Outlook Express downloads the
most recent 300 headers by default. Since you were away for a week, there
were way more than 300 new messages, so the original replies were too old.
Just hit the "Headers" button on the toolbar a few times and you should see
the thread fill out.

--
Aaron Bertrand
SQL Server MVP
http://www.aspfaq.com/
Jul 19 '05 #8
ljb
I've tried that but it won't get the missing headers for me. I am using
Outlook Express 6.00.2800.11232. Any ideas why it doesn't work?
Anyway I found the missing replies at Google and am working my way through
them. Our admins see this as a very low priority item and are slow to
respond. After all they can't see any flames, the server isn't smoking and
the noise seems about normal!

thanks
LJB

"Aaron Bertrand [MVP]" <aa***@TRASHaspfaq.com> wrote in message
news:%2****************@TK2MSFTNGP09.phx.gbl...
Very strange...I don't see any replies to my question except for this one! I'm using Outlook Newsreader.
You mean Outlook Express. Don't go to Google, you can read posts at
groups.google.com but it is pretty convoluted to reply to them.

As for the missing replies, what happens is Outlook Express downloads the
most recent 300 headers by default. Since you were away for a week, there
were way more than 300 new messages, so the original replies were too old.
Just hit the "Headers" button on the toolbar a few times and you should

see the thread fill out.

--
Aaron Bertrand
SQL Server MVP
http://www.aspfaq.com/

Jul 19 '05 #9
Well I've checked several items and made some changes but the results
are mixed.
The server's OS is Windows 2000 Server with Service Pack 2
IIS version is 5.00.0984
Anonymous Access is off (was on earlier)
Basic Authentication is off
Integrated Windows is on

The ServerVariables now contain valid data but I'm challenged every
time I start IE and try to open any ASP on this server. My workstation
is logged into the NT domain but that doesn't seem to be sufficient.

LJB
Jul 19 '05 #10
Hi LJB,

I think the new problem that when you start IE and visit the ASP page on
the secured server there will popup login dialog is because the the
Integrated windows authentication will need a certain login account (in the
domain or on the machine) since you've denied the anonymous access.

Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Get Preview at ASP.NET whidbey
http://msdn.microsoft.com/asp.net/whidbey/default.aspx

Jul 19 '05 #11
ljb
Since this is an intranet I and everyone visiting the pages is already
logged into our domain I assumed that authentication would be sufficient.
Evidently this server wants its own authentication. I'm going to have to go
back to anonymous access. Right now the server variables are working. It
remains to be seen if they quit immediately after switching back to
anonymous.

thanks
LJB
Jul 19 '05 #12
ljb
"ljb" <.> wrote in message news:uG******************@TK2MSFTNGP11.phx.gbl...
Evidently this server wants its own authentication. I'm going to have to go back to anonymous access. Right now the server variables are working. It
remains to be seen if they quit immediately after switching back to
anonymous.


ServerVariables again return empty strings imediatly after reinstating
Anonymous Access.

bummer
LJB
Jul 19 '05 #13
"ljb" <.> wrote in message news:us**************@TK2MSFTNGP10.phx.gbl...
: "ljb" <.> wrote in message
news:uG******************@TK2MSFTNGP11.phx.gbl...
:
: > Evidently this server wants its own authentication. I'm going to have to
: go
: > back to anonymous access. Right now the server variables are working. It
: > remains to be seen if they quit immediately after switching back to
: > anonymous.
: >
:
: ServerVariables again return empty strings imediatly after reinstating
: Anonymous Access.

As they should. If you have anonymous access enabled, it will be tested
first. Anonymous is NOT required to pass credentials for AUTH_USER will be
empty.

Are you getting a 401.1 or 401.2 error?

BTW... This is really not an ASP question since authentication is your
issue. It is more of an IIS issue. Jes' sayin'...
--
Roland Hall
/* This information is distributed in the hope that it will be useful, but
without any warranty; without even the implied warranty of merchantability
or fitness for a particular purpose. */
Technet Script Center - http://www.microsoft.com/technet/scriptcenter/
WSH 5.6 Documentation - http://msdn.microsoft.com/downloads/list/webdev.asp
MSDN Library - http://msdn.microsoft.com/library/default.asp
Jul 19 '05 #14
"Roland Hall" wrote in message news:OA**************@TK2MSFTNGP11.phx.gbl...
: "ljb" <.> wrote in message news:us**************@TK2MSFTNGP10.phx.gbl...
: : "ljb" <.> wrote in message
: news:uG******************@TK2MSFTNGP11.phx.gbl...
: :
: : > Evidently this server wants its own authentication. I'm going to have
to
: : go
: : > back to anonymous access. Right now the server variables are working.
It
: : > remains to be seen if they quit immediately after switching back to
: : > anonymous.
: : >
: :
: : ServerVariables again return empty strings imediatly after reinstating
: : Anonymous Access.
:
: As they should. If you have anonymous access enabled, it will be tested
: first. Anonymous is NOT required to pass credentials for AUTH_USER will
be
: empty.
:
: Are you getting a 401.1 or 401.2 error?

Is this IIS5 or 6?
Jul 19 '05 #15
ljb
"Roland Hall" <nobody@nowhere> wrote in message
news:uL**************@TK2MSFTNGP10.phx.gbl...
: first. Anonymous is NOT required to pass credentials for AUTH_USER will
be
: empty.
:
: Are you getting a 401.1 or 401.2 error?

Is this IIS5 or 6?


I'm running this under IIS5.

When I first created the ASP it worked for awhile and AUTH_USER contained a
name. I'm quite sure Anonymous was set at that time. Suddenly it quit
returning a name. I had hopes of determining what caused the change and how
to set it back. My purpose was to place a database edit button if the user
was one from my list of users allowed to edit the data. It was very simple
while it worked but it may just have been a fluke that AUTH_USER ever
contained a name

thanks
LJB
Jul 19 '05 #16

"ljb" <.> wrote in message news:u6*************@TK2MSFTNGP12.phx.gbl...
: "Roland Hall" <nobody@nowhere> wrote in message
: news:uL**************@TK2MSFTNGP10.phx.gbl...
:
: > : first. Anonymous is NOT required to pass credentials for AUTH_USER
will
: > be
: > : empty.
: > :
: > : Are you getting a 401.1 or 401.2 error?
: >
: > Is this IIS5 or 6?
:
: I'm running this under IIS5.
:
: When I first created the ASP it worked for awhile and AUTH_USER contained
a
: name. I'm quite sure Anonymous was set at that time. Suddenly it quit
: returning a name. I had hopes of determining what caused the change and
how
: to set it back. My purpose was to place a database edit button if the user
: was one from my list of users allowed to edit the data. It was very simple
: while it worked but it may just have been a fluke that AUTH_USER ever
: contained a name

You might have missed my first question. What error are you getting? Have
you tried using wfetch to check what is actually happening?

Go here to get it:
http://www.microsoft.com/downloads/d...DisplayLang=en

This tells you how to use it:
http://support.microsoft.com/default...b;en-us;284285

Here is a webcast by Chris Adams on how to properly set your security, how
to test, how to know what is happening and how to debug it. It takes awhile
and he covers probably more than you're interested in, but he also explains
the 3-way handshake during the authentication and displays it on screen.

I'm a network security professional so the TCP/IP 3-way handshake to me is
pretty simple process using a packet analyzer, but this makes it easy for
the novice to understand.

He also explains the difference between authentication and authorization,
which most people use synonymously. This is crucial to the debugging
process.

It's an excellent demonstration that I think anyone administering IIS on an
Intranet should review. This is a step-by-step process of exactly what
you're trying to do.

http://msevents.microsoft.com/CUI/Ev...&Culture=en-US

You will have to register to review it but you get instant access.

HTH...

--
Roland Hall
/* This information is distributed in the hope that it will be useful, but
without any warranty; without even the implied warranty of merchantability
or fitness for a particular purpose. */
Technet Script Center - http://www.microsoft.com/technet/scriptcenter/
WSH 5.6 Documentation - http://msdn.microsoft.com/downloads/list/webdev.asp
MSDN Library - http://msdn.microsoft.com/library/default.asp
Jul 19 '05 #17

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

4
by: James R. Saker Jr. | last post by:
I see per pydoc that Queue.Queue()'s .qsize is allegedly unreliable: | qsize(self) | Return the approximate size of the queue (not reliable!). Any thoughts on why this is unreliable (and...
2
by: W. Loo | last post by:
Hi, I've got a question regarding the usage of Request.ServerVariables. I'm not sure this is really a ASP question, so redirects to a more appropriate newsgroup are welcome. I have a variable...
3
by: crjunk | last post by:
I have the following url: https://test.mywebsite.com/secure/programs/test.asp?TOPIC_ID=21 How can I get the value "secure/programs/test.asp?TOPIC_ID=21" I can't use...
4
by: Martin | last post by:
Hi, From Page1.asp, I use "Server.transfer" to "REDIRECT" to another asp page (page2.asp), in page2.asp I use Request.ServerVariables("URL") and Request.ServerVariables("REFERER") to get the...
2
by: TS | last post by:
I seem to remember reading somewhere that accessing this collection is expensive and you should avoid it if possible. Are there any alternatives to the following: Request.ServerVariables; ...
0
by: Enzo | last post by:
Hello, I am trying to add items to the ServerVariables Collection for some custom processing. In the past this needed to be done with an ISAPI filter. I am told now that I can do this with a...
1
by: preet | last post by:
I posted this elsewhere ; probably the wrong place so i am posting this again I am using the following script: hrefer=Request.Servervariables("HTTP_REFERER")...
1
by: Ryan | last post by:
I am trying to figure out why I am trying to use the result of Request.ServerVariables("LOGON_USER") in a query in my aspx application. I want to use the server variable. When I check the...
2
by: Henry Stock | last post by:
I don't seem to understand how to use the value: Request.ServerVariables("remote_addr") I am trying to pass the ip address of a sending web client in the body of an email message. When I...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
0
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.