I'm working on a ASP applicatition to create Windows 2000 users.
Because I don't want everybody to have access to the site I've changed
te security in IIS 5.0 which runs on a windows 2000 Sp4 server:
The security on the site is mainly anonymous. The anonymous account has
been changed to an account which has the right permissions. The security
on one asp page (GetUser.asp) is changed to only "Windows Integrated".
A User that access the site is redirected from Default.asp to Getuser.asp
where the users
account name is catched with:
Session("Username")=Request.Servervariables("AUTH_ USER").
Next, the user is redirected to ValidateUser.asp which checks if
Session("Username") is member
of the right group. The security on this file is back again set to
Anonymous. If the
validation is succesfull the user is redirected to the Main.asp file. The
Main.asp page will only be
showed if the user is validated.
The problem is that when the security is set as i've described above the
POST-Method on
Main.asp does only return empty variables. When I redirect the user directly
to Main.asp
the POST-method works well.
Is there anybody who can explain why the POST method doesn't work ?
Thanks in advance
Ernesto