Solved

Authorization

Posted on 1998-10-16
4
157 Views
Last Modified: 2013-12-25
As in experts-exchage when the question is to be asked or something is to be accessed... the loginname and passowrd is asked... this login is then used to display the relevant data like the scored...

Now how is this login name accessed....
What method is used to do this

Thanks in advance....

NikhilH
0
Comment
Question by:nikhilh
  • 2
4 Comments
 
LVL 75

Expert Comment

by:Michel Plungjan
ID: 1829132
You should remove the other identical question

All about logins can be read here

http://www.webthing.com/tutorials/login.html
0
 
LVL 2

Author Comment

by:nikhilh
ID: 1829133
The site you have specified lists it for Apache server
and secondly it asks for a login....

I want to do that for MS IIS


0
 
LVL 11

Accepted Solution

by:
mouatts earned 100 total points
ID: 1829134
There are a number of ways to achieve this. The simplest is as follows.

Create a directory and place all your restricted files in this directory. Create a virtual directory that points to this. Turn password protection for this virtual directory on and add the users that you want added.

Now create another directory underneath this and put all your unprotected stuff in here. Now create a virtual directory that points to this second directory but place no security restrictions on it. For the sake of clarity I will call this the home directory although you don't need to set this.

Any links within the pages in the secure area should point to the home directory beneath relatively and not via the other virtual directory name.

Any links from the insecure home directory into the secure one should be via the virtual directory name.

So if anyone accesses the home directory directly they will be allowed access. But if they access the secure directory or the home directory via the secure one they will be prompted for the password.

One of the reasons for ensuring that the links are as I specified is because it ensures that the session remains constant one the password has been entered and therefore you can store information within the session object confident that it will be retained whilst they navigate the site.

Now whilst we can't get to the password we can get to the user name that was entered by as this is present as the HTTP environment variable LOGON_USER.

So if we wanted to print out the name of the logged on user we could use

<%=request.servervariables ("LOGON_USER")%>

Alternatively we could create a variable within the session_onstart subroutine stored within the global.asa file in the secure directory to hold this value as below.

sub session_onstart
Session("username")=request.Servervariables("LOGON_USER")
end sub

Steve
0
 
LVL 75

Expert Comment

by:Michel Plungjan
ID: 1829135
Nikhilh: You asked how it was done, not how to do it on IIS.
Sorry. The answer is still that it is done using basic authorisation which can be turned on in IIS as well.
Be aware that challenge response protection in IIS will only allow MSIE to acess the pages.

Michel

0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you get a (Blue Screen of Death), your system writes a small file called a minidump. Your first step is to make certain your computer is setup to record memory dumps. Right click My Computer, choose properties. Click on the advanced tab, an…
I hope you'll find this tutorial useful and interesting. So let's try to extend Tcl with a new package.  For anyone more deeply interested please check out the book "Practical Programming in Tcl and Tk". It's really one of the best written books abo…
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now