Solved

Authorization

Posted on 1998-10-16
4
160 Views
Last Modified: 2013-12-25
As in experts-exchage when the question is to be asked or something is to be accessed... the loginname and passowrd is asked... this login is then used to display the relevant data like the scored...

Now how is this login name accessed....
What method is used to do this

Thanks in advance....

NikhilH
0
Comment
Question by:nikhilh
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 75

Expert Comment

by:Michel Plungjan
ID: 1829132
You should remove the other identical question

All about logins can be read here

http://www.webthing.com/tutorials/login.html
0
 
LVL 2

Author Comment

by:nikhilh
ID: 1829133
The site you have specified lists it for Apache server
and secondly it asks for a login....

I want to do that for MS IIS


0
 
LVL 11

Accepted Solution

by:
mouatts earned 100 total points
ID: 1829134
There are a number of ways to achieve this. The simplest is as follows.

Create a directory and place all your restricted files in this directory. Create a virtual directory that points to this. Turn password protection for this virtual directory on and add the users that you want added.

Now create another directory underneath this and put all your unprotected stuff in here. Now create a virtual directory that points to this second directory but place no security restrictions on it. For the sake of clarity I will call this the home directory although you don't need to set this.

Any links within the pages in the secure area should point to the home directory beneath relatively and not via the other virtual directory name.

Any links from the insecure home directory into the secure one should be via the virtual directory name.

So if anyone accesses the home directory directly they will be allowed access. But if they access the secure directory or the home directory via the secure one they will be prompted for the password.

One of the reasons for ensuring that the links are as I specified is because it ensures that the session remains constant one the password has been entered and therefore you can store information within the session object confident that it will be retained whilst they navigate the site.

Now whilst we can't get to the password we can get to the user name that was entered by as this is present as the HTTP environment variable LOGON_USER.

So if we wanted to print out the name of the logged on user we could use

<%=request.servervariables ("LOGON_USER")%>

Alternatively we could create a variable within the session_onstart subroutine stored within the global.asa file in the secure directory to hold this value as below.

sub session_onstart
Session("username")=request.Servervariables("LOGON_USER")
end sub

Steve
0
 
LVL 75

Expert Comment

by:Michel Plungjan
ID: 1829135
Nikhilh: You asked how it was done, not how to do it on IIS.
Sorry. The answer is still that it is done using basic authorisation which can be turned on in IIS as well.
Be aware that challenge response protection in IIS will only allow MSIE to acess the pages.

Michel

0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In threads here at EE, each comment has a unique Identifier (ID). It is easy to get the full path for an ID via the right-click context menu. However, we often want to post a short link within a thread rather than the full link. This article shows a…
A quick Powershell script I wrote to find old program installations and check versions of a specific file across the network.
Learn the basics of modules and packages in Python. Every Python file is a module, ending in the suffix: .py: Modules are a collection of functions and variables.: Packages are a collection of modules.: Module functions and variables are accessed us…
In this fifth video of the Xpdf series, we discuss and demonstrate the PDFdetach utility, which is able to list and, more importantly, extract attachments that are embedded in PDF files. It does this via a command line interface, making it suitable …

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question