Solved

Authorization

Posted on 1998-10-16
4
156 Views
Last Modified: 2013-12-25
As in experts-exchage when the question is to be asked or something is to be accessed... the loginname and passowrd is asked... this login is then used to display the relevant data like the scored...

Now how is this login name accessed....
What method is used to do this

Thanks in advance....

NikhilH
0
Comment
Question by:nikhilh
  • 2
4 Comments
 
LVL 75

Expert Comment

by:Michel Plungjan
Comment Utility
You should remove the other identical question

All about logins can be read here

http://www.webthing.com/tutorials/login.html
0
 
LVL 2

Author Comment

by:nikhilh
Comment Utility
The site you have specified lists it for Apache server
and secondly it asks for a login....

I want to do that for MS IIS


0
 
LVL 11

Accepted Solution

by:
mouatts earned 100 total points
Comment Utility
There are a number of ways to achieve this. The simplest is as follows.

Create a directory and place all your restricted files in this directory. Create a virtual directory that points to this. Turn password protection for this virtual directory on and add the users that you want added.

Now create another directory underneath this and put all your unprotected stuff in here. Now create a virtual directory that points to this second directory but place no security restrictions on it. For the sake of clarity I will call this the home directory although you don't need to set this.

Any links within the pages in the secure area should point to the home directory beneath relatively and not via the other virtual directory name.

Any links from the insecure home directory into the secure one should be via the virtual directory name.

So if anyone accesses the home directory directly they will be allowed access. But if they access the secure directory or the home directory via the secure one they will be prompted for the password.

One of the reasons for ensuring that the links are as I specified is because it ensures that the session remains constant one the password has been entered and therefore you can store information within the session object confident that it will be retained whilst they navigate the site.

Now whilst we can't get to the password we can get to the user name that was entered by as this is present as the HTTP environment variable LOGON_USER.

So if we wanted to print out the name of the logged on user we could use

<%=request.servervariables ("LOGON_USER")%>

Alternatively we could create a variable within the session_onstart subroutine stored within the global.asa file in the secure directory to hold this value as below.

sub session_onstart
Session("username")=request.Servervariables("LOGON_USER")
end sub

Steve
0
 
LVL 75

Expert Comment

by:Michel Plungjan
Comment Utility
Nikhilh: You asked how it was done, not how to do it on IIS.
Sorry. The answer is still that it is done using basic authorisation which can be turned on in IIS as well.
Be aware that challenge response protection in IIS will only allow MSIE to acess the pages.

Michel

0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Suggested Solutions

Ever wondered how to display how many visitors you have online. In this tutorial I will show you an easy but effective way to display the number of online visitors in WhizBase. In this article I assume you have read my previous articles and know …
Active Directory replication delay is the cause to many problems.  Here is a super easy script to force Active Directory replication to all sites with by using an elevated PowerShell command prompt, and a tool to verify your changes.
Learn the basics of strings in Python: declaration, operations, indices, and slicing. Strings are declared with quotations; for example: s = "string": Strings are immutable.: Strings may be concatenated or multiplied using the addition and multiplic…
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now