Solved

ASP Autherization

Posted on 1998-12-04
3
150 Views
Last Modified: 2013-12-25
How to get user/password of remote user efficiently?

I know if I write the code below prior to HEAD:
  <% Response.Status = "401 Unauthorized"
         Response.end
  %>
the browser will prompt a "autherization failed" dialog, then a user/password dialog.
Then, user can input his user/pass. The browser will request the same URL with the user/pass.

1. How do I get the user/password in ASP? I find it in Request.ServerVariables, but get nothing about it.
2. How do I do to remove the "autheriaztion failed" dialog and prompt the user/pass directly? (If I can't, let's forget it...)

I don't want to add the user Account in NT,
because I still need to know which user is accessing my asp , then get the resource about the user from DB.

This is my Code, please help me
<%
        ' get the user/pass   ' ---> how?
        ' confirm the user/pass with database
        '.......................
        If not DBResult("LoginSuccess") then
           Response.Status = "401 Unauthorized"    ' ---> will prompt the "Autherization Failed. Retry?" Dialog.
                                                                             ' --->How to remove it in the first time?
           Response.End
        end if
%>
<HEAD>
.....

0
Comment
Question by:threshold
  • 2
3 Comments
 
LVL 2

Author Comment

by:threshold
ID: 1829941
Edited text of question
0
 
LVL 28

Accepted Solution

by:
sybe earned 100 total points
ID: 1829942
<%
username = Request.Servervariables("LOGON_USER")
password = Request.ServerVariables("AUTH_PASSWORD")
%>

You should not be able to get the password (it's secret, you know...), although for some unclear reasons and in so far not reproducable situations i DID also see the password.


Beware with the use of

Response.Status = "401 Unauthorized"

It pops up the login dialog, but anything can be entered and when there is no NT-authorization after that the user can just continue. NT-authorization is done by the OS on a much lower level then ASP can reach.

So if you want to check username/password against a database, you 'll have to make your own login screen (with an HTML-form). Then you can read the password as well.

If you want to know about that, look at
http://www.experts-exchange.com/topics/comp/www/authoring/Q.10067096
where I have described the procedure extensively

0
 
LVL 2

Author Comment

by:threshold
ID: 1829943
Thanks, Sybe.
As you said, IIS will filter the user/pass from HTTP Request. I can't check them in asp.
Thanks again.
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

This tutorial will discuss fancy secure registration forms, with AJAX technology support. In this article I assume you already know HTML and some JS. I will write the code using WhizBase Server Pages, so you need to know some basics in WBSP (you mig…
This article will show, step by step, how to integrate R code into a R Sweave document
The viewer will learn the basics of jQuery, including how to invoke it on a web page. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery.: (CODE)
In this fourth video of the Xpdf series, we discuss and demonstrate the PDFinfo utility, which retrieves the contents of a PDF's Info Dictionary, as well as some other information, including the page count. We show how to isolate the page count in a…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now