Solved

ASP Autherization

Posted on 1998-12-04
3
154 Views
Last Modified: 2013-12-25
How to get user/password of remote user efficiently?

I know if I write the code below prior to HEAD:
  <% Response.Status = "401 Unauthorized"
         Response.end
  %>
the browser will prompt a "autherization failed" dialog, then a user/password dialog.
Then, user can input his user/pass. The browser will request the same URL with the user/pass.

1. How do I get the user/password in ASP? I find it in Request.ServerVariables, but get nothing about it.
2. How do I do to remove the "autheriaztion failed" dialog and prompt the user/pass directly? (If I can't, let's forget it...)

I don't want to add the user Account in NT,
because I still need to know which user is accessing my asp , then get the resource about the user from DB.

This is my Code, please help me
<%
        ' get the user/pass   ' ---> how?
        ' confirm the user/pass with database
        '.......................
        If not DBResult("LoginSuccess") then
           Response.Status = "401 Unauthorized"    ' ---> will prompt the "Autherization Failed. Retry?" Dialog.
                                                                             ' --->How to remove it in the first time?
           Response.End
        end if
%>
<HEAD>
.....

0
Comment
Question by:threshold
  • 2
3 Comments
 
LVL 2

Author Comment

by:threshold
ID: 1829941
Edited text of question
0
 
LVL 28

Accepted Solution

by:
sybe earned 100 total points
ID: 1829942
<%
username = Request.Servervariables("LOGON_USER")
password = Request.ServerVariables("AUTH_PASSWORD")
%>

You should not be able to get the password (it's secret, you know...), although for some unclear reasons and in so far not reproducable situations i DID also see the password.


Beware with the use of

Response.Status = "401 Unauthorized"

It pops up the login dialog, but anything can be entered and when there is no NT-authorization after that the user can just continue. NT-authorization is done by the OS on a much lower level then ASP can reach.

So if you want to check username/password against a database, you 'll have to make your own login screen (with an HTML-form). Then you can read the password as well.

If you want to know about that, look at
http://www.experts-exchange.com/topics/comp/www/authoring/Q.10067096
where I have described the procedure extensively

0
 
LVL 2

Author Comment

by:threshold
ID: 1829943
Thanks, Sybe.
As you said, IIS will filter the user/pass from HTTP Request. I can't check them in asp.
Thanks again.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this tutorial I will focus on how to use WhizBase as a tool for sending ICQ messages to ICQ. Here I will use a new technology in WhizBase, published in WhizBase 5.1 version. In this tutorial I will use 3 files, pager.wbsp for the processing, e…
Active Directory replication delay is the cause to many problems.  Here is a super easy script to force Active Directory replication to all sites with by using an elevated PowerShell command prompt, and a tool to verify your changes.
In this fourth video of the Xpdf series, we discuss and demonstrate the PDFinfo utility, which retrieves the contents of a PDF's Info Dictionary, as well as some other information, including the page count. We show how to isolate the page count in a…
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question