Solved

ASP Autherization

Posted on 1998-12-04
3
155 Views
Last Modified: 2013-12-25
How to get user/password of remote user efficiently?

I know if I write the code below prior to HEAD:
  <% Response.Status = "401 Unauthorized"
         Response.end
  %>
the browser will prompt a "autherization failed" dialog, then a user/password dialog.
Then, user can input his user/pass. The browser will request the same URL with the user/pass.

1. How do I get the user/password in ASP? I find it in Request.ServerVariables, but get nothing about it.
2. How do I do to remove the "autheriaztion failed" dialog and prompt the user/pass directly? (If I can't, let's forget it...)

I don't want to add the user Account in NT,
because I still need to know which user is accessing my asp , then get the resource about the user from DB.

This is my Code, please help me
<%
        ' get the user/pass   ' ---> how?
        ' confirm the user/pass with database
        '.......................
        If not DBResult("LoginSuccess") then
           Response.Status = "401 Unauthorized"    ' ---> will prompt the "Autherization Failed. Retry?" Dialog.
                                                                             ' --->How to remove it in the first time?
           Response.End
        end if
%>
<HEAD>
.....

0
Comment
Question by:threshold
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 2

Author Comment

by:threshold
ID: 1829941
Edited text of question
0
 
LVL 28

Accepted Solution

by:
sybe earned 100 total points
ID: 1829942
<%
username = Request.Servervariables("LOGON_USER")
password = Request.ServerVariables("AUTH_PASSWORD")
%>

You should not be able to get the password (it's secret, you know...), although for some unclear reasons and in so far not reproducable situations i DID also see the password.


Beware with the use of

Response.Status = "401 Unauthorized"

It pops up the login dialog, but anything can be entered and when there is no NT-authorization after that the user can just continue. NT-authorization is done by the OS on a much lower level then ASP can reach.

So if you want to check username/password against a database, you 'll have to make your own login screen (with an HTML-form). Then you can read the password as well.

If you want to know about that, look at
http://www.experts-exchange.com/topics/comp/www/authoring/Q.10067096
where I have described the procedure extensively

0
 
LVL 2

Author Comment

by:threshold
ID: 1829943
Thanks, Sybe.
As you said, IIS will filter the user/pass from HTTP Request. I can't check them in asp.
Thanks again.
0

Featured Post

Why You Need a DevOps Toolchain

IT needs to deliver services with more agility and velocity. IT must roll out application features and innovations faster to keep up with customer demands, which is where a DevOps toolchain steps in. View the infographic to see why you need a DevOps toolchain.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

In this tutorial I will focus on how to use WhizBase as a tool for sending ICQ messages to ICQ. Here I will use a new technology in WhizBase, published in WhizBase 5.1 version. In this tutorial I will use 3 files, pager.wbsp for the processing, e…
The Windows functions GetTickCount and timeGetTime retrieve the number of milliseconds since the system was started. However, the value is stored in a DWORD, which means that it wraps around to zero every 49.7 days. This article shows how to solve t…
Learn the basics of lists in Python. Lists, as their name suggests, are a means for ordering and storing values. : Lists are declared using brackets; for example: t = [1, 2, 3]: Lists may contain a mix of data types; for example: t = ['string', 1, T…
The viewer will learn how to dynamically set the form action using jQuery.

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question