ASP Autherization

Posted on 1998-12-04
Medium Priority
Last Modified: 2013-12-25
How to get user/password of remote user efficiently?

I know if I write the code below prior to HEAD:
  <% Response.Status = "401 Unauthorized"
the browser will prompt a "autherization failed" dialog, then a user/password dialog.
Then, user can input his user/pass. The browser will request the same URL with the user/pass.

1. How do I get the user/password in ASP? I find it in Request.ServerVariables, but get nothing about it.
2. How do I do to remove the "autheriaztion failed" dialog and prompt the user/pass directly? (If I can't, let's forget it...)

I don't want to add the user Account in NT,
because I still need to know which user is accessing my asp , then get the resource about the user from DB.

This is my Code, please help me
        ' get the user/pass   ' ---> how?
        ' confirm the user/pass with database
        If not DBResult("LoginSuccess") then
           Response.Status = "401 Unauthorized"    ' ---> will prompt the "Autherization Failed. Retry?" Dialog.
                                                                             ' --->How to remove it in the first time?
        end if

Question by:threshold
  • 2

Author Comment

ID: 1829941
Edited text of question
LVL 28

Accepted Solution

sybe earned 400 total points
ID: 1829942
username = Request.Servervariables("LOGON_USER")
password = Request.ServerVariables("AUTH_PASSWORD")

You should not be able to get the password (it's secret, you know...), although for some unclear reasons and in so far not reproducable situations i DID also see the password.

Beware with the use of

Response.Status = "401 Unauthorized"

It pops up the login dialog, but anything can be entered and when there is no NT-authorization after that the user can just continue. NT-authorization is done by the OS on a much lower level then ASP can reach.

So if you want to check username/password against a database, you 'll have to make your own login screen (with an HTML-form). Then you can read the password as well.

If you want to know about that, look at
where I have described the procedure extensively


Author Comment

ID: 1829943
Thanks, Sybe.
As you said, IIS will filter the user/pass from HTTP Request. I can't check them in asp.
Thanks again.

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

I hope you'll find this tutorial useful and interesting. So let's try to extend Tcl with a new package.  For anyone more deeply interested please check out the book "Practical Programming in Tcl and Tk". It's really one of the best written books abo…
A quick Powershell script I wrote to find old program installations and check versions of a specific file across the network.
Learn the basics of modules and packages in Python. Every Python file is a module, ending in the suffix: .py: Modules are a collection of functions and variables.: Packages are a collection of modules.: Module functions and variables are accessed us…
In this fifth video of the Xpdf series, we discuss and demonstrate the PDFdetach utility, which is able to list and, more importantly, extract attachments that are embedded in PDF files. It does this via a command line interface, making it suitable …

586 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question