ASP Autherization

How to get user/password of remote user efficiently?

I know if I write the code below prior to HEAD:
  <% Response.Status = "401 Unauthorized"
         Response.end
  %>
the browser will prompt a "autherization failed" dialog, then a user/password dialog.
Then, user can input his user/pass. The browser will request the same URL with the user/pass.

1. How do I get the user/password in ASP? I find it in Request.ServerVariables, but get nothing about it.
2. How do I do to remove the "autheriaztion failed" dialog and prompt the user/pass directly? (If I can't, let's forget it...)

I don't want to add the user Account in NT,
because I still need to know which user is accessing my asp , then get the resource about the user from DB.

This is my Code, please help me
<%
        ' get the user/pass   ' ---> how?
        ' confirm the user/pass with database
        '.......................
        If not DBResult("LoginSuccess") then
           Response.Status = "401 Unauthorized"    ' ---> will prompt the "Autherization Failed. Retry?" Dialog.
                                                                             ' --->How to remove it in the first time?
           Response.End
        end if
%>
<HEAD>
.....

LVL 2
thresholdAsked:
Who is Participating?
 
sybeConnect With a Mentor Commented:
<%
username = Request.Servervariables("LOGON_USER")
password = Request.ServerVariables("AUTH_PASSWORD")
%>

You should not be able to get the password (it's secret, you know...), although for some unclear reasons and in so far not reproducable situations i DID also see the password.


Beware with the use of

Response.Status = "401 Unauthorized"

It pops up the login dialog, but anything can be entered and when there is no NT-authorization after that the user can just continue. NT-authorization is done by the OS on a much lower level then ASP can reach.

So if you want to check username/password against a database, you 'll have to make your own login screen (with an HTML-form). Then you can read the password as well.

If you want to know about that, look at
http://www.experts-exchange.com/topics/comp/www/authoring/Q.10067096
where I have described the procedure extensively

0
 
thresholdAuthor Commented:
Edited text of question
0
 
thresholdAuthor Commented:
Thanks, Sybe.
As you said, IIS will filter the user/pass from HTTP Request. I can't check them in asp.
Thanks again.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.