How to manage custom login and session on IIS?
Posted on 2001-09-06
Where can I find a good description and/or articles describing how to properly manage HTTP authentication (Status 401 and WWW-Authenticate lines in response header) *and* session cookie / URL mangling to track custom session state?
It's easy to find reference information, telling what property to set to send a '401' response, but where's a good article that will tell me if I should redirect to check for cookies first or request athentication first?
_ _ _
I'd like to use HTTP authentication where appropriate, and switch to HTML form-based authentication if the user cancels the pop-up. (Most of our users will have NT logins, but some may use custom application-defined user names and passwords.)
I'd like to manage custom session information, stored in a database, based on a customized "xmlSession" component. (Top management requires this to support server farms without "sticky" IP addresses.)
_ _ _
P.S. I'm talking about Visual Basic Scripting (VBS) code on Active Server Pages (ASP), with support from Visual Basic COM components.