Solved

Troubleshooting Server Variable "LOGON_USER"

Posted on 2004-08-18
5
429 Views
Last Modified: 2012-06-27
Hello.  I am developing a department website within a company intranet.  I don't have full access to our IIS servers, but only the folder/directory from FrontPage wherein resides our webpages.  I am not part of our IT dept. here.  (I will attempt to be organized in my problem statement.)

INTENDED-DESIGN:
1.) Home page contains an IFRAME that displays department news via a CMS database (CMS application taken from www.aspcontentmanagement.com).  Some of the CMS pages have been edited to detect the userID with the Request.ServerVariables("Logon_User") function.  If a certain user is detected, ASP code will display an "edit" link to allow individual to edit CMS content.

2.) Home page also contains javascript to launch popup window based on user's cookie setttings.  However, in the case of an anonymous user, ASP code in the Home page detects empty string for "Logon_User" and does not launch popup window.  The Request.ServerVariable function is used with an If/Then statement on the Home page just before the </BODY> tag.  My intention is to have the home page load completely, then execute the popup, if necessary.

3.) The Home page contains a link to another page where employees can enter suggestions into a DB.  The DB is an MS Access table updated by VBScript.  If the user is a supervisor, editing tools show up on his page.  Again, this feature is available through the use of the Request.ServerVariables("Logon_User") function.

ACTUAL SITUATION:
1.) Upon initial loading of the Home page, the CMS news items in the IFRAME show up as intended.  However, the "edit" link does not appear to those users for whom it's intended.

2.) Upon initial loading of the Home page, the popup window never launches.  This indicates that the If/Then statement is resulting in an empty string for the "Logon_User" variable.

3.) No problems at all.  Appropriate users have editing rights.  I can even test the script to take my userID out of "editing rights" for the DB.  When I refresh the page, the editing tools are no longer there.  Therefore, I know Request.ServerVariables("Logon_User") is reporting correctly.  When I go back to the Home page from here, the "edit" link for the CMS is shown, and the popup window launches.

Here is the code I'm using.
CODE:
1.)
<%
strLogonUser = Request.ServerVariables("Logon_User")
If Request.ServerVariables("Logon_User") = "" Then
         strUser = "Anonymous User"
Else
      strUser = Right(strLogonUser, Len(strLogonUser) - InStr(strLogonUser, "\"))
End If
%>

2.)
<%
'Don't run script if user is anonymous.
dim strLogonUser
strLogonUser = Request.ServerVariables("Logon_User")
If strLogonUser <> "" Then
%>
<script language="Javascript" src="/scripts/PopUp.js"> </script>
<%
End If
%>

3.)
<%
      If Request.ServerVariables("logon_user") = "" Then
            Response.Status = "401 access denied"
            Response.End
     End If
      
      'Verify user should be here
       strLogonUser = Request.ServerVariables("Logon_User")
       strUser = Right(strLogonUser, Len(strLogonUser) - InStr(strLogonUser, "\"))
If strUser = "me" Then    ' Run HTML code.
%>

..some HTML code...

<%

...some VBScript code to open the DB in editing mode...

Else
%>
<b>Not authorized to view this page.</b>
<%
End If
%>


To aid in troubleshooting this, I found some code from the net that displays all the IIS server variables:
<HTML>
<HEAD>
<TITLE>HTTP Variables</TITLE>
</HEAD>
<BODY><H1>HTTP SERVER VARIABLES></H1>
<TABLE>
<TR><TD><B>Server Variable</B></TD><TD><B>Value</B></TD></TR>
<% For Each name In Request.ServerVariables %>
<TR><TD> <%= name %> </TD><TD>  <%= Request.ServerVariables(name) %> </TD></TR>
<% Next %>
</TABLE>
 
</BODY></HTML>

"Logon_User" continually shows an empty string even after refreshing the page.  However, if I refresh this page after executing the code in example 3, then it will always correctly report my userID.  So, finally, we get to my question:  Am I not using the Request.ServerVariable function correctly on my pages?  Originally, I had started out using the code in example 3 for the first two events, too.

However, in the first event, I don't think I want a Response.End because there are some computers in our workplace that have been configured as anonymous users (not sure how this relates to the IIS server, if at all).  The code in example 3 had forced a login dialog popup.  I don't want that to happen.

The second event is related to the first.  I don't want any forced login dialogs to popup on an anonymous screen.  

I hope I have clearly stated my problem.  For the patience required in this lengthy reading, I am offering 250 points.  I hope the fish are biting today!  Thanks in advance.
0
Comment
Question by:gpdeering
  • 2
5 Comments
 

Author Comment

by:gpdeering
ID: 11837286
I've increased the size of the bait!  Any takers?
0
 
LVL 4

Expert Comment

by:kssaran
ID: 11849177
Hi

You must first enable the windows Authentication to get value for Request.ServerVariables("Logon_User")

You can do this setting in your IIS Site Properties

Directory Security
Edit
Untick the Ananymous access and enable the authentication method available like Basic Authentication(Low Security) or Integrated Windows Authentication

The above settings are applicable only for the local windows login users. probably you can split this section as a virtual host like

myleave.intranet.com and you can enable this authentication method only for this virtual Host

Rgds
Sara
0
 

Author Comment

by:gpdeering
ID: 11854619
Hi Sara,

Thanks for the reply.  I don't have access to the settings on our IIS server.  However, when I once asked our IT dept about the use of the LOGON_USER variable, I received an answer that didn't seem to address my problem.  So, I left it alone.  But I came to understand that our server was configured to authenticate users and allow anonymous intranet connections.  So, I didn't think our IIS configuration was the problem.

But, good news!  (For me, anyway.)  I finally fixed my authentication problems!

The short answer is that I had to make the code in events 1 & 2 similar to 3.  I had already addressed the solution when asking my question earlier.  In other words, it seems the authentication process on the server likes to see the Response.Status="401 access denied" and Response.End statements.  Yet, I can still assign "Anonymous User" string value to any variable I want, and continue on with my IF/THEN statement.

Originally, an error obtained by including these statements made me think I was dead in the water.  But the error was unrelated to the use of these statements.

My final code (now for all 3 events):

<%
strLogonUser = Request.ServerVariables("Logon_User")
If strLogonUser = "" Then
    Response.Status = "401 access denied"
    Response.End
    strUser="Anonymous User"
Else
      strUser = Right(strLogonUser, Len(strLogonUser) - InStr(strLogonUser, "\"))
End If

'Don't run script if user is anonymous.
If strUser <> "Anonymous User" Then
%>

...process conditional event here...

<%
End If
%>


So, I'd like to close the question with the points refunded.

Thanks,
Glen
0
 

Accepted Solution

by:
modulo earned 0 total points
ID: 12765091
PAQed with points refunded (500)

modulo
Community Support Moderator
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Suggested Solutions

I have helped a lot of people on EE with their coding sources and have enjoyed near about every minute of it. Sometimes it can get a little tedious but it is always a challenge and the one thing that I always say is:  The Exchange of information …
Hello, all! I just recently started using Microsoft's IIS 7.5 within Windows 7, as I just downloaded and installed the 90 day trial of Windows 7. (Got to love Microsoft for allowing 90 days) The main reason for downloading and testing Windows 7 is t…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now