AUTH_USER server variable

M

MeAndI

How to everybody,
how it is possible to change the value of the AUTH_USER server variable?
Is this possible?
If no, how I could change the logged user?

Thanks for help
 
R

Ray at

Server variables are read only. To change the auth_user, the visitor of the
site would have to authenticate as a different user, afaIk.

Ray at work
 
A

Aaron Bertrand [MVP]

how it is possible to change the value of the AUTH_USER server variable?

As Ray said, ServerVariables are read only.
If no, how I could change the logged user?
Click to expand...

Tell them to log in as someone else. If you're trying to find a way to
sneak around Windows Authentication, stop using it, because you're missing
its purpose.
 
M

MeAndI

How can I force the user to insert username and password?
I don't want to disable anonymous access to my site.
 
A

Aaron Bertrand [MVP]

How can I force the user to insert username and password?
I don't want to disable anonymous access to my site.
Click to expand...

Um, this sounds like a contradiction to me. The way to force users to enter
their username and password is to disable anonymous access.

Wait, you're not expecting users to send their Windows password to an ASP
script, are you? That'd be one of the biggest security holes your network
has ever seen.
 
M

MeAndI

My site is structured as follow:
a part on an external server (where the users have free access), and a part
on an internal server (where the users have to enter username and
passwords).
The login is managed by windows (I modify the folder security to set what
user are able to access). But (I don't understand why), someone cannot
access to the restricted area because the system never ask the username and
password and returns the following error: "You are not authorized to view
this page".
Do you have any idea?
 
M

Mark Schupp

I have seen this behavior before. I think it is because the user is already
logged onto windows so IE sends the user's credentials to IIS without asking
for id and password. If the user does not have access granted to the
resources on the web-server then they get an error message.

You can force IIS to ask id and password again by enabling "basic"
authentication instead of "integrated" authentication. However, this sends
the user's id and password through the network in clear-text.

--
Mark Schupp
Head of Development
Integrity eLearning
www.ielearning.com
 
M

MeAndI

OK!
But if the login is incorrect I believe that the system asks for the correct
username and password. or not?
 
M

Mark Schupp

Not in my experience it doesn't. My example:

We have a "vendor's" area on our web site that I wanted to protect with
integrated authentication. Set up accounts and NTFS permission. Worked fine
from home on dialup and for some of the vendors. Got permission error and no
prompting for id/pw when logged onto our lan at work (web-server is not on
lan, it is outside of firewall). Possibly there is a setting somewhere to
modify this behavior but I don't know what it is.

--
Mark Schupp
Head of Development
Integrity eLearning
www.ielearning.com
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

auth_user 2
AUTH_USER & LOGON_USER server variables 0
Saving user's input for the next runs 0
Error getting REMOTE_USER Environment Variable 1
PHP $_GET super global variable 7
DNS Disaster: The Server Downfall 0
Can I declare a variable with an uncertainty number suffix? 0
Integrated Windows authentication fails sporadically IE7 clients 9

Members online

No members online now.
Total: 45 (members: 1, guests: 44)
Robots: 301

Forum statistics

Threads
473,996
Messages
2,570,238
Members
46,826
Latest member
robinsontor

Latest Threads

Top