Possible to verify user login?

[Devin]

Hi,

This might seem a little bit disjointed. My boss is suggesting I take
a certain approach to something. There is a private section of the
intranet (its essentially its own section as few users would have use
for it or even know of its existence) and when a user logs on to the
home page of this intranet site ASP should verify that they are
allowed to be there (based on them logging on to the network when they
logged on to their PC).

I suppose it could be done with folder permissions. I don't really
see how else though.

Any suggestions or questions about my question?


D

 

[Tim Slattery]

Hi,

This might seem a little bit disjointed. My boss is suggesting I take
a certain approach to something. There is a private section of the
intranet (its essentially its own section as few users would have use
for it or even know of its existence) and when a user logs on to the
home page of this intranet site ASP should verify that they are
allowed to be there (based on them logging on to the network when they
logged on to their PC).

You can retrieve the ID of the person accessing your ASP system using
request.servervariables("LOGIN_USER"). (Presumably they won't be able
to even get to your site, or use the LAN at all, unless they are
properly logged on. Once you've got their userid, you can decide
whether the user should be allowed to use your system.

 

[Anthony Jones]

Hi,

This might seem a little bit disjointed. My boss is suggesting I take
a certain approach to something. There is a private section of the
intranet (its essentially its own section as few users would have use
for it or even know of its existence) and when a user logs on to the
home page of this intranet site ASP should verify that they are
allowed to be there (based on them logging on to the network when they
logged on to their PC).

I suppose it could be done with folder permissions. I don't really
see how else though.

Any suggestions or questions about my question?

Yes folder permissions would be the way to achieve this. Turn off anonymous
access and turn on windows integrated. Create a Group in AD which
represents the set of users that should have access to this application and
grant that group read access on the folder and contents which holds the
applicaiton. Add the users that should have access to the Group.

If you are using a FQDN for the server then the users will need to add that
FQDN to their set of sites considered to be an intranet site (a simple host
name is assumed by IE to be an intranet site).

If your ASP code needs to discover which of the users is actually using the
app then you can use the AUTH_USER server variable.

 

[Evertjan.]

Anthony Jones wrote on 21 okt 2008 in
microsoft.public.inetserver.asp.general:

.

Yes folder permissions would be the way to achieve this. Turn off
anonymous access and turn on windows integrated. Create a Group in AD
which represents the set of users that should have access to this
application and grant that group read access on the folder and
contents which holds the applicaiton. Add the users that should have
access to the Group.

If you are using a FQDN for the server then the users will need to add
that FQDN to their set of sites considered to be an intranet site (a
simple host name is assumed by IE to be an intranet site).

If your ASP code needs to discover which of the users is actually
using the app then you can use the AUTH_USER server variable.

Why not set a session variable on logon for those users,
and simply test those pages with an include for that session variable?
No need for folder permissions if all you want is page access
restrictions.

If you want folder restrictions without IIS authentication you could set
up virtual folders and streaming.

 

[Anthony Jones]

Anthony Jones wrote on 21 okt 2008 in
microsoft.public.inetserver.asp.general:


Why not set a session variable on logon for those users,
and simply test those pages with an include for that session variable?
No need for folder permissions if all you want is page access
restrictions.

If you want folder restrictions without IIS authentication you could set
up virtual folders and streaming.

Because it easier to simply assign a group and manage membership with AD.
No code necessary. What you're proposing is way harder and slower to boot.

 

[Evertjan.]

Anthony Jones wrote on 22 okt 2008 in
microsoft.public.inetserver.asp.general:

Because it easier to simply assign a group and manage membership with
AD. No code necessary. What you're proposing is way harder

Anthony, you are only referring to site owners that own the server or have
at least access to the IIS, many of us are not that fortunate.

and slower to boot.

Why?
And if so does that matter?
Or are you referring to something else than machine boots?

"These boots are made for walking"
<

>

 

[Anthony Jones]

Anthony Jones wrote on 22 okt 2008 in
microsoft.public.inetserver.asp.general:


Anthony, you are only referring to site owners that own the server or have
at least access to the IIS, many of us are not that fortunate.

The OP is refering to carving out a private section of an intranet. Also
specifically referenced is the use of network logged in users.

Why?
And if so does that matter?
Or are you referring to something else than machine boots?

"These boots are made for walking"
<

>

My apologies, I forgot the international nature of NGs. In the part of the
global I live in "to boot" can loosely mean "as well as" or "in addition" in
the context that I used it. The etomolgy of such use is mystifying.