User Variable

B

Bruno

Do you know how to get windows login variables (i.e. the LOGON_USER server
variable) from ASP without having to fill in the challenge response message
box that automatically appears when you configure IIS to Integrated Windows
Security for a particular site? I don't want users to have to log in again
to the site as they have already logged in to windows but I want to use
their username on the back end to verify permissions. Is it possible?
 
K

Ken Schaefer

A browser does not send credentials to the server *unless* the server says
to the browser "access denied - supply some user credentials please"

At this point, the browser pops-up a dialogue box. It would be a huge
security problem if the browser automatically sent the user's credentials to
any old server that requested them!

That said, IE does automatically log a user on (send their credentials) if
the site is in the Intranet or Trusted Sites security zones. If you are
using a FQDN or IP address for your site, you'll need to add it to the
user's Intranet or Trusted Sites zones (eg using a logon script if you want
to automate the process)

More info here:
http://support.microsoft.com/?id=258063

Cheers
Ken

: Do you know how to get windows login variables (i.e. the LOGON_USER server
: variable) from ASP without having to fill in the challenge response
message
: box that automatically appears when you configure IIS to Integrated
Windows
: Security for a particular site? I don't want users to have to log in again
: to the site as they have already logged in to windows but I want to use
: their username on the back end to verify permissions. Is it possible?
:
:
 
B

Bruno

Ken Schaefer said:
A browser does not send credentials to the server *unless* the server says
to the browser "access denied - supply some user credentials please"

At this point, the browser pops-up a dialogue box. It would be a huge
security problem if the browser automatically sent the user's credentials to
any old server that requested them!

That said, IE does automatically log a user on (send their credentials) if
the site is in the Intranet or Trusted Sites security zones. If you are
using a FQDN or IP address for your site, you'll need to add it to the
user's Intranet or Trusted Sites zones (eg using a logon script if you want
to automate the process)

More info here:
http://support.microsoft.com/?id=258063

Cheers
Ken

: Do you know how to get windows login variables (i.e. the LOGON_USER server
: variable) from ASP without having to fill in the challenge response
message
: box that automatically appears when you configure IIS to Integrated
Windows
: Security for a particular site? I don't want users to have to log in again
: to the site as they have already logged in to windows but I want to use
: their username on the back end to verify permissions. Is it possible?
:
:
Click to expand...
Thanks Ken.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

User authentication 1
Problem with a login script, SESSION user rights and put this together so it works with the other pages and MySQL. Code examples. 2
How to Create a random password generator in a separate window 4
How do I set the default content page) on a Classic ASP file? 0
Login failed for user '(null)' 5
Possible to verify user login? 6
session variable inconsistency 3
Problem with FolderExists and UNC Path in ASP Page 0

Members online

Total: 419 (members: 4, guests: 415)
Robots: 121

Forum statistics

Threads
474,093
Messages
2,570,613
Members
47,230
Latest member
RenaldoDut

Latest Threads

Top