Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Domain Passwords in ASP Apps 1

Status
Not open for further replies.
DANZIG

DANZIG

Technical User
Mar 8, 2001
142
0
0
US
Hello

I was curious to know how applications written in ASP use what seems to be the users domain account and password in the application? This would work well for something I'm working on so the users only have to keep track of one password in stead of using a domain Id and an application password.




Thanks, Danzig
 
Sort by date Sort by votes
You are correct in that using Windows built in security is really the easiest and one of the more secure methods to secure access to parts of a website. Of course, this is usually only an option if you have control of the whole server -- that is, you have the ability to turn off anonymous access to your website and to add windows users to the server.

First thing you have to do is create your users as Windows users (or domain users). Then, fire up IIS Manager, right click your website, select Properties, click the Directory Security tab, click the Edit button near the top, then uncheck the Anonymous Access checkbox. IIS will default to the least common denominator so if you enable anonymous access, you will always get anonymous access -- even when the user is an authenticated member of the domain. (IIS defaults to least common denominator.)

Once you have this setup, create an ASP page with this code:
Code: 
<style>
body {
	background-color:black;
}
td {
	font-family:Verdana;
	font-size:8pt;
}
.label {
	background-color:whitesmoke;
}
.field {
	background-color:gainsboro;
}
</style>
<table>
<%
	for each item in Request.ServerVariables
		Response.Write("<tr>" & _
			"<td class=label align=right valign=top>" & item & "</td>" & _
			"<td class=field valign=top>" & Request.ServerVariables(item) & "</td>" & _
			"</tr>" & vbcrlf)
	next
%>
</table>
Run it and notice this value - AUTH_USER. It will give you the user's account name.
Code: 
username = Request.ServerVariables("AUTH_USER")
You don't need to think about verifying passwords because Windows already handled that for you. If the user hits your page, you know they are authenticated already.

Nice thing about this security model is that ALL files are protected -- not just script files.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

penguinspeaks
  • Locked
  • Question
write HTML code within ASP line
Replies
1
Views
116
xwb
xwb
leifoet
  • Locked
  • Question
How to send HTML emails with ASP classic?
Replies
0
Views
99
leifoet
leifoet
penguinspeaks
  • Locked
  • Question
Return to current location on page after asp processes.
Replies
2
Views
92
penguinspeaks
penguinspeaks
bslintx2021
  • Locked
  • Question
How to configure IIS 10 server to allow Classic ASP to connect to MSSQL server database on a domain
Replies
1
Views
214
penguinspeaks
penguinspeaks
how2trainyourdragon
  • Locked
  • Question
Request.Server variables blank for classic ASP
Replies
12
Views
220
GriffMG
GriffMG

Part and Inventory Search

Sponsor

Back
Top