Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Finding logged on User

Status
Not open for further replies.
jon24422531

jon24422531

Technical User
Jan 27, 2004
295
GB
Guys
I am putting together a fairly simple internal website in our company that will collect data and display from SQLServer. It works well so far, but the next part will be allowing users to write back to the SQL database(s). I want to be able to control which users have permission to do this, and include their login name as part of the data written back. Is this possible?
If it is not really feasible, then how about the computers DNS name? I could reference this against our users database if necessary.

Mnay thanks in anticipation

Jonathan
 
Sort by date Sort by votes
Sound to me like you need a permissions table that hold who has permissions to update, insert, delete database data. I assume you have a table with user logins ect.. just add a permissions table.
 
Upvote 0 Downvote
If you have disabled Anonymous access, then you should be able to retrieve the value from:

<%
Response.Write Request.ServerVariables("LOGON_USER")
' or
Response.Write Request.ServerVariables("AUTH_USER")
%>

Note that your users must be using Internet Explorer to support NT Challenge/Response (IIS 4.0) or Windows Authentication (IIS 5.0+).

If you need to support Netscape as well, then you can access these variables by enabling Basic Authentication as well as Windows Authentication. Note that this method of authentication is slightly less secure, since the password is sent in plain text (with Windows Authentication, IE encrypts the password as it is being sent across).

If you can't disable Anonymous access, then there is a possible alternative, provided you're not using DHCP. If your users have static IP addresses, you could store their usernames in a table and do a lookup against their IP:

<%
Response.Write Request.ServerVariables("REMOTE_ADDR")
%>

If you can't enforce either of those things, then you may have to resort to forcing your users to log in (even only once, then storing a cookie). I suppose this depends on balancing the importance of knowing who is on the site versus every user having to log in.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

penguinspeaks
  • Locked
  • Question
READ TEXT FILE BASED ON VARIABLE 1
Replies
2
Views
208
guitarzan
guitarzan
penguinspeaks
  • Locked
  • Question
Return to current location on page after asp processes.
Replies
2
Views
216
penguinspeaks
penguinspeaks
JScannell
  • Locked
  • Question
Border issue with Google Chrome on an Android phone
Replies
0
Views
191
JScannell
JScannell
leifoet
  • Locked
  • Question
First execute an input command and only then proceed with displaying the next record of the table
Replies
0
Views
156
leifoet
leifoet
bslintx2021
  • Locked
  • Question
How to configure IIS 10 server to allow Classic ASP to connect to MSSQL server database on a domain
Replies
1
Views
523
penguinspeaks
penguinspeaks

Part and Inventory Search

Sponsor

Back
Top