Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Request.Server variables blank for classic ASP

Status
Not open for further replies.

how2trainyourdragon

Programmer
Dec 12, 2005
12
US
We are running a classic ASP app, and the upgrade to IIS 8.5 caused our Request.Server variables to be blank:
AUTH_USER
LOGON_USER

Windows Auth is the default authentication type, and server admin has verified all other options are disabled like Anonymous Authentication

Anything else we should be trying?
I saw this in another forum, but not sure how to use:
Response.Write(User.Identity.Name.ToString())

...the above line with User.Identity breaks our ASP page.

Tried both:
<% WindowsIdentity.GetCurrent().Name %>
<% HttpContext.Current.User.Identity.Name %>

...and it breaks the page.
 
These are .net rather than classic

<% WindowsIdentity.GetCurrent().Name %>
<% HttpContext.Current.User.Identity.Name %>

The problem you have is that your server is using an anonymous authentication, so it doesn't
have an ID or login to tell you about.

You might find something in the web.config that you could change, I *think* it is something like this:

Code:
   <system.webServer>
      <security>
         <authentication>
            <anonymousAuthentication enabled="false" />   <!--This line you need-->
            <basicAuthentication enabled="true" />
            <windowsAuthentication enabled="true" />
          </authentication>
      </security>
   </system.webServer>

I am not convinced it will work though as that will probably be locked at the parent level.

Regards

Griff
Keep [Smile]ing

There are 10 kinds of people in the world, those who understand binary and those who don't.

I'm trying to cut down on the use of shrieks (exclamation marks), I'm told they are !good for you.
 
Our admin states we're on Windows Auth.
Is there a way to write back to the page showing the site is still using anonymous?

The web.config file is:

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<tracing>
<traceFailedRequests>
<remove path="*.asp" />
<add path="*.asp">
<traceAreas>
<add provider="ASP" verbosity="Verbose" />
<add provider="ASPNET" areas="Infrastructure,Module,Page,AppServices" verbosity="Verbose" />
<add provider="ISAPI Extension" verbosity="Verbose" />
<add provider=" areas="Authentication,Security,Filter,StaticFile,CGI,Compression,Cache,RequestNotifications,Module,FastCGI" verbosity="Verbose" />
</traceAreas>
<failureDefinitions timeTaken="00:00:00" statusCodes="500" />
</add>
</traceFailedRequests>
</tracing>
<httpErrors errorMode="Detailed" />
</system.webServer>
</configuration>
 
I think if AUTH_USER and LOGON_USER are coming back blank, that means it is accepting anonymous access.

Regards

Griff
Keep [Smile]ing

There are 10 kinds of people in the world, those who understand binary and those who don't.

I'm trying to cut down on the use of shrieks (exclamation marks), I'm told they are !good for you.
 
Admin says it's set to Windows..."everything else is disabled".
Anything we can run to prove it's running anonymous?

Admin is only one that can log in to IIS, so we're relying on what he's saying.
 
I think if AUTH_USER and LOGON_USER are coming back blank, that means it is accepting anonymous access.

Set up another server yourself and see. You can do it on a PC...

A little more digging gave me this:


Regards

Griff
Keep [Smile]ing

There are 10 kinds of people in the world, those who understand binary and those who don't.

I'm trying to cut down on the use of shrieks (exclamation marks), I'm told they are !good for you.
 
Thanks for the link. We saw that one last week too, and I highlighted to our admin the disabling Anonymous Auth. He said it's disabled:

Jesus tapdancing **** 7 years later and this was the only place I could find an answer to this infuriating question! Many thanks, tad_n, for bothering to post this. Disabling Anonymous Authentication was the trick. IIS 8.5 now.​

I did try via Edge & Firefox browser >> New InPrivate Window / New Private Window, and no credential prompt.
Would that further support anonymous authentication is on for some reason?
 
Sometimes you have to wait 7 years for a penny to drop... send your admin the link? Probably won't help.

Regards

Griff
Keep [Smile]ing

There are 10 kinds of people in the world, those who understand binary and those who don't.

I'm trying to cut down on the use of shrieks (exclamation marks), I'm told they are !good for you.
 
He/she will probably be grumpy bumps by now then.



Regards

Griff
Keep [Smile]ing

There are 10 kinds of people in the world, those who understand binary and those who don't.

I'm trying to cut down on the use of shrieks (exclamation marks), I'm told they are !good for you.
 
Penny dropped a lot sooner than 7 years then

Regards

Griff
Keep [Smile]ing

There are 10 kinds of people in the world, those who understand binary and those who don't.

I'm trying to cut down on the use of shrieks (exclamation marks), I'm told they are !good for you.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top