Can I capture username and password from NT authen

Results 1 to 2 of 2

Thread: Can I capture username and password from NT authen

  1. #1
    James Moore Guest

    Default Can I capture username and password from NT authen

    I have inherited a site that uses ASP pages to allow users to access a SQL database, this has been moved onto an NT server on which SQL server and IIS server reside. To beef up security users (all of which use Internet Explorer) now are authenticated when they connect to webpages with NT authentication. However, this means they have to type in their username and password to access the pages, then they need to type in their username and password for an ASP script to determine how they can use the SQL database. <BR><BR>Getting to grips (slowly) with ASP but what I would like to do is to modify the below so I can pass the username and password directly from the NT authentication logon, rather than requesting this information again from the users. Is this possible? Does anyone have any ideas as how to go about it<BR><BR> set conn = Server.CreateObject("ADODB.Connection")<BR> Conn.Open "thedatabase","sa",""<BR> set rs = conn.execute ("select flduid, fldEmail, fldFirstName, fldLastName, fldAfilliation, fldCourseSessionID from tblUsers where fldusername = &#039" & Request("username") &"&#039 and fldpassword = &#039" & Request("password") & "&#039" )<BR> if rs.EOF then<BR> Response.Redirect ("index.htm" )<BR> end if<BR> Session("userid") = rs("flduid")<BR> Session("email") = rs("fldEmail")<BR> Session("firstName") = rs("fldFirstName")<BR> Session("lastName") = rs("fldLastName")<BR> Session("courseSessionID") = rs("fldCourseSessionID")<BR> Session("username") = Request("Username")<BR> Session("loggedin") = "true"<BR> Session.timeout = 240<BR> if rs("fldAfilliation") = "admin" then<BR> Session("Usertype") = "admin"<BR> %&#062;<BR>

  2. #2
    Jason Miller Guest

    Default Working NT Security

    Here&#039s what I did...<BR>1) Get a copy of SA-FileManager from -- it&#039s free.<BR>2) Make a login script which has forced Basic Authentication on it -- this gives you access to username and password in the request.serverVariables collection.<BR>3) Use SA-FileManager to log your user in (it&#039s got a .login method) using their name and password. They *should* hold their official NT context for their entire session/life of browser, unless their browser calls for somebody else to be logged on (like an IUser).<BR><BR>HiH.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts