Can ASP force a Login w/o NT security?

Results 1 to 5 of 5

Thread: Can ASP force a Login w/o NT security?

  1. #1
    Join Date
    Dec 1969
    Posts
    1,388

    Default Can ASP force a Login w/o NT security?

    Is there a way, via ASP, to force the user to Login without using NT security? Basically, I want to have a way to validate a user against a database instead of NT security. And I would like to get the user&#039s login id into the "REMOTE_USER" and/or "LOGON_USER" header. I am currently using Session variables, but we are having many problems with cookies causing problems, so we are looking for an alternative to session variables (and encoding an Id into the URL is not an option). So, if I can find a way to do my own authentication via ASP, I can use the LOGIN_ID from the Header as a poor man&#039s session id.<BR><BR>Is there a way to do this? Can I somehow send a 401 response to indicate the requested page was refused due to Security reasons (if the LOGIN_ID field is empty)? I tried setting RESPONSE.STATUS = 401, but that didn&#039t work.<BR><BR>If that is not an option, is there a way for an ASP script to stuff a value into one of the headers (and have it stick?). If I can use one of the ones that is there or create a new one, that would be wonderful. I just need a way to store a session id of some sort without using cookies.<BR><BR>I know there is a package (AUTHENTIX from Flicks Software) that does this type of thing, but my hosting company doesn&#039t like 3rd party objects (and I really don&#039t want to shell out the $300+ if I don&#039t have to).<BR><BR>Anyone have any ideas? Thanks in advance for any and all help!<BR><BR> Matt<BR>

  2. #2
    Join Date
    Dec 1969
    Posts
    172

    Default RE: Can ASP force a Login w/o NT security?

    I do not know about forcing into the "REMOTE_USER" and/or "LOGON_USER" header but as far as the login field being empty:<BR><BR>if isempty(request.form("LOGIN_ID")) then<BR> response.redirect "yourloginpage.asp"<BR>else<BR> runloginvalidation()<BR>end if<BR><BR>runloginvalidation() would just be a sub in your login page that would check your login and password against the database

  3. #3
    keithadler@hotmail.com Guest

    Default RE: Can ASP force a Login w/o NT security?

    Sure,<BR><BR>Response.Status="401 Unauthorized"<BR><BR>Will force the user to authenticate.

  4. #4
    keithadler@hotmail.com Guest

    Default RE: Can ASP force a Login w/o NT security?

    Also, you can add things to the header by using:<BR><BR>Response.AddHeader("??","Your Value")<BR><BR>You can get header values using:<BR><BR>Request.ServerVariables("Http_??")


  5. #5
    matt@onol.com Guest

    Default RE: Can ASP force a Login w/o NT security?

    Thanks for the info. Unfortunately, I can&#039t seem to get this to work. Maybe I am misunderstanding what can be done. I would like to add a Header that is retained throughout the visit to my site. Can I do a<BR> Response.AddHeader("FOO", "test") <BR>in my login processing page and have all my following pages do a<BR> Request.ServerVariables("HTTP_FOO") to get the value ("test")?<BR><BR>I have tried this and it doesn&#039t seem to be working. I am doing this before any HTML. I have used Response.End after the .AddHeader() call and a bunch of other things, but can&#039t seem to get it to work.<BR><BR>I did some archive searches over at 15seconds.com, and saw some similar suggestions there. I also saw responses that said that others were unable to get it to work. So if someone has some very simple code of adding your own Headers (or complex code, I&#039m not picky 8^), please let me know.<BR><BR>Thanks for any and all help!<BR><BR> Matt

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •