Authentication in code

Results 1 to 2 of 2

Thread: Authentication in code

  1. #1
    Aquarius Guest

    Default Authentication in code

    What I want to do is follow these steps:<BR><BR>1. User tries to access a page.<BR>2. Server attempts to authenticate user using NT Challenge Response authentication.<BR>3. If server succeeds in authenticating user with NTCR, redirect to authenticated.asp.<BR>4. If server fails, redirect to notauthenticated.asp -- note, do *not* fall back to Basic authentication here!<BR><BR>I can&#039;t work out how to do 4. What seems to happen is that if NTCR fails, the server falls back to Basic. The standard code for this looks like:<BR><BR>&#060;%<BR>UserID=Request.ServerVaria bles("LOGON_USER")<BR>If IsEmpty(UserID) Or IsNull(UserID) Or UserID="" Then<BR> &#039;nope. reply with a 401 (access denied -- what happens here is that the browser should get the 401 and then<BR> &#039; silently switch to authenticating itself using NT challenge/response authentication<BR> Response.Buffer = True<BR> Response.Clear<BR> Response.Status = "401 Unauthorized"<BR> Response.AddHeader "WWW-Authenticate","NTLM"<BR>Else<BR> &#039;yes, they&#039;re authenticated <BR> response.redirect("authenticated.asp")<BR>end if<BR>%&#062;<BR>&#060;html&#062;<BR>...body of page...<BR>&#060;/html&#062;<BR><BR>I can&#039;t quite see where to put a Response.Redirect("notauthenticated.asp") in here; if we don&#039;t have a LOGON_USER variable the first time through, we set a 401 header, but if we *still* don&#039;t have one once that&#039;s been sent, I believe that the page above will no longer have control. Can this be worked around?<BR><BR>Aq.<BR>

  2. #2
    Aquarius Guest

    Default Reduce the problem

    In fact, I think that this problem reduces to: can I take an action if authentication fails? Or is it then too late and IIS redirects to whatever you&#039;ve got the 401 page set up to be?<BR><BR>Aq.<BR>

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts