I have used the same syntax in two pages and sometimes each server variable is return, and sometime it is blank. In fact, I created a test page this morning which worked fine, and then an hour later the variables are blank. I read some of the threads about the anonymous user box in IIS, but this just seems strange.
P.S. Each PC in our environment is authenticated through active directory (just to logon to the PC, not security applied to the web folders).
I am trying to use AUTH_USER from request.servervariables but the field is blank. I am using Windoze server 2003 with IIS5. I know there is a fix because I did it a long time ago with our old NT server running IIS4 but I cant remember how I got it to work. We are all authenticated users on our Domain so this is available, I am able to get IP info and such. I seem to remember some kind of ASP code that did the fix by altering the way the web server displays info.
Can I set the ServerVariables AUTH_USER and AUTH_PASSWORD without requiring the client to actually enter an HTTP login and password?
I have an asp page setup that authenticates a user against the user information stored in our database. Now, after authentication via our database, I would like to set the AUTH_* server variables so that when I can redirect this client to a directory which is set up to require authentication to access.
The important thing here is that the only thing the user sees is my authentication mechanism, not the standard HTTP authentication window. I also don't want to maintain a zillion user accounts on the machine, I want set all the users who authenticate against my database to be set to the same AUTH_USER.
I want to my web page get username from windows and use this username for limitation access of user to pages, my authentication is windows I thinks because user input username for login to windows, and auth_user has value of username I think maybe it doesn't need to get username again, but you say it's normal.
I use auth_user for get username from windows, when I upload that page on server and user open the page that contain this code ,it shows a prompt window and wants username and password ,it's common or it must get automatically from windows?
I know that if you intend to use the LOGON_USER in an ASP page you need to have Windows Authentication selected.
I have a website in one domain which can be accessed by 2 other domains. If I am to change to Windows Authentication, will there be a security issue of any type?
I'm trying to get the NT login id of a user on a web page without making the user type it into a login box. I'm using the LOGON_USER server variable. The problem is, if the web page allows anonymous access, LOGON_USER returns nothing. If the page is set to Basic Security, the NT login popup box comes up, even though the user is already logged into the network, and HAS access to this page.
Moreover, if I try this on my PC instead of our webserver, it works like I would expect. That is, when set to Basic Security, it does NOT pop up a login box if the user is allowed to view the page, and LOGON_USER returns the userid. Is there some setting on the server I need to change? Or something else?
I create a web site in a Windows 2003 server/IIS6, and I used asp pages to get ServerVariables. After I set FrontPage Extension 2002, some ServerVariables like LOGON_USER become null. Any body has an idea?
I have an intranet site hosted in IIS 5.0 Win2000, and want to display the name of the user logged into the local machines(WinXP) in the pages they access like 'Welcome JohniBravo'.
So, i used the Request.ServerVariables("LOGON_USER"), but get a blank ("") displayed in the page. And i even tried "REMOTE_USER" but, still the same. from somewhere i got to know that theres something called 'Allow anonymous user' should be enabled to get these info from servers. help me with the same?
I'm using Windows Integrated Authentication on my company intranet ASP web site (IIS6 W2K3).
I would like to know how could I get the full Active Directory domain name from the Logon_User variable.
I always get the netbios name of the domain, but I need the full domain name to be able to distinguish users (because actually there is two companies on the intranet having their AD forest linked, but also having some subdomains with identical netbios name !).
I mean, for instance for a user login "theuser" coming from the domain is "thedomain.thecompany.com", I need to get in Logon_User environement variable the following content: "thedomain.thecompany.com heuser" At the moment I only get "thedomain heuser", excepted if I switch to basic authentication, that I don't want.
I have 2 webs under my default web running win2003
1. A front-page intranet 2. A asp (not .net) web is fine
Both allow anonomous access. My front page web always gets a BLANK Request.ServerVariables("Logon_User"). The asp web gets the logon_user OK. Both webs have a global.asa that has Code:
Request.servervariables("Logon_USer") is working perfectly well for one asp page returning the NT userid as expected but returning an empty string for another asp page.Both the asp pages are in the same directory.This directory have both Anonymous Access and Integrated Authentication enabled att IIS.
I'm trying to determine whose looking at various pages on our intranet and wanted to use
Request.ServerVariables("logon_user")
but it just gives me a blank value.
I'm thinking its got something to do with Authentification in IIS however when I turn Anonymous users off and use domain users instead it prompts me for a username and password when viewing the webpage ...
I have a non anonymous site in IIS5 The site is for collecting any kind of data from employees. Authentication is done with the server variable "Logon_User"
Pages:
start.asp - Authentification mask appears --> form.asp - form for data input --> form_ack.asp - displays the data again and stores in SQL when acknowledged in checkboxes
After data are stored I'd like to have a button such as "Log off" which points back to start.asp.
In the samples I tried there is always the current logged in user present even when I do a "session.abandon" or "Session.Contents.Remove"