Using classic ASP I want to check if a username and password are correct
before passing the details on to an object (stocktake module) that uses
them to authenticate the object. The object defaults to a preset user if
the authentication fails and doesn't warn the user, so I wanted to do
the check manually before passing it to the object.
Is it possible to use IIS 5.x software on WinXP/2K OS and VBScript to detect the logged in user account.
ie, we login with our firstname initial, last name (amartone) as well as the domain the computer resides in? My account is under ITU, so I am ITUamartone.
Can ASP detect this? I'm making an intranet app, and I'd rather validate users that way than have them log in over and over.
By using <authentication mode="Forms" > in web.config, we can create self-designed login page, but how to check user's account and password is vaild in another domain controller?
Does <authentication mode="Windows"> can have self-designed login page?
We have two sites hosted on different servers and we have many pages on domain A which has many links(asp programs) to domain B.
My question is if domain B server is in trouble, what is the best way to have all domain pages redirect to domain A? Right now I just have redirect code in each program on domain B to redirect to a maintenance page on domain A.
How would I get a windows account name through ASP? Say I login with veamon, and the start menu says Bob Barker ...how would I get the Bob name...i can get the login name
I'm looking for an ASP script or tutorial to lockout an account after 3 or 5 failed attempts. It should be the best way to prevent my login screen against the brute force attack.
Does ASP only use the IUSR_<IIS Machine Name> to gain access to files located on a LAN, or can another user account name and password be setup? To create a file on another computer on the LAN in ASP using the FileSystemObject requires permissions on that other computer. Using a DSN for a ODBC driver requires permissions to SELECT records from a database file on another computer on the LAN. Must I use the IUSR_ account only?
I have an application that references a database on my hard drive, however I am unsure how to transfer the files to the server and keep the integrity of the database reference string.
I was asked by a client to make changes for their Outlook Web Access page where I need to validate Expiry Date of the Password and also the Password Length for the NT Account Policy. Initially I use javascript to do a static validation for the password expiry and password length. There request now include dynamic changes to the Javascript where if the password length is changed on the NT Account Policy, it will reflect on the client side script. Also they request for server side validation as an alternate just in case.
Can someone point me to the resources available for this. I am stuck on this one for quite a while now and no idea on how to proceed?
I am working on a commercial ASP web application which use MS Access 2000 as database.When configuring the database access,I got an error saying that this database is a read-only database.
I checked the database property,it shows that this database is archive,not read only.I can directly make change on the database using Access, so, my guess is the problem is not really database related, am I right?
According to the instruction of the software, the database folder must have read and write permissions given to the "anonymous web user account", I have set the database folder to share and gave all permissions to "anonymous logon " and "every one", but the problem is still there. I am just wondering, what is the "anonymous web user account" in Windows 2000 server and IIS?
I was just looking things over and I noticed a new account under my users. It's and ASPNET user, (account used for ASP.NET worker process....) I hadn't noticed it before. What is is? What does it do? Should it be disabled? Should I make any changes? Have been out of the loop for a while, could someone bring me up to speed.
I wrote this script which for now it works fine. The purpose of this code is to lock the account whenever a particular document comes to its expiration date. So, if I have a document that expired on 7/31/06, the it should lock the user's account once they'd logged in.
However, the problem I am having is that is locking everyone that has already an expired document. What I would like it for the code to check during the current month. If a document expired, say yesterday 8/9/06, lock the account, else let then user continue to access their account. Code:
I have this page in which emails will be send simultaneously, one is to send at the my-sites email while the other is on the users email. Problem is once the email page is sent the my-sites email was also recorded in users email account and vise versa. Code:
I am using the FileSystemObject to look at the contents of a directory. The process has always worked. Recently in an attempt to increase our security, we removed full rights for everyone to files on the D:. Now I only get a blank page.
Does anyone know what USER ACCOUNT is being used to access the folder. My guess is I need to grant access to some account.
I often have permission problems when I move my pages unto different servers.It would be very handy if I could programmatically determine the anonymous user account name from my asp page.How can this be done since it is not in the request header for anonymous requests?
I'm trying to design a web application where people can create user Ids and passwords while signing up and then use that information to login to an account. (I know, very basic). I just can't get my mind around how to make this system most secure. the user id and password is verified at the time of logging in and at that point, I would like to create something like a session key before openning the new page.
I basically don't want to start the new page by passing regular parameters through the URL because that's very easy to manipulate and break. Can someone give me some information about creating a secure system like this and/or forward me some useful sources?? btw.. I'm using, IIS as my server, ASP.Net and VB.Net.
IIS set up after VS.NET. On a virtual directory for a web app...I go to properties and click on the 'Directory Security' tab, click the 'Edit' button,check anonymous access, type in username/password for account, check 'Integrated Windows authentication' at the bottom...then OK out.
in web.config, I add the tag identity impersonate="true" />
firstload I get the account I typed in above...on postback it changes to my personal windows account. strange. Also when I switch on the anon user account for the whole website it works.
We have a simple asp page that query LDAP attribrute. Everithing is working fine using a native domain account. but when using an external account we have an error 70, acces denie.
Here's some basic info on our structure.
- Domain/Forest A with Exchange - Domain/Forest B with external accounts. - Forest A Trus Forest B and "Vice Versa" - asp page on a Exchange FrontEnd server on default web site (same as Exchange)
- asp page is using basic authentification. - Authentification work fine using native domain account or External domain Account.
- Getting native Windows attributes work fine with External account but the attributes starting with "ms-Exch" do not come out.(Exchange Attribute). Code:
I don't know if this is a unique problem, or I'm going about it the wrong way. I currently connect to one of our SQL servers via a priviliged account (by using RUNAS). Works with no problem. I now need the ability to connect to the same SQL server using ASP. I have the following connect string, but I'm not sure how to specify the domain in the string, or is there some other way?
How can I change the culture/region of the machines ASPNET Account??? In code, I can set it for the threat manually by using system.threading.thread.currentThread.currentUICul ture, but there must be a way to do it global on the machine: Plesk allows to change this for the machine which works fine, but how do I do it manually when no plesk is available?
I am trying to create a form where a user has to enter information such as username, password, last name, etc...
My current code is to look at the recordset to find any existing username, and if not found, it will add the new username.
At what part of the page do I validate the password so I can determine if the user enter the password correctly the second time (to determine the password was entered twice correctly)?
I'm looking for some best practices when it comes time to allowing a user to create an account for our web app. For example, a potential customer of ours would fill out an application and then an email would be sent w/further instructions on how to activate and login to their account. What's the best way to accomplish this? Should our system create a unique password for them (initially) and then require them to create their own? I need a solution that is secure with almost no chance of someone attempting to impersonate.
How do you regenerate the ASP_NET login account? The password got changed which hosed everything. I can no longer see my web services and need to reset the ASP account. How do I do this?
We have recently upgraded our web server. The web server is in a remote location and is being administered by a contract company. After the upgrade, one of the location of our database (access) has been asssigned the following rights:
Read and Write. There are two more permissions i.e. Read & Execute and List Folder Contents which were not given permssion. With this scenario, I cannot add or update records on a web application tied to this Access database. My Is the Read & Execute not essential in order for me to insert and update or even select record in the web application.
ASPNET profile/account was accidentally deleted on NT/2000 platform. Is there anyway to get it back without reinstalling the whole exchange/IIS services?
When making an admin area i have always just allowed 'delete the user', but is it possible to deactivate and reactivate a username and password.
I can picture it in my noggin. when viewing all the users there is the ability to check a box selecting deactive or reactivate depending on the state of the username at the time.
What do you think, is it more hassle than its worth to allow this?
I have created a New Users registration form for my database. The User enters there details such as email, account, name etc, and then clicks a Register button. This should send an e-mail to the User with a link for them to click to activate there account.
When i click on register however, i get a page not found message. When i try to diplay my Confirmation page, i get the error mention ed above.
I'm experiencing a little difficulty and having to resort to a work around. I already found one bug, although stated the bug was only in ODBC, which I'm not using. It appears to be in the OLEDB driver also.
I have copied a web based application to a new laptop having windows xp professional. Now in one of the folders where the database is physically located, I want to give IUSR_Computermachine rights so that the applcation allows to update and insert records.
However, when I am right clicking to find the security tab, it is missing. OTher tabl like general, sharing, web sharing and customize are all there.
1. How do I create my asp in a way where it does not allow the user to key in wrong password for more than 3 time. It will lock the account once three times has exceeded.