USER AUTHENTICATION, Cookies Problem?
USER AUTHENTICATION (LOGIN/LOGOUT procedure)
When the user LOGS IN his user name, access rights and other
user-related information is stored into Session variables
Session("access") = "blabla"
Session("login") = "nickname"
when the user LOGS OUT (or the session expires) this
information is discarded
Session("access") = ""
Session("login") = ""
NOTE: I do NOT use IP address for user authentication.
PROBLEM:
After the first user logs in to my site, any other user (different PC behind that NAT) that opens internet browser (MSIE) and visits my site is ALREADY logged in as the first user!
It seems that the problem is only restricted to users that are "hidden" behind single IP address (using NAT). The logging works perfectly for any not behind NAT user. It acts as if only one cookie file was created for all users that access my site from behid NAT; as if the cookie was created on the NAT router and not directly on client's computer.
View Replies
ADVERTISEMENT
Customer wants users to authenticate based on where they came from. They have several locations that the users will be coming from. They don't want anyone to be able to access their website from anywhere other than these locations. The locations ip addresses will be changing regularly. Is there a way to have a page on the INTRANET internally that the users will go to and it will start a session or place a cookie and pass them to the website. The website then looks for that session or cookie and lets them in or denies them based on the session or cookie. The sites that they will be coming from are ASP and .NET servers and it encrypts the URL that it is coming from. The website it is going to is on a PHP server and is built on PHP and MySQL. I have asked this in like every forum on the internet I can find and no one seems to have a solution.
View Replies
View Related
I'm facing a situation where my team leader wants me to create some ASP code that will pull the user's ID (which is no problem - request the LOGON_USER server variable) and THEN pull that user's NT Permissions to determine what kind of permissions the user will have when he/she comes onto the website. There is to be no logon screen at all. The permissions cannot be determined via a database or through cookies. Only NT Authentication can be used.
I have a small hunch that the HTTP_AUTHORIZATION server variable might provide a clue, but the value of that variable is a bunch of (encrypted?) gibberish that means nothing to me, except probably the NTLM part at the beginning. Is there a way to decode the value of that variable into something coherent that I can use in my code?
View Replies
View Related
how do i make my user authentication case sensitive?
View Replies
View Related
how to create a user security and authentication. I mean in a form of logging in or registration automatically in to a database in access.
View Replies
View Related
This is a question that has probably been answered before on the
newsgroup but probably in fragments. This is what I would like to do,
and I only have a very vague idea where to find the answer. Directions
would be useful.
1. Users arrive at the site. If they are registered they log in. If not
they sign up for registration.
2. The authentication information such as username and password are
held in a db, for security reasons the password should not be passed in
plain text.
3. When the user is logged in the session information should be held in
a cookie so that if the user returns in a short period of time they
will automatically be logged in. The cookie will also be used to
personalise certain parts of the site.
View Replies
View Related
I know how to grab the users windows login. I would like to use this to establish permissions for a user on my site. In order for this to be valid, I need for the user to have to verify their network password.
Is there any way to compare the password entered against the windows authentication? I would also like to be able to call the user by name instead of a login. Is there a way to get this from an Outlook address book or something?
View Replies
View Related
I have a SQL table with two fields (userID, and userName). I would to create a UserVerification page that would you either the AUTH_USER or LOGON_USER to validate their access. If they have access, send them page to the page(s) they tried to open and display the userName, etc; if not, redirect to an not authorized page. The trouble I am having (other than being fairly new to ASP) is:
How do I set up two session variables - one to hold the authorized status and second to hold the UserName from the UserVerfication page. Secondly, how to you set up the verification page to redirect them back to the requesting page, if authorized.
View Replies
View Related
Is there a way to make cookies unique for each user logging into an asp application without overwriting the original cookie?
For example:
User A logs in as User A. A cookie is created on that users computer with name, user_id, etc. Then User A logs in as User B - while still logged into User A.
How do I prevent the original cookie from being overwritten? Or should that first cookie be overwritten?
View Replies
View Related
I'm new to using session cookies and need just a bit of help. On the introduction page to my project, I'm setting:
<%@ Language=VBScript %>
<%
response.cookies("user")="authenticated"
%>
Then, on subsequent pages, I'm checking for the cookie, and redirecting if it's not there:
<%@ Language=VBScript %>
<%
If NOT request.cookies("user") = "authenticated" Then
response.redirect "http://somepage"
End If
%>
What I need to do is incorporate an ignore element (by user-agent or IP) into where it checks for the cookie. For instance, if a user has an IP of 127.0.0.1, it ignores whether they have the cookie or not and lets them view the page.
The reason I'm doing this is I have a search engine that's crawling the site and it doesn't always go through the front page - therefore, it's getting redirected on most of the pages it sees. So what I'd like to do is have the script see that user-agent or IP, then ignore the cookie requirement.
Is that possible?
View Replies
View Related
In my Session_OnStart in Global.asa, I am setting some cookies. One
of them, I set as follows:
dim UserID
UserID = Request.ServerVariables("LOGON_USER")
Response.Cookies("User")("ID") = UCASE(UserID)
When I immediately log the cookie value retrieved from
Request.Cookies("User")("ID") into the Windows Event Log, I get the
correct value. However, when I try to retrieve the cookie on the home
page of my application using the same code,
Request.Cookies("User")("ID"), it either cannot find the cookie or
cannot read the value. I am retrieving the cookie before all HTML
headers are written. It is my first statement on the page after
Option Explicit. I have even compared the session IDs. The SessionID
created in the Session_OnStart is the same value as the SessionID on
the home page.
I have read that the Session_OnStart only has access to the
Application, Session and Request objects. It does not explicitly say
that it does not have access to the Response object. Also, I was even
able to use Response.Write's in Global.asa to print out the values
although it looked like it had also stopped the session after I did
so. Cookies are definitely enabled on my machine. I have even tried
setting the session cookie's expiration to be persistent for a few
days to see if it was perhaps expiring before I was able to read it
but this did not work either.
Is there something preventing cookies to be created in Global.asa in
the Session_OnStart sub? Is the Response object not available???
Please let me know if anyone else has had this problem or solution.
View Replies
View Related
Is it possible for a user to enable permanent cookies but disable session cookies.....this seems like a contradition yet this is what I appear to be
reading in online articles?
View Replies
View Related
I m creating a cookies in my application and it work properly but i can't see the cookies where it will sotred i checked the cookies folder but i didn't find that I want to create a cookies file as the other web site create and store where other cookies will stored in Cookies folder or Temprory Internet files folder eg:1. arvind@google.co[1].txt this stored in cookies folder 2. arvind@msn[2].txt ....
View Replies
View Related
I have written an ASP.NET 2.0 application that uses Active Directory or ADAM
to manage account users - the site has a page that allows people to create an
account (much like any site). The page populates the AD with all the
information and the user account but I am unable to enable the account.
Microsoft has information on how to do that here -->
http://msdn.microsoft.com/library/d...ting_a_user.asp
(the sample is for Visual Basic) - and I am unable to complete the bottom
portion of the script. Can some one point me in the right direction - or can
you tell me how I can add a snippet of VBscript code to an ASP.NET page.
I am using the Active DS Type library - not sure why there are multiple ones
(System.DirectoryServices) but it is rather confusing - I seem to accomplish
one thing with one and another with the other (they did have trouble
co-existing however). Anyway my script works very well but I am not able to
access the properties required to enable the account.
Here is a simple version (no error checking) of the code.....
View Replies
View Related
how to go about setting up an asp script or flash action script to take the input from a user of his/her username and password then send an email to the user with the information. I am able to do all of this but the problem is that the users pc is the one sending the email. I want the server to send the email instead.
View Replies
View Related
how would an intranet user be nt authenticated using asp?
View Replies
View Related
i want users to login to my web application using SQL authentication i.e whenever the page opens, it should display the SQL server login window. i know Login feature is in dreamweaver MX that i use, but unathurized users can lookup the password in your database.
View Replies
View Related
Is it possible to authenticate a user who is trying to access a certain Div on a page???
I know how to authenticate a user accessing a standard ASP page, but is this possible with a Div!
View Replies
View Related
I have a page that authenticates users by reading
Request.ServerVariables("AUTH_USER") and
Request.ServerVariables("AUTH_TYPE"). When users try to access this
page from windows NT/2000, it works fine (prompts them for their
credentials when they're not on the same domain, and then lets them
in). Now, some of the users got XP boxes, and can't get in to the
page. It prompts them for their credentials but when they enter them,
just keeps prompting them. The credentials they are entering are
correct. What is different on XP that is causing this problem and is
there any setting I can modify on the server side to prevent this from
happening.
View Replies
View Related
I have an asp page on IIS 5.0 and I''m trying to get a dialog box to pop up and ask for username password and domain to authenticate against NT. I have anonymous logins unchecked in the IIS properties page and access restricted on everything but it won''t ask for a username and password no matter what
View Replies
View Related
I had to transfer an ASP Web Application (developed by another person) to a different web server. It seems to work but not completely.
I have some problems with authentication: it is based on a username and a password stored in a SQL Server's table. These data are requested via basic authentication (not a IIS level but I think it is used to create the authentication window in which put username and password). The problem is that it doesn't accept username and password and, after three times, it redirect me to a page telling "You don't have rights to see this page". What could I do? .....
View Replies
View Related
I have no problems authenticating via AD and an ASP page. My question is
this - is there any way to 'reverse' the process?
What I mean is the authenticated state remains as long as the browser window
is open. Is there any .asp command I can provide that will revert the
browser session back to IUSR?
View Replies
View Related
I have an intranet asp application that sends emails that contain a link to an intranet page.I have a case where one user is forced to login to the windows domain when he clicks on the link,even though he is within the firewall & his Outlook security settings specify automatic login with the current name & password.
This doesn't happen with any other users unless they go through the firewall.The site is also recorded in the trusted sites section.
View Replies
View Related
I'm developing an Internet site that is going to be password protected. I have one windows 2000 domain on the Internet side of things, and another on an Intranet side.
Is there any way to authenticate a user that hits my Internet pages against the Intranet user database?
I just want users from the Intranet to automatically be able to access the Internet pages without having to create a separate user on the Internet-side domain.
View Replies
View Related
I have written a simple login script that checks a username/password from an Access database. the login.asp page sets a session("loggedin") at zero. The username and password are checked successfully and the user is redirected to admin.asp. The admin.asp page has an if-statement at the top that checks the session variable to 1, which is set after successful dB check.
The problem is that if you go directly to admin.asp without going through the login process, that is, without ever going to the login page.... simple typing something like http://localhost/admin.asp . you are given access to the page and not redirected back to the login page. What could I have missed? It simply checks the session variable....that should never be set to one when all sessions are reset...and the user can still gain access?
View Replies
View Related
I am attempting to access WMI data on a remote machine. I have been able to get this to work, but there has got to be a better way, I hope.
set wmiLocator = CreateObject("WbemScripting.SWbemLocator")
Set WMIServices = GetObject("winmgmts://" & cn & "")
Set objSWbemLocator = CreateObject("WbemScripting.SWbemLocator")
WMIServices.Security_.ImpersonationLevel = 3
Then in my IIS snapin, Directory Security, and then Edit. I have this set Anon Access with my username and password as well as Windows Integrated Authentication checked. It does the job, I can pull the data, but it poses a security risk. I don't want to have my password and username as the authentication options.
View Replies
View Related
I'm using legacy ASP pages on IIS 6.0 to validate users through ADO
Active Directory objects (AdsObject & AdsCommand).
When I use the page from the server itself with "localhost"/page as
servername, it executes fine. But if I call the site with
"servername"/page, the exection fails. AdsObject throws "Table does not
exists" errors.
Currently, the server is configured with Integrated Windows
authentication. I tried changing to Anonymous authentication with
IUSR_machninename user. Again it fails.
View Replies
View Related
I would like to be able to automatically authenticate a registration. Meaning:
A registration occurs
email is sent to registering party
Party clicks a link to authenticates.
or something to that effect.
Does anyone know where I can find something like this?
I would use a forum (i.e. webwiz, phpbb.....) the only problem is they are asking way too many questions for what I need.
I have built a database to hold the party's information, I have built an asp page with form that inputs the info I need into the DB, which all works, but now I would like to be sure that the person registering is a real person and it is a valid email address.
Any Ideas on how to get started?
View Replies
View Related
I want to get diffrent query from a table .I want that diffrent usernames
can get diffrent queries.How can I do it with asp?
View Replies
View Related
I have an XML file which I access from a remote server like
Set http = CreateObject("MSXML2.ServerXMLHTTP")
http.open "GET","http://www.andrewlouis.co.uk/viewcountries.xml",false
http.send
strXML = http.responseText
The real server is password protected with, I think, with basic
authentication. How do I pass it the username and password.
View Replies
View Related
I have seen on many websites the use of some sort of program to generate a
random character string distorted and warped with lines making the resulting
graphic ideally only human readable.
The theory is to prevent automated login programs.
I don't know what they call this type of component so I really don't know
how to google it. Do you know any source for this type of thing?
View Replies
View Related
i have setup authentication on my website by setting session variables and it works but every once in a while the variables are lost and my users are logged out of the site
can someone tell me why this happens and how to fix it?
View Replies
View Related
Can someone tell me how I create a login page which
authenticates users against the servers user manager. I
want the login to be a form in my website not a pop up
window!
I would be grateful for any advice relating to this
subject. I have a script for windows 2000 active directory
but was wondering if you could achive the same with
windows NT 4 and IIS 4 Code:
View Replies
View Related