One of our webdev guys is having trouble with IIS set up on his system, particularly with anonymous authentication. On all of his web instances, he can get to non-asp pages but all asp pages return 401.3. when using HTTP/1.0 or a proxy server. It doesn't seem to be at all related to the file system, because a test file has wide-open access. And it only happens with script pages; html or other files can be retrieved
The anonymous user is the one the iis install generated, and the "IIS controls the account password" box is checked. Everything looks like it's set up properly and the same way it is on other systems. There are no authentication errors in his system's event log. So what is asp.dll not liking.
I have what I think is a simple question but I am finding nothing but complicated answers.I have a web site running on IIS6. One directory used to use an alternate account as the anonymous user (not the IUSR_ServerName account) to connect to a database, etc. Now the pages in that directory no longer do anything special and I just want to start using the default IUSR_ServerName account again. I put that account back in, but what do I put in as the password? I am reading all about security improvements, network service vs. local system, unprivileged vs. priveleged, etc. I realize there is no longer a "Let IIS control password for anonymous account" option, but all I want to know is, HOW DO YOU GET IT BACK TO THE DEFAULT
I often have permission problems when I move my pages unto different servers.It would be very handy if I could programmatically determine the anonymous user account name from my asp page.How can this be done since it is not in the request header for anonymous requests?
I have a server that hosts a few intranet sites. The one that all my coworkers have their Home Page set for causes their browser to authenticate, which is all good.
The one i'm working on now requires Anonymous Access in order to work, but the authentication from the first one is carrying over to the other. Can I use WWW-Authenticate to force anonymous access isntead of using it to force NTLM, Basic, etc?
IIS set up after VS.NET. On a virtual directory for a web app...I go to properties and click on the 'Directory Security' tab, click the 'Edit' button,check anonymous access, type in username/password for account, check 'Integrated Windows authentication' at the bottom...then OK out.
in web.config, I add the tag identity impersonate="true" />
firstload I get the account I typed in above...on postback it changes to my personal windows account. strange. Also when I switch on the anon user account for the whole website it works.
I'm creating a simple email form with just a text area field and a submit button. I want it to send to my mailbox. I want the senders email address to be anonymous. I don't know any server side scripting, so I'm hoping somebody can tell me how to build the .asp page to send the email. Code:
A freshly installed IIS on my Windows XP SP2 does not allow anonymous acces to the default ASP file (localstart.asp). I just used default configuration for installation, which enables anonymous access. But when I load http://localhost I just get a login box. A simple index.html placed manually for debugging purpose loads without login prompt.
I am testing the same thing on a Windows XP (w/o SP2). ASP works for anonymous access like a charm.
I have several website that use asp pages and backend databases running on my win2000 server. I removed everyone from the permissions on all of my Hard drives and added the annonymous user to the winnt folder and the wwwroot folder and all of the folders within these directories. Now my sites that just run straight html work fine but my sites with .asp pages are having problems.
However if I add the Domain Administrator account as the annonymous user to the site it will work. Then I have reverted back to the I_USR account and the site still works until the server has to be rebooted. At this point the site won't work until I add and then remove the admin user as the annonymous user to the site.
How can I create new folders on the server, via ASP programming, which automatically allows by any user:
1. Files to be browsed 2. Anonymous upload to this directory 3. Allow uploaded files to over-write the existing file
I use the following ASP codes to create new folders, but all above options are off and I cannot e.g., upload (via ASP programming) to upload a file in the new directory because the option is off.
Set fs = CreateObject("Scripting.FileSystemObject") set b = fs.CreateFolder(newFolder)
I'm going to make a database of rude words, that i do not want users to name themselves when they use my scoreboard. I need my asp to scan their string and if a word from the database appears replace the entire string with anonymous.
I have some code which was designed to astrisk out all but the first and last letter of any appearing rude word
eg: d**n this b****y game or godd**nit
i have changed this to just replace each word to anonymous, but cant get it to the stage above, can any one help? My code so far is below. Code:
i want users to login to my web application using SQL authentication i.e whenever the page opens, it should display the SQL server login window. i know Login feature is in dreamweaver MX that i use, but unathurized users can lookup the password in your database.
Is it possible to authenticate a user who is trying to access a certain Div on a page??? I know how to authenticate a user accessing a standard ASP page, but is this possible with a Div!
I have a page that authenticates users by reading Request.ServerVariables("AUTH_USER") and Request.ServerVariables("AUTH_TYPE"). When users try to access this page from windows NT/2000, it works fine (prompts them for their credentials when they're not on the same domain, and then lets them in). Now, some of the users got XP boxes, and can't get in to the page. It prompts them for their credentials but when they enter them, just keeps prompting them. The credentials they are entering are correct. What is different on XP that is causing this problem and is there any setting I can modify on the server side to prevent this from happening.
I have an asp page on IIS 5.0 and I''m trying to get a dialog box to pop up and ask for username password and domain to authenticate against NT. I have anonymous logins unchecked in the IIS properties page and access restricted on everything but it won''t ask for a username and password no matter what
I had to transfer an ASP Web Application (developed by another person) to a different web server. It seems to work but not completely.
I have some problems with authentication: it is based on a username and a password stored in a SQL Server's table. These data are requested via basic authentication (not a IIS level but I think it is used to create the authentication window in which put username and password). The problem is that it doesn't accept username and password and, after three times, it redirect me to a page telling "You don't have rights to see this page". What could I do? .....
I have no problems authenticating via AD and an ASP page. My question is this - is there any way to 'reverse' the process?
What I mean is the authenticated state remains as long as the browser window is open. Is there any .asp command I can provide that will revert the browser session back to IUSR?
I have an intranet asp application that sends emails that contain a link to an intranet page.I have a case where one user is forced to login to the windows domain when he clicks on the link,even though he is within the firewall & his Outlook security settings specify automatic login with the current name & password.
This doesn't happen with any other users unless they go through the firewall.The site is also recorded in the trusted sites section.
I'm developing an Internet site that is going to be password protected. I have one windows 2000 domain on the Internet side of things, and another on an Intranet side. Is there any way to authenticate a user that hits my Internet pages against the Intranet user database?
I just want users from the Intranet to automatically be able to access the Internet pages without having to create a separate user on the Internet-side domain.
I have written a simple login script that checks a username/password from an Access database. the login.asp page sets a session("loggedin") at zero. The username and password are checked successfully and the user is redirected to admin.asp. The admin.asp page has an if-statement at the top that checks the session variable to 1, which is set after successful dB check.
The problem is that if you go directly to admin.asp without going through the login process, that is, without ever going to the login page.... simple typing something like http://localhost/admin.asp . you are given access to the page and not redirected back to the login page. What could I have missed? It simply checks the session variable....that should never be set to one when all sessions are reset...and the user can still gain access?
I am attempting to access WMI data on a remote machine. I have been able to get this to work, but there has got to be a better way, I hope.
set wmiLocator = CreateObject("WbemScripting.SWbemLocator") Set WMIServices = GetObject("winmgmts://" & cn & "") Set objSWbemLocator = CreateObject("WbemScripting.SWbemLocator") WMIServices.Security_.ImpersonationLevel = 3
Then in my IIS snapin, Directory Security, and then Edit. I have this set Anon Access with my username and password as well as Windows Integrated Authentication checked. It does the job, I can pull the data, but it poses a security risk. I don't want to have my password and username as the authentication options.
I'm using legacy ASP pages on IIS 6.0 to validate users through ADO Active Directory objects (AdsObject & AdsCommand).
When I use the page from the server itself with "localhost"/page as servername, it executes fine. But if I call the site with "servername"/page, the exection fails. AdsObject throws "Table does not exists" errors.
Currently, the server is configured with Integrated Windows authentication. I tried changing to Anonymous authentication with IUSR_machninename user. Again it fails.
I would like to be able to automatically authenticate a registration. Meaning:
A registration occurs email is sent to registering party Party clicks a link to authenticates.
or something to that effect.
Does anyone know where I can find something like this?
I would use a forum (i.e. webwiz, phpbb.....) the only problem is they are asking way too many questions for what I need.
I have built a database to hold the party's information, I have built an asp page with form that inputs the info I need into the DB, which all works, but now I would like to be sure that the person registering is a real person and it is a valid email address.
I'm facing a situation where my team leader wants me to create some ASP code that will pull the user's ID (which is no problem - request the LOGON_USER server variable) and THEN pull that user's NT Permissions to determine what kind of permissions the user will have when he/she comes onto the website. There is to be no logon screen at all. The permissions cannot be determined via a database or through cookies. Only NT Authentication can be used.
I have a small hunch that the HTTP_AUTHORIZATION server variable might provide a clue, but the value of that variable is a bunch of (encrypted?) gibberish that means nothing to me, except probably the NTLM part at the beginning. Is there a way to decode the value of that variable into something coherent that I can use in my code?
I have seen on many websites the use of some sort of program to generate a random character string distorted and warped with lines making the resulting graphic ideally only human readable.
The theory is to prevent automated login programs.
I don't know what they call this type of component so I really don't know how to google it. Do you know any source for this type of thing?
i have setup authentication on my website by setting session variables and it works but every once in a while the variables are lost and my users are logged out of the site
can someone tell me why this happens and how to fix it?
Can someone tell me how I create a login page which authenticates users against the servers user manager. I want the login to be a form in my website not a pop up window!
I would be grateful for any advice relating to this subject. I have a script for windows 2000 active directory but was wondering if you could achive the same with windows NT 4 and IIS 4 Code:
I have a site that currently is password protected, using a combination of ldap authentication and asp session management. So for every asp page, I check the session to make sure they're authenticated, if not I send them to the login page. BUT.... there is a robohelp componenet that is almost a website within this website. All these robohelp files are htm or html based, so I'm unable to put asp scripting (to check for session authentication). So, my problem is, how do i protect these pages using my existing framework?
If I have a website running ASP 3.0 on IIS 6 (server 2003), and am using Integrated Windows Authentication, is there a way I can place in a session variable something to identify the person who authenticated to the web site so I can say right on the ASP page "Welcome UsernameHere" ??
I have enabled authentication for the site in iis and set the default domain to the domain we are on. This is working fine and when i list all the server variables it shows the auth_user as domainusername so all is good there.
However we have a NAS server that has a hidden share and i need to be able to check whether a folder exists in this directory. If i run the same script from my PC and specify a folder i know exists it tells me the folder exists. Howver through iis with authentication enabled it tells me the directory doesn't exist.
I thought that as i have authenticated with teh server any requests i make on that page would come from the authenticated user. Am i missing something or a setting?
