[AccessD] OT: Retreiving user login name via ASP

Erwin Craps Erwin.Craps at ithelps.be
Fri Aug 1 04:43:40 CDT 2003 

You can also change the permissions at file level.

Accessing a file trough the nternet on your disk from which the everyone
users is removed and the user permissions is added will automaticly ask
for the username.

By this you can leave anonymous access to your public website and have
useraccess to a restricted part of your webiste.
Erwin

-----Oorspronkelijk bericht-----
Van: Haslett, Andrew [mailto:andrew.haslett at ilc.gov.au] 
Verzonden: vrijdag 1 augustus 2003 0:48
Aan: 'Access Developers discussion and problem solving'
Onderwerp: RE: [AccessD] OT: Retreiving user login name via ASP


No drawbacks at all. In fact its a (very simple) security enhancement,
in that only authorised users of your domain can now access the site.

Don't know your environment, but if your site were to hold sensitive
information and it were hacked from outside somehow, then its an extra
step for the hackers to get around since anonymous access is disabled.

Cheers,
Andrew

-----Original Message-----
From: Jim DeMarco [mailto:Jdemarco at hshhp.org]
Sent: Thursday, 31 July 2003 9:40 PM
To: Access Developers discussion and problem solving
Subject: RE: [AccessD] OT: Retreiving user login name via ASP


Got it.  I had to disable Anonymous Access and now I see the user name.
Any thoughts on what effect doing this will have if we disable anonymous
access on our intranet?

Thanks a lot for the help Andrew.

Jim DeMarco
Director of Product Development
HealthSource/Hudson Health Plan


-----Original Message-----
From: Haslett, Andrew [mailto:andrew.haslett at ilc.gov.au]
Sent: Wednesday, July 30, 2003 6:15 PM
To: 'Access Developers discussion and problem solving'
Subject: RE: [AccessD] OT: Retreiving user login name via ASP


Jim,

In IIS, right click the website in question to bring up its properties.
Under Directory Security you will see options for a number of methods of
authentication.  Uncheck everything except integrated and the Users NT
login will then be used to authenticate them to your site.

Their details should also then be passed to those HTTP server variables
for you to access.  If that doesn't work then there must be a setting
incorrect somewhere as it does work - we use it in our apps on the
intranet at work.

Cheers,
Andrew


-----Original Message-----
From: Jim DeMarco [mailto:Jdemarco at hshhp.org]
Sent: Thursday, 31 July 2003 2:52 AM
To: Access Developers discussion and problem solving
Subject: RE: [AccessD] OT: Retreiving user login name via ASP


Andrew,

This didn't work.  How do I know if we're using Integrated
Authentication? Is that Windows or IIS?

Thanks,

Jim

-----Original Message-----
From: Haslett, Andrew [mailto:andrew.haslett at ilc.gov.au]
Sent: Tuesday, July 29, 2003 8:09 PM
To: 'Access Developers discussion and problem solving'
Subject: RE: [AccessD] OT: Retreiving user login name via ASP


If using Integrated Authentication, the NT user name is passed through
the browser HTTP Server variables.

Try this:
Response.Write (Request.ServerVariables("LOGON_USER"))

This returns a string in the format domain\username

If LOGON_USER doesn't work, try REMOTE_USER

Cheers,
Andrew



-----Original Message-----
From: Jim DeMarco [mailto:Jdemarco at hshhp.org]
Sent: Wednesday, 30 July 2003 6:35 AM
To: Access Developers discussion and problem solving
Subject: [AccessD] OT: Retreiving user login name via ASP


Having a disagreement with the boss that maybe someone here can clear up
for me.  He thinks there is a way to return the Win2K user login name
from an ASP page.  I'm not 100% certain but I don't know that I've ever
seen that done.  

Does anyone know if it's possible?  If it is a code sample would be
appreciated.

Thanks,

Jim DeMarco


************************************************************************
****
*******
"This electronic message is intended to be for the use only of the named
recipient, and may contain information from Hudson Health Plan (HHP)
that is confidential or privileged.  If you are not the intended
recipient, you are hereby notified that any disclosure, copying,
distribution or use of the contents of this message is strictly
prohibited.  If you have received this message in error or are not the
named recipient, please notify us immediately, either by contacting the
sender at the electronic mail address noted above or calling HHP at
(914) 631-1611. If you are not the intended recipient, please do not
forward this email to anyone, and delete and destroy all copies of this
message.  Thank You".
************************************************************************
****
*******

_______________________________________________
AccessD mailing list
AccessD at databaseadvisors.com
http://databaseadvisors.com/mailman/listinfo/accessd
Website: http://www.databaseadvisors.com

IMPORTANT - PLEASE READ ******************** 
This email and any files transmitted with it are confidential and may 
contain information protected by law from disclosure. 
If you have received this message in error, please notify the sender 
immediately and delete this email from your system. 
No warranty is given that this email or files, if attached to this 
email, are free from computer viruses or other defects. They 
are provided on the basis the user assumes all responsibility for 
loss, damage or consequence resulting directly or indirectly from 
their use, whether caused by the negligence of the sender or not.
_______________________________________________
AccessD mailing list
AccessD at databaseadvisors.com
http://databaseadvisors.com/mailman/listinfo/accessd
Website: http://www.databaseadvisors.com


************************************************************************
****
*******
"This electronic message is intended to be for the use only of the named
recipient, and may contain information from Hudson Health Plan (HHP)
that is confidential or privileged.  If you are not the intended
recipient, you are hereby notified that any disclosure, copying,
distribution or use of the contents of this message is strictly
prohibited.  If you have received this message in error or are not the
named recipient, please notify us immediately, either by contacting the
sender at the electronic mail address noted above or calling HHP at
(914) 631-1611. If you are not the intended recipient, please do not
forward this email to anyone, and delete and destroy all copies of this
message.  Thank You".
************************************************************************
****
*******

_______________________________________________
AccessD mailing list
AccessD at databaseadvisors.com
http://databaseadvisors.com/mailman/listinfo/accessd
Website: http://www.databaseadvisors.com

IMPORTANT - PLEASE READ ******************** 
This email and any files transmitted with it are confidential and may 
contain information protected by law from disclosure. 
If you have received this message in error, please notify the sender 
immediately and delete this email from your system. 
No warranty is given that this email or files, if attached to this 
email, are free from computer viruses or other defects. They 
are provided on the basis the user assumes all responsibility for 
loss, damage or consequence resulting directly or indirectly from 
their use, whether caused by the negligence of the sender or not.
_______________________________________________
AccessD mailing list
AccessD at databaseadvisors.com
http://databaseadvisors.com/mailman/listinfo/accessd
Website: http://www.databaseadvisors.com


************************************************************************
****
*******
"This electronic message is intended to be for the use only of the named
recipient, and may contain information from Hudson Health Plan (HHP)
that is confidential or privileged.  If you are not the intended
recipient, you are hereby notified that any disclosure, copying,
distribution or use of the contents of this message is strictly
prohibited.  If you have received this message in error or are not the
named recipient, please notify us immediately, either by contacting the
sender at the electronic mail address noted above or calling HHP at
(914) 631-1611. If you are not the intended recipient, please do not
forward this email to anyone, and delete and destroy all copies of this
message.  Thank You".
************************************************************************
****
*******

_______________________________________________
AccessD mailing list
AccessD at databaseadvisors.com
http://databaseadvisors.com/mailman/listinfo/accessd
Website: http://www.databaseadvisors.com

IMPORTANT - PLEASE READ ******************** 
This email and any files transmitted with it are confidential and may 
contain information protected by law from disclosure. 
If you have received this message in error, please notify the sender 
immediately and delete this email from your system. 
No warranty is given that this email or files, if attached to this 
email, are free from computer viruses or other defects. They 
are provided on the basis the user assumes all responsibility for 
loss, damage or consequence resulting directly or indirectly from 
their use, whether caused by the negligence of the sender or not.
_______________________________________________
AccessD mailing list
AccessD at databaseadvisors.com
http://databaseadvisors.com/mailman/listinfo/accessd
Website: http://www.databaseadvisors.com

More information about the AccessD mailing list