[AccessD] OT: Retreiving user login name via ASP

Haslett, Andrew andrew.haslett at ilc.gov.au
Thu Jul 31 17:47:33 CDT 2003


No drawbacks at all. In fact its a (very simple) security enhancement, in
that only authorised users of your domain can now access the site.

Don't know your environment, but if your site were to hold sensitive
information and it were hacked from outside somehow, then its an extra step
for the hackers to get around since anonymous access is disabled.

Cheers,
Andrew

-----Original Message-----
From: Jim DeMarco [mailto:Jdemarco at hshhp.org]
Sent: Thursday, 31 July 2003 9:40 PM
To: Access Developers discussion and problem solving
Subject: RE: [AccessD] OT: Retreiving user login name via ASP


Got it.  I had to disable Anonymous Access and now I see the user name.  Any
thoughts on what effect doing this will have if we disable anonymous access
on our intranet?

Thanks a lot for the help Andrew.

Jim DeMarco
Director of Product Development
HealthSource/Hudson Health Plan


-----Original Message-----
From: Haslett, Andrew [mailto:andrew.haslett at ilc.gov.au]
Sent: Wednesday, July 30, 2003 6:15 PM
To: 'Access Developers discussion and problem solving'
Subject: RE: [AccessD] OT: Retreiving user login name via ASP


Jim,

In IIS, right click the website in question to bring up its properties.
Under Directory Security you will see options for a number of methods of
authentication.  Uncheck everything except integrated and the Users NT login
will then be used to authenticate them to your site.

Their details should also then be passed to those HTTP server variables for
you to access.  If that doesn't work then there must be a setting incorrect
somewhere as it does work - we use it in our apps on the intranet at work.

Cheers,
Andrew


-----Original Message-----
From: Jim DeMarco [mailto:Jdemarco at hshhp.org]
Sent: Thursday, 31 July 2003 2:52 AM
To: Access Developers discussion and problem solving
Subject: RE: [AccessD] OT: Retreiving user login name via ASP


Andrew,

This didn't work.  How do I know if we're using Integrated Authentication?
Is that Windows or IIS?

Thanks,

Jim

-----Original Message-----
From: Haslett, Andrew [mailto:andrew.haslett at ilc.gov.au]
Sent: Tuesday, July 29, 2003 8:09 PM
To: 'Access Developers discussion and problem solving'
Subject: RE: [AccessD] OT: Retreiving user login name via ASP


If using Integrated Authentication, the NT user name is passed through the
browser HTTP Server variables.

Try this:
Response.Write (Request.ServerVariables("LOGON_USER"))

This returns a string in the format domain\username

If LOGON_USER doesn't work, try REMOTE_USER

Cheers,
Andrew



-----Original Message-----
From: Jim DeMarco [mailto:Jdemarco at hshhp.org]
Sent: Wednesday, 30 July 2003 6:35 AM
To: Access Developers discussion and problem solving
Subject: [AccessD] OT: Retreiving user login name via ASP


Having a disagreement with the boss that maybe someone here can clear up for
me.  He thinks there is a way to return the Win2K user login name from an
ASP page.  I'm not 100% certain but I don't know that I've ever seen that
done.  

Does anyone know if it's possible?  If it is a code sample would be
appreciated.

Thanks,

Jim DeMarco


****************************************************************************
*******
"This electronic message is intended to be for the use only of the named
recipient, and may contain information from Hudson Health Plan (HHP) that is
confidential or privileged.  If you are not the intended recipient, you are
hereby notified that any disclosure, copying, distribution or use of the
contents of this message is strictly prohibited.  If you have received this
message in error or are not the named recipient, please notify us
immediately, either by contacting the sender at the electronic mail address
noted above or calling HHP at (914) 631-1611. If you are not the intended
recipient, please do not forward this email to anyone, and delete and
destroy all copies of this message.  Thank You".
****************************************************************************
*******

_______________________________________________
AccessD mailing list
AccessD at databaseadvisors.com
http://databaseadvisors.com/mailman/listinfo/accessd
Website: http://www.databaseadvisors.com

IMPORTANT - PLEASE READ ******************** 
This email and any files transmitted with it are confidential and may 
contain information protected by law from disclosure. 
If you have received this message in error, please notify the sender 
immediately and delete this email from your system. 
No warranty is given that this email or files, if attached to this 
email, are free from computer viruses or other defects. They 
are provided on the basis the user assumes all responsibility for 
loss, damage or consequence resulting directly or indirectly from 
their use, whether caused by the negligence of the sender or not.
_______________________________________________
AccessD mailing list
AccessD at databaseadvisors.com
http://databaseadvisors.com/mailman/listinfo/accessd
Website: http://www.databaseadvisors.com


****************************************************************************
*******
"This electronic message is intended to be for the use only of the named
recipient, and may contain information from Hudson Health Plan (HHP) that is
confidential or privileged.  If you are not the intended recipient, you are
hereby notified that any disclosure, copying, distribution or use of the
contents of this message is strictly prohibited.  If you have received this
message in error or are not the named recipient, please notify us
immediately, either by contacting the sender at the electronic mail address
noted above or calling HHP at (914) 631-1611. If you are not the intended
recipient, please do not forward this email to anyone, and delete and
destroy all copies of this message.  Thank You".
****************************************************************************
*******

_______________________________________________
AccessD mailing list
AccessD at databaseadvisors.com
http://databaseadvisors.com/mailman/listinfo/accessd
Website: http://www.databaseadvisors.com

IMPORTANT - PLEASE READ ******************** 
This email and any files transmitted with it are confidential and may 
contain information protected by law from disclosure. 
If you have received this message in error, please notify the sender 
immediately and delete this email from your system. 
No warranty is given that this email or files, if attached to this 
email, are free from computer viruses or other defects. They 
are provided on the basis the user assumes all responsibility for 
loss, damage or consequence resulting directly or indirectly from 
their use, whether caused by the negligence of the sender or not.
_______________________________________________
AccessD mailing list
AccessD at databaseadvisors.com
http://databaseadvisors.com/mailman/listinfo/accessd
Website: http://www.databaseadvisors.com


****************************************************************************
*******
"This electronic message is intended to be for the use only of the named
recipient, and may contain information from Hudson Health Plan (HHP) that is
confidential or privileged.  If you are not the intended recipient, you are
hereby notified that any disclosure, copying, distribution or use of the
contents of this message is strictly prohibited.  If you have received this
message in error or are not the named recipient, please notify us
immediately, either by contacting the sender at the electronic mail address
noted above or calling HHP at (914) 631-1611. If you are not the intended
recipient, please do not forward this email to anyone, and delete and
destroy all copies of this message.  Thank You".
****************************************************************************
*******

_______________________________________________
AccessD mailing list
AccessD at databaseadvisors.com
http://databaseadvisors.com/mailman/listinfo/accessd
Website: http://www.databaseadvisors.com

IMPORTANT - PLEASE READ ******************** 
This email and any files transmitted with it are confidential and may 
contain information protected by law from disclosure. 
If you have received this message in error, please notify the sender 
immediately and delete this email from your system. 
No warranty is given that this email or files, if attached to this 
email, are free from computer viruses or other defects. They 
are provided on the basis the user assumes all responsibility for 
loss, damage or consequence resulting directly or indirectly from 
their use, whether caused by the negligence of the sender or not.


More information about the AccessD mailing list