Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP General > Request.form doesn't wotk with this IIS config

Reply
Thread Tools

Request.form doesn't wotk with this IIS config

 
 
Laurent Bertin
Guest
Posts: n/a
 
      12-13-2004
Hi i got a strange problem but it's true i don't make thing like anyone...

First Config:
+ IIS5.0 SP2 (yes i know...)
WebSite Security
Root : Digest Authentication, NT Authenticated
SubFolders : Anonymous Login
Anonymous login is set to use a domain user to enable a sql server
authenticated connection. Permissions are based on Page/action/user Membership

So i know it is a bit strange but let me explain
1 I need a secured connection to a sql server
2 The Webserver is running multiple websites and i don't want to make it run
under an account
3 I should avoid to request user and pass

Now the way it works
1 Page default on the root is NT authenticated and i retrieve user and group
membership. I put this in a Cookie.
2 When i click on one of the page linked it checks if an entry in the
database exists for specified page, user(from the cookie), action. this page
is with Anonymous login and so it uses the Account i set as anonymous user.
3 If it's ok i show the form mixing querystring and form
4 on submit (javascript function) when i echo all the content of the request
i only see the querystring.

NOW if i put Basic authentication on the Page... i see the request.form and
the request.querystring...

But i don't want basic authentication as password is sent in clear text and
this is an administrative (System Admin) web site.


here is a page as you'll see it is simple... if anyone has an idea...



<HTML>
<head>

<link rel="stylesheet" href="/ERA/Lib/ERA.css" type="text/css">
<title>EB Automation : Da Vinci</title>



<SCRIPT TYPE="text/javascript" LANGUAGE="JavaScript">
<!--



function SubmitBody(pstrSubmitAction)
{
document.frmBody.action = pstrSubmitAction ;
document.frmBody.submit() ;
}

function SubmitForm(pForm, pstrSubmitAction)
{
if ((document.getElementById)&& (document.getElementById(pForm)!=null)){
oForm = document.getElementById(pForm);
oForm.action = pstrSubmitAction ;
oForm.submit() ;
}
}


function targetopener(){
if (! (window.focus && window.opener))return true;
window.opener.focus();
window.close();
return false;
}

function popupform(myform, windowname){
if (! window.focus)return true;
window.open('', windowname, 'height=200,width=400,scrollbars=yes');
myform.target=windowname;
return true;
}

function PopupFormCustomize(myform, windowname, iHeight, iWidth){
if (! window.focus)return true;
window.open('', windowname, 'height=' + iHeight + ',' + 'width=' + iWidth +
',scrollbars=no');
myform.target=windowname;
return true;
}

function AlertPopup(msg){
if (window.confirm(msg))
{
form.submit();
}
else
{
//window.back();
parent.location='default.asp'
}
}

function DisplayMessage(sMessage)
{
window.alert(sMessage);
}


function RedirectAfterConfirm(sMessage, sURL)
{
if (window.confirm(sMessage))
{
window.location = sURL
}
else
{
//do nothing
}
}

function SubmitAfterConfirm(sMessage, sURL)
{
if (window.confirm(sMessage))
{
document.frmBody.action = sURL;
document.frmBody.submit();
}
else
{
//do nothing
}
}
function submitformwithaction(sValue)
{
document.myform.action.value=sValue;
document.myform.submit();
}


function VerifySoftFamily(sSoftFamilyVersion)
{
window.alert(document.Computer.SoftFamilyId.text);
if (sSoftFamilyVersion == '1.0')
{
//window.alert('The current Software Family Version is 1.0');
//window.alert(window.SoftFamilyId);
}
else
{
//do nothing
}
}

function ChangeVisibility(oValueToCheck,oValue,oIdToChange) {
if ((document.getElementById)&&
(document.getElementById(oIdToChange)!=null)){
oToChange = document.getElementById(oIdToChange);
if((oToChange.style)&&(oToChange.style.visibility! =null)){
oToChange.style.visibility = 'visible';
}
if (oValueToCheck==oValue){
if (oToChange.style.visibility==null){
oToChange.style.visibility='hidden';
}else{
oToChange.style.visibility='visible';
}
}else{
oToChange.style.visibility='hidden';
}

}else{
/* alert('Erreur not compliant '); */
}

}
function outputList(ar, name, size) {
var strIDs = "<SELECT SIZE=\"" + size + "\" NAME=\"ro_lst" + name + "\">"
var sel = " SELECTED"
for (var i=0;i<ar.length;i++) {
strIDs += "<OPTION " + sel + " VALUE=\"" + ar[i][0] + "\">" + ar[i][1]
sel = ""
}
strIDs+="</SELECT>"
strIDs+="<INPUT NAME=\"" + name + "\" TYPE=hidden>"
return strIDs
}

function outputButton(bDir,name,val) {
return "<INPUT TYPE=button VALUE=\"" + val + "\" ONCLICK=\"move(this.form,"
+ bDir + ",'" + name + "')\">"
}

function move(f,bDir,sName) {
var el = f.elements["ro_lst" + sName]
var idx = el.selectedIndex
if (idx==-1)
alert("You must first select the item to reorder.")
else {
var nxidx = idx+( bDir? -1 : 1)
if (nxidx<0) nxidx=el.length-1
if (nxidx>=el.length) nxidx=0
var oldVal = el[idx].value
var oldText = el[idx].text
el[idx].value = el[nxidx].value
el[idx].text = el[nxidx].text
el[nxidx].value = oldVal
el[nxidx].text = oldText
el.selectedIndex = nxidx
}
}

function processForm(f) {
for (var i=0;i<f.length;i++) {
var el = f[i]
if (el.name.substring(0,6)=="ro_lst") {
var strIDs = ""
for (var j=0;j<f[i].options.length;j++)
strIDs += f[i].options[j].value + ", "
f.elements[f.elements[i].name.substring(6)].value =
strIDs.substring(0,strIDs.length-2)
}
}
}
function processFormAndSubmit(f,sAction) {

for (var i=0;i<f.length;i++) {
var el = f[i]
if (el.name.substring(0,6)=="ro_lst") {
var strIDs = ""
for (var j=0;j<f[i].options.length;j++)
strIDs += f[i].options[j].value + ", "
f.elements[f.elements[i].name.substring(6)].value =
strIDs.substring(0,strIDs.length-2)
}
}
SubmitForm(f.name, sAction);
}

function FilterAsYouType( sFormName, sListBox, sTextBox, level ) {

if ( isNaN( level ) ) { level = 1 }


var f = document.getElementById (sFormName);
var listbox = document.getElementById(sListBox);
var textbox = document.getElementById (sTextBox);

var soFar = textbox.value.toString();
level = soFar.length;
var soFarLeft = soFar.substring(0,level).toLowerCase();

var matched = false;
var suggestion = '';


for ( var m = 0; m < listbox.length; m++ ) {
suggestion = listbox.options[m].text.toString();
suggestion = suggestion.substring(0,level).toLowerCase();
if ( soFarLeft == suggestion ) {
listbox.options[m].selected = true;
matched = true;
break;
}
}
if ( matched && level < soFar.length ) { level++; suggestName(level) }
}

//-->
</SCRIPT>

</head>

<a name="Show_Environment_Create">

<TABLE width="800px" cellspacing="0" cellpadding="1" class="Pink" >
<TH>Create an Environment</TH>
<tr><td> </td></tr>
<tr>
<td colspan="2">
<FORM id="frmBody" name="frmBody" target="Contents" method="POST">
<TABLE width="800px" cellspacing="0" cellpadding="1" class="Pink" >
<tr>
<td class="pink">Name </td>
<td class="pink"><input type='text' size=50 name='txtName' value=''
>

</td>
</TR>
<tr>
<td class="pink">ShortName </td>
<td class="pink"><input type='text' size=8 name='txtShort' value=''
>

</td>
</TR>
<tr>
<td class="pink">Type</td>
<td class="pink">
<select size='1' name='cmbType' class='pink'>
<option value=''> </option>
<option value='1'>Physical </option>
<option value='2'>Logical </option>
<option value='3'>Rollout </option>
</select>
</td>
</TR>
</table>
<input type="button" value="Next" name="btNext" OnClick="return
SubmitBody('Environments.asp?Action=CreateDb')">
</form>
</td>
</tr>
</table>

</body>
</html>

 
Reply With Quote
 
 
 
 
Ray Costanzo [MVP]
Guest
Posts: n/a
 
      12-13-2004
I think there used to be an article a bit more like what you describe than
this one, but here is the one I can find.
http://support.microsoft.com/?id=308074 Basically, this is a known issue...

Ray at work

"Laurent Bertin" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hi i got a strange problem but it's true i don't make thing like anyone...
>
> First Config:
> + IIS5.0 SP2 (yes i know...)
> WebSite Security
> Root : Digest Authentication, NT Authenticated
> SubFolders : Anonymous Login
> Anonymous login is set to use a domain user to enable a sql server
> authenticated connection. Permissions are based on Page/action/user

Membership
>


> 3 If it's ok i show the form mixing querystring and form
> 4 on submit (javascript function) when i echo all the content of the

request
> i only see the querystring.



 
Reply With Quote
 
 
 
 
Laurent Bertin
Guest
Posts: n/a
 
      12-13-2004
Well...
It is true that it seems to be an IE problem as i don't have with Netscape...

After having a check it seems that IE consider it sends a negociation while
the server doesn't ask one (no 401 send to client)

Also weird it the fact that the POST command from the client sends the
negociation WITHOUT the parameter parts...

So it seems IE is assuming it needs to send authentication without the
server asking anything AND that it doesn't send the full POST statement.

Anyway after going a bit round i am now planning to make the website running
in isolated level and change DCom to make it use "identify" instead of
impersonate and use identity to make it run under a defined account.
And we'll see if it works...

If you got some info about doing such things... cause i am just looking for
this since an hour ago.

Thanks anyway

"Ray Costanzo [MVP]" wrote:

> I think there used to be an article a bit more like what you describe than
> this one, but here is the one I can find.
> http://support.microsoft.com/?id=308074 Basically, this is a known issue...
>
> Ray at work
>
> "Laurent Bertin" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> > Hi i got a strange problem but it's true i don't make thing like anyone...
> >
> > First Config:
> > + IIS5.0 SP2 (yes i know...)
> > WebSite Security
> > Root : Digest Authentication, NT Authenticated
> > SubFolders : Anonymous Login
> > Anonymous login is set to use a domain user to enable a sql server
> > authenticated connection. Permissions are based on Page/action/user

> Membership
> >

>
> > 3 If it's ok i show the form mixing querystring and form
> > 4 on submit (javascript function) when i echo all the content of the

> request
> > i only see the querystring.

>
>
>

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
dll config and web.config and Label Expressions (binding label text to dll config settings) CSharpner ASP .Net 0 04-09-2007 09:00 PM
Win Xp disk will not wotk Andy Petro Computer Support 2 03-21-2007 02:38 PM
IIS 6.0 win2003, IIS users moe_rodrigue MCSE 1 04-01-2004 07:37 AM
ASP.NET application works in IIS PWS, but not in remote IIS. Matthew Louden ASP .Net 3 11-07-2003 09:58 PM
.NET IIS to IIS credentials problem... Grind Boy ASP .Net 4 08-14-2003 12:59 PM



Advertisments