Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP General > Possible to verify user login?

Reply
Thread Tools

Possible to verify user login?

 
 
Devin
Guest
Posts: n/a
 
      10-21-2008
Hi,

This might seem a little bit disjointed. My boss is suggesting I take
a certain approach to something. There is a private section of the
intranet (its essentially its own section as few users would have use
for it or even know of its existence) and when a user logs on to the
home page of this intranet site ASP should verify that they are
allowed to be there (based on them logging on to the network when they
logged on to their PC).

I suppose it could be done with folder permissions. I don't really
see how else though.

Any suggestions or questions about my question?


D
 
Reply With Quote
 
 
 
 
Tim Slattery
Guest
Posts: n/a
 
      10-21-2008
Devin <(E-Mail Removed)> wrote:

>Hi,
>
>This might seem a little bit disjointed. My boss is suggesting I take
>a certain approach to something. There is a private section of the
>intranet (its essentially its own section as few users would have use
>for it or even know of its existence) and when a user logs on to the
>home page of this intranet site ASP should verify that they are
>allowed to be there (based on them logging on to the network when they
>logged on to their PC).


You can retrieve the ID of the person accessing your ASP system using
request.servervariables("LOGIN_USER"). (Presumably they won't be able
to even get to your site, or use the LAN at all, unless they are
properly logged on. Once you've got their userid, you can decide
whether the user should be allowed to use your system.

--
Tim Slattery
MS MVP(Shell/User)
http://www.velocityreviews.com/forums/(E-Mail Removed)
http://members.cox.net/slatteryt
 
Reply With Quote
 
 
 
 
Anthony Jones
Guest
Posts: n/a
 
      10-21-2008
"Devin" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hi,
>
> This might seem a little bit disjointed. My boss is suggesting I take
> a certain approach to something. There is a private section of the
> intranet (its essentially its own section as few users would have use
> for it or even know of its existence) and when a user logs on to the
> home page of this intranet site ASP should verify that they are
> allowed to be there (based on them logging on to the network when they
> logged on to their PC).
>
> I suppose it could be done with folder permissions. I don't really
> see how else though.
>
> Any suggestions or questions about my question?
>


Yes folder permissions would be the way to achieve this. Turn off anonymous
access and turn on windows integrated. Create a Group in AD which
represents the set of users that should have access to this application and
grant that group read access on the folder and contents which holds the
applicaiton. Add the users that should have access to the Group.

If you are using a FQDN for the server then the users will need to add that
FQDN to their set of sites considered to be an intranet site (a simple host
name is assumed by IE to be an intranet site).

If your ASP code needs to discover which of the users is actually using the
app then you can use the AUTH_USER server variable.


--
Anthony Jones - MVP ASP/ASP.NET

 
Reply With Quote
 
Evertjan.
Guest
Posts: n/a
 
      10-21-2008
Anthony Jones wrote on 21 okt 2008 in
microsoft.public.inetserver.asp.general:

> "Devin" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)..
> .
>> Hi,
>>
>> This might seem a little bit disjointed. My boss is suggesting I
>> take a certain approach to something. There is a private section of
>> the intranet (its essentially its own section as few users would have
>> use for it or even know of its existence) and when a user logs on to
>> the home page of this intranet site ASP should verify that they are
>> allowed to be there (based on them logging on to the network when
>> they logged on to their PC).
>>
>> I suppose it could be done with folder permissions. I don't really
>> see how else though.
>>
>> Any suggestions or questions about my question?
>>

>
> Yes folder permissions would be the way to achieve this. Turn off
> anonymous access and turn on windows integrated. Create a Group in AD
> which represents the set of users that should have access to this
> application and grant that group read access on the folder and
> contents which holds the applicaiton. Add the users that should have
> access to the Group.
>
> If you are using a FQDN for the server then the users will need to add
> that FQDN to their set of sites considered to be an intranet site (a
> simple host name is assumed by IE to be an intranet site).
>
> If your ASP code needs to discover which of the users is actually
> using the app then you can use the AUTH_USER server variable.


Why not set a session variable on logon for those users,
and simply test those pages with an include for that session variable?
No need for folder permissions if all you want is page access
restrictions.

If you want folder restrictions without IIS authentication you could set
up virtual folders and streaming.




--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)
 
Reply With Quote
 
Anthony Jones
Guest
Posts: n/a
 
      10-22-2008
"Evertjan." <(E-Mail Removed)> wrote in message
news:Xns9B3EECCA693E1eejj99@194.109.133.242...
> Anthony Jones wrote on 21 okt 2008 in
> microsoft.public.inetserver.asp.general:
>
>> "Devin" <(E-Mail Removed)> wrote in message
>> news:(E-Mail Removed)..
>> .
>>> Hi,
>>>
>>> This might seem a little bit disjointed. My boss is suggesting I
>>> take a certain approach to something. There is a private section of
>>> the intranet (its essentially its own section as few users would have
>>> use for it or even know of its existence) and when a user logs on to
>>> the home page of this intranet site ASP should verify that they are
>>> allowed to be there (based on them logging on to the network when
>>> they logged on to their PC).
>>>
>>> I suppose it could be done with folder permissions. I don't really
>>> see how else though.
>>>
>>> Any suggestions or questions about my question?
>>>

>>
>> Yes folder permissions would be the way to achieve this. Turn off
>> anonymous access and turn on windows integrated. Create a Group in AD
>> which represents the set of users that should have access to this
>> application and grant that group read access on the folder and
>> contents which holds the applicaiton. Add the users that should have
>> access to the Group.
>>
>> If you are using a FQDN for the server then the users will need to add
>> that FQDN to their set of sites considered to be an intranet site (a
>> simple host name is assumed by IE to be an intranet site).
>>
>> If your ASP code needs to discover which of the users is actually
>> using the app then you can use the AUTH_USER server variable.

>
> Why not set a session variable on logon for those users,
> and simply test those pages with an include for that session variable?
> No need for folder permissions if all you want is page access
> restrictions.
>
> If you want folder restrictions without IIS authentication you could set
> up virtual folders and streaming.
>
>


Because it easier to simply assign a group and manage membership with AD.
No code necessary. What you're proposing is way harder and slower to boot.


--
Anthony Jones - MVP ASP/ASP.NET

 
Reply With Quote
 
Evertjan.
Guest
Posts: n/a
 
      10-23-2008
Anthony Jones wrote on 22 okt 2008 in
microsoft.public.inetserver.asp.general:

I wrote:
>> Why not set a session variable on logon for those users,
>> and simply test those pages with an include for that session
>> variable? No need for folder permissions if all you want is page
>> access restrictions.
>>
>> If you want folder restrictions without IIS authentication you could
>> set up virtual folders and streaming.
>>

>
> Because it easier to simply assign a group and manage membership with
> AD. No code necessary. What you're proposing is way harder


Anthony, you are only referring to site owners that own the server or have
at least access to the IIS, many of us are not that fortunate.

> and slower to boot.


Why?
And if so does that matter?
Or are you referring to something else than machine boots?

"These boots are made for walking"
<http://www.youtube.com/watch?v=7OU7Nezg7Ls>

--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)
 
Reply With Quote
 
Anthony Jones
Guest
Posts: n/a
 
      10-23-2008
"Evertjan." <(E-Mail Removed)> wrote in message
news:Xns9B40AB74CDD0eejj99@194.109.133.242...
> Anthony Jones wrote on 22 okt 2008 in
> microsoft.public.inetserver.asp.general:
>
> I wrote:
>>> Why not set a session variable on logon for those users,
>>> and simply test those pages with an include for that session
>>> variable? No need for folder permissions if all you want is page
>>> access restrictions.
>>>
>>> If you want folder restrictions without IIS authentication you could
>>> set up virtual folders and streaming.
>>>

>>
>> Because it easier to simply assign a group and manage membership with
>> AD. No code necessary. What you're proposing is way harder

>
> Anthony, you are only referring to site owners that own the server or have
> at least access to the IIS, many of us are not that fortunate.
>


The OP is refering to carving out a private section of an intranet. Also
specifically referenced is the use of network logged in users.

>> and slower to boot.

>
> Why?
> And if so does that matter?
> Or are you referring to something else than machine boots?
>
> "These boots are made for walking"
> <http://www.youtube.com/watch?v=7OU7Nezg7Ls>
>


My apologies, I forgot the international nature of NGs. In the part of the
global I live in "to boot" can loosely mean "as well as" or "in addition" in
the context that I used it. The etomolgy of such use is mystifying.

--
Anthony Jones - MVP ASP/ASP.NET

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How to verify if a user has been authenticated asimhg ASP .Net 0 02-04-2010 07:26 PM
How to verify if a user has been authenticated asimhg Computer Security 0 02-04-2010 07:25 PM
Verify User's credentials John Beschler ASP .Net 1 09-18-2009 01:10 PM
verify a user David Bear Python 1 01-19-2006 02:55 AM
What is the best approach to verify a user? =?Utf-8?B?QW5kcmV3?= ASP .Net 5 11-03-2005 12:40 AM



Advertisments