Log on a user via ASP script?

Discussion in 'ASP General' started by Brian Madden, Feb 25, 2005.

  1. Brian Madden

    Brian Madden Guest

    Hello Everyone,

    This is sort of a followup to the protecting files question I asked earlier
    today.

    I would like to protect a file so that only certain users could download it
    from my website. It would be very easy for me to simply use IIS Admin to
    remove anonymous access to that file and to create a new account on the web
    server and give those account credentials to my users. That would prohibit
    people from directly accessing the file unless they knew the username and
    password.

    My question is this: Is there a way for me to write an ASP page that
    "embeds" these logon credentials into a hyperlink to a page, or that
    automatically logs a user on with hard-coded credentials?

    What I'm thinking is that I can authenticate my users against my own app's
    database, and then if successful I could perform a behind-the-scenes basic
    Windows logon (with all users using the same Windows account) to actually
    provide the file to the users. (In my case, my user accounts are stored in
    SQL--they are not windows accounts.)

    I'm pretty good at figuring out stuff for myself, but I'm not sure that I'm
    searching on the right terms in Google and MSDN. What would I use to do what
    I want to do?

    My flow would look like this:
    1. default.asp (has html form for credentials)
    2. nextpage.asp (authenticates user to my DB and if successful, performs
    Windows basic logon to authenticate the user to IIS with a generic account.
    At this point we would switch over from "iusr_computername" to "user1" or
    whatever generic name I pick)
    3. Now that we're authenticated to IIS, the page could link to the
    NTFS-permissioned files.

    Using ASP to perform a basic windows logon in step 2 is the section I'm
    having trouble with.

    Thanks a million,
    Brian
     
    Brian Madden, Feb 25, 2005
    #1
    1. Advertising

  2. Brian Madden

    Brian Madden Guest

    I should add to this question:

    I'm thinking that since basic windows authentication is done via the HTTP
    header, that maybe I could write an ASP page that forwards (like
    response.redirect) to another page but that includes my custom header with
    the credentials inside?

    a. Is that possible?
    b. Would that prevent users from seeing my custom header and then user
    credentials?

    Thanks again,
    Brian

    "Brian Madden" <> wrote in message
    news:...
    > Hello Everyone,
    >
    > This is sort of a followup to the protecting files question I asked
    > earlier today.
    >
    > I would like to protect a file so that only certain users could download
    > it from my website. It would be very easy for me to simply use IIS Admin
    > to remove anonymous access to that file and to create a new account on the
    > web server and give those account credentials to my users. That would
    > prohibit people from directly accessing the file unless they knew the
    > username and password.
    >
    > My question is this: Is there a way for me to write an ASP page that
    > "embeds" these logon credentials into a hyperlink to a page, or that
    > automatically logs a user on with hard-coded credentials?
    >
    > What I'm thinking is that I can authenticate my users against my own app's
    > database, and then if successful I could perform a behind-the-scenes basic
    > Windows logon (with all users using the same Windows account) to actually
    > provide the file to the users. (In my case, my user accounts are stored in
    > SQL--they are not windows accounts.)
    >
    > I'm pretty good at figuring out stuff for myself, but I'm not sure that
    > I'm searching on the right terms in Google and MSDN. What would I use to
    > do what I want to do?
    >
    > My flow would look like this:
    > 1. default.asp (has html form for credentials)
    > 2. nextpage.asp (authenticates user to my DB and if successful, performs
    > Windows basic logon to authenticate the user to IIS with a generic
    > account. At this point we would switch over from "iusr_computername" to
    > "user1" or whatever generic name I pick)
    > 3. Now that we're authenticated to IIS, the page could link to the
    > NTFS-permissioned files.
    >
    > Using ASP to perform a basic windows logon in step 2 is the section I'm
    > having trouble with.
    >
    > Thanks a million,
    > Brian
    >
     
    Brian Madden, Feb 25, 2005
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Henrik_the_boss
    Replies:
    0
    Views:
    2,660
    Henrik_the_boss
    Nov 5, 2003
  2. Amratash
    Replies:
    0
    Views:
    530
    Amratash
    Apr 13, 2004
  3. =?Utf-8?B?VG9tIFdpbmdlcnQ=?=

    My.Log.Writeexception not writing to Application Event Log.

    =?Utf-8?B?VG9tIFdpbmdlcnQ=?=, Jan 20, 2006, in forum: ASP .Net
    Replies:
    0
    Views:
    2,383
    =?Utf-8?B?VG9tIFdpbmdlcnQ=?=
    Jan 20, 2006
  4. Tom Wingert
    Replies:
    0
    Views:
    333
    Tom Wingert
    Jan 12, 2006
  5. Replies:
    0
    Views:
    1,310
Loading...

Share This Page