Request.form doesn't wotk with this IIS config

Discussion in 'ASP General' started by Laurent Bertin, Dec 13, 2004.

  1. Hi i got a strange problem but it's true i don't make thing like anyone...

    First Config:
    + IIS5.0 SP2 (yes i know...)
    WebSite Security
    Root : Digest Authentication, NT Authenticated
    SubFolders : Anonymous Login
    Anonymous login is set to use a domain user to enable a sql server
    authenticated connection. Permissions are based on Page/action/user Membership

    So i know it is a bit strange but let me explain
    1 I need a secured connection to a sql server
    2 The Webserver is running multiple websites and i don't want to make it run
    under an account
    3 I should avoid to request user and pass

    Now the way it works
    1 Page default on the root is NT authenticated and i retrieve user and group
    membership. I put this in a Cookie.
    2 When i click on one of the page linked it checks if an entry in the
    database exists for specified page, user(from the cookie), action. this page
    is with Anonymous login and so it uses the Account i set as anonymous user.
    3 If it's ok i show the form mixing querystring and form
    4 on submit (javascript function) when i echo all the content of the request
    i only see the querystring.

    NOW if i put Basic authentication on the Page... i see the request.form and
    the request.querystring...

    But i don't want basic authentication as password is sent in clear text and
    this is an administrative (System Admin) web site.


    here is a page as you'll see it is simple... if anyone has an idea...



    <HTML>
    <head>

    <link rel="stylesheet" href="/ERA/Lib/ERA.css" type="text/css">
    <title>EB Automation : Da Vinci</title>



    <SCRIPT TYPE="text/javascript" LANGUAGE="JavaScript">
    <!--



    function SubmitBody(pstrSubmitAction)
    {
    document.frmBody.action = pstrSubmitAction ;
    document.frmBody.submit() ;
    }

    function SubmitForm(pForm, pstrSubmitAction)
    {
    if ((document.getElementById)&& (document.getElementById(pForm)!=null)){
    oForm = document.getElementById(pForm);
    oForm.action = pstrSubmitAction ;
    oForm.submit() ;
    }
    }


    function targetopener(){
    if (! (window.focus && window.opener))return true;
    window.opener.focus();
    window.close();
    return false;
    }

    function popupform(myform, windowname){
    if (! window.focus)return true;
    window.open('', windowname, 'height=200,width=400,scrollbars=yes');
    myform.target=windowname;
    return true;
    }

    function PopupFormCustomize(myform, windowname, iHeight, iWidth){
    if (! window.focus)return true;
    window.open('', windowname, 'height=' + iHeight + ',' + 'width=' + iWidth +
    ',scrollbars=no');
    myform.target=windowname;
    return true;
    }

    function AlertPopup(msg){
    if (window.confirm(msg))
    {
    form.submit();
    }
    else
    {
    //window.back();
    parent.location='default.asp'
    }
    }

    function DisplayMessage(sMessage)
    {
    window.alert(sMessage);
    }


    function RedirectAfterConfirm(sMessage, sURL)
    {
    if (window.confirm(sMessage))
    {
    window.location = sURL
    }
    else
    {
    //do nothing
    }
    }

    function SubmitAfterConfirm(sMessage, sURL)
    {
    if (window.confirm(sMessage))
    {
    document.frmBody.action = sURL;
    document.frmBody.submit();
    }
    else
    {
    //do nothing
    }
    }
    function submitformwithaction(sValue)
    {
    document.myform.action.value=sValue;
    document.myform.submit();
    }


    function VerifySoftFamily(sSoftFamilyVersion)
    {
    window.alert(document.Computer.SoftFamilyId.text);
    if (sSoftFamilyVersion == '1.0')
    {
    //window.alert('The current Software Family Version is 1.0');
    //window.alert(window.SoftFamilyId);
    }
    else
    {
    //do nothing
    }
    }

    function ChangeVisibility(oValueToCheck,oValue,oIdToChange){
    if ((document.getElementById)&&
    (document.getElementById(oIdToChange)!=null)){
    oToChange = document.getElementById(oIdToChange);
    if((oToChange.style)&&(oToChange.style.visibility!=null)){
    oToChange.style.visibility = 'visible';
    }
    if (oValueToCheck==oValue){
    if (oToChange.style.visibility==null){
    oToChange.style.visibility='hidden';
    }else{
    oToChange.style.visibility='visible';
    }
    }else{
    oToChange.style.visibility='hidden';
    }

    }else{
    /* alert('Erreur not compliant '); */
    }

    }
    function outputList(ar, name, size) {
    var strIDs = "<SELECT SIZE=\"" + size + "\" NAME=\"ro_lst" + name + "\">"
    var sel = " SELECTED"
    for (var i=0;i<ar.length;i++) {
    strIDs += "<OPTION " + sel + " VALUE=\"" + ar[0] + "\">" + ar[1]
    sel = ""
    }
    strIDs+="</SELECT>"
    strIDs+="<INPUT NAME=\"" + name + "\" TYPE=hidden>"
    return strIDs
    }

    function outputButton(bDir,name,val) {
    return "<INPUT TYPE=button VALUE=\"" + val + "\" ONCLICK=\"move(this.form,"
    + bDir + ",'" + name + "')\">"
    }

    function move(f,bDir,sName) {
    var el = f.elements["ro_lst" + sName]
    var idx = el.selectedIndex
    if (idx==-1)
    alert("You must first select the item to reorder.")
    else {
    var nxidx = idx+( bDir? -1 : 1)
    if (nxidx<0) nxidx=el.length-1
    if (nxidx>=el.length) nxidx=0
    var oldVal = el[idx].value
    var oldText = el[idx].text
    el[idx].value = el[nxidx].value
    el[idx].text = el[nxidx].text
    el[nxidx].value = oldVal
    el[nxidx].text = oldText
    el.selectedIndex = nxidx
    }
    }

    function processForm(f) {
    for (var i=0;i<f.length;i++) {
    var el = f
    if (el.name.substring(0,6)=="ro_lst") {
    var strIDs = ""
    for (var j=0;j<f.options.length;j++)
    strIDs += f.options[j].value + ", "
    f.elements[f.elements.name.substring(6)].value =
    strIDs.substring(0,strIDs.length-2)
    }
    }
    }
    function processFormAndSubmit(f,sAction) {

    for (var i=0;i<f.length;i++) {
    var el = f
    if (el.name.substring(0,6)=="ro_lst") {
    var strIDs = ""
    for (var j=0;j<f.options.length;j++)
    strIDs += f.options[j].value + ", "
    f.elements[f.elements.name.substring(6)].value =
    strIDs.substring(0,strIDs.length-2)
    }
    }
    SubmitForm(f.name, sAction);
    }

    function FilterAsYouType( sFormName, sListBox, sTextBox, level ) {

    if ( isNaN( level ) ) { level = 1 }


    var f = document.getElementById (sFormName);
    var listbox = document.getElementById(sListBox);
    var textbox = document.getElementById (sTextBox);

    var soFar = textbox.value.toString();
    level = soFar.length;
    var soFarLeft = soFar.substring(0,level).toLowerCase();

    var matched = false;
    var suggestion = '';


    for ( var m = 0; m < listbox.length; m++ ) {
    suggestion = listbox.options[m].text.toString();
    suggestion = suggestion.substring(0,level).toLowerCase();
    if ( soFarLeft == suggestion ) {
    listbox.options[m].selected = true;
    matched = true;
    break;
    }
    }
    if ( matched && level < soFar.length ) { level++; suggestName(level) }
    }

    //-->
    </SCRIPT>

    </head>

    <a name="Show_Environment_Create">

    <TABLE width="800px" cellspacing="0" cellpadding="1" class="Pink" >
    <TH>Create an Environment</TH>
    <tr><td> </td></tr>
    <tr>
    <td colspan="2">
    <FORM id="frmBody" name="frmBody" target="Contents" method="POST">
    <TABLE width="800px" cellspacing="0" cellpadding="1" class="Pink" >
    <tr>
    <td class="pink">Name </td>
    <td class="pink"><input type='text' size=50 name='txtName' value=''
    >

    </td>
    </TR>
    <tr>
    <td class="pink">ShortName </td>
    <td class="pink"><input type='text' size=8 name='txtShort' value=''
    >

    </td>
    </TR>
    <tr>
    <td class="pink">Type</td>
    <td class="pink">
    <select size='1' name='cmbType' class='pink'>
    <option value=''> </option>
    <option value='1'>Physical </option>
    <option value='2'>Logical </option>
    <option value='3'>Rollout </option>
    </select>
    </td>
    </TR>
    </table>
    <input type="button" value="Next" name="btNext" OnClick="return
    SubmitBody('Environments.asp?Action=CreateDb')">
    </form>
    </td>
    </tr>
    </table>

    </body>
    </html>
    Laurent Bertin, Dec 13, 2004
    #1
    1. Advertising

  2. I think there used to be an article a bit more like what you describe than
    this one, but here is the one I can find.
    http://support.microsoft.com/?id=308074 Basically, this is a known issue...

    Ray at work

    "Laurent Bertin" <> wrote in message
    news:...
    > Hi i got a strange problem but it's true i don't make thing like anyone...
    >
    > First Config:
    > + IIS5.0 SP2 (yes i know...)
    > WebSite Security
    > Root : Digest Authentication, NT Authenticated
    > SubFolders : Anonymous Login
    > Anonymous login is set to use a domain user to enable a sql server
    > authenticated connection. Permissions are based on Page/action/user

    Membership
    >


    > 3 If it's ok i show the form mixing querystring and form
    > 4 on submit (javascript function) when i echo all the content of the

    request
    > i only see the querystring.
    Ray Costanzo [MVP], Dec 13, 2004
    #2
    1. Advertising

  3. Well...
    It is true that it seems to be an IE problem as i don't have with Netscape...

    After having a check it seems that IE consider it sends a negociation while
    the server doesn't ask one (no 401 send to client)

    Also weird it the fact that the POST command from the client sends the
    negociation WITHOUT the parameter parts...

    So it seems IE is assuming it needs to send authentication without the
    server asking anything AND that it doesn't send the full POST statement.

    Anyway after going a bit round i am now planning to make the website running
    in isolated level and change DCom to make it use "identify" instead of
    impersonate and use identity to make it run under a defined account.
    And we'll see if it works...

    If you got some info about doing such things... cause i am just looking for
    this since an hour ago.

    Thanks anyway

    "Ray Costanzo [MVP]" wrote:

    > I think there used to be an article a bit more like what you describe than
    > this one, but here is the one I can find.
    > http://support.microsoft.com/?id=308074 Basically, this is a known issue...
    >
    > Ray at work
    >
    > "Laurent Bertin" <> wrote in message
    > news:...
    > > Hi i got a strange problem but it's true i don't make thing like anyone...
    > >
    > > First Config:
    > > + IIS5.0 SP2 (yes i know...)
    > > WebSite Security
    > > Root : Digest Authentication, NT Authenticated
    > > SubFolders : Anonymous Login
    > > Anonymous login is set to use a domain user to enable a sql server
    > > authenticated connection. Permissions are based on Page/action/user

    > Membership
    > >

    >
    > > 3 If it's ok i show the form mixing querystring and form
    > > 4 on submit (javascript function) when i echo all the content of the

    > request
    > > i only see the querystring.

    >
    >
    >
    Laurent Bertin, Dec 13, 2004
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Christian H
    Replies:
    1
    Views:
    856
    Natty Gur
    Jul 29, 2003
  2. Brian Birtle
    Replies:
    2
    Views:
    1,995
    John Saunders
    Oct 16, 2003
  3. =?Utf-8?B?bGVueWFkbw==?=
    Replies:
    2
    Views:
    410
    =?Utf-8?B?bGVueWFkbw==?=
    May 20, 2005
  4. CSharpner
    Replies:
    0
    Views:
    1,000
    CSharpner
    Apr 9, 2007
  5. Raj
    Replies:
    2
    Views:
    119
    Aaron Bertrand [MVP]
    Apr 14, 2004
Loading...

Share This Page