DevX Home    Today's Headlines   Articles Archive   Tip Bank   Forums   

Results 1 to 12 of 12

Thread: Authentication

  1. #1
    Kirk Guest

    Authentication


    Hi,

    I would like to do authentication programmatically.
    Currently, IIS handles authentication for 'secure' folders on the website.
    What I want to do is to provide all my clients with a login webpage with
    a username/password form.
    When the client types in their username/password for the NT account on the
    web server, I want to somehow authenticate them with ASP, like IIS does when
    it brings up that dialog box and asks for the username and password.
    Once authenticated, I will then access a database that will return the URL
    to the client's folder to which they have access with that NT account username/password
    and redirect their browser to that URL.

    Thanks

    Bye


  2. #2
    Michael Howard Guest

    Re: Authentication


    this is all very easy to do. All you need to do is offer a form which asks
    for user's name and pwd - you can they get this data from the form using
    ASP and perform a database lookup to see if that username and password exists.
    if you wanted to get really fancy, you could also have a list of valid urls
    the user is allowed to access and everything else is disallowed.

    make sure you read my article on web-based input before continuing.

    YOU HAVE BEEN WARNED :-)

    "Kirk" <khaynes@digitalconsulting.net> wrote:
    >
    >Hi,
    >
    >I would like to do authentication programmatically.
    >Currently, IIS handles authentication for 'secure' folders on the website.
    >What I want to do is to provide all my clients with a login webpage with
    >a username/password form.
    >When the client types in their username/password for the NT account on the
    >web server, I want to somehow authenticate them with ASP, like IIS does

    when
    >it brings up that dialog box and asks for the username and password.
    >Once authenticated, I will then access a database that will return the URL
    >to the client's folder to which they have access with that NT account username/password
    >and redirect their browser to that URL.
    >
    >Thanks
    >
    >Bye
    >



  3. #3
    Kirk Guest

    Re: Authentication


    What does what you've suggested have to do with logging on a user with an
    NT authentication on directories?

    "Michael Howard" <mikehow@microsoft.com> wrote:
    >
    >this is all very easy to do. All you need to do is offer a form which asks
    >for user's name and pwd - you can they get this data from the form using
    >ASP and perform a database lookup to see if that username and password exists.
    >if you wanted to get really fancy, you could also have a list of valid urls
    >the user is allowed to access and everything else is disallowed.
    >
    >make sure you read my article on web-based input before continuing.
    >
    >YOU HAVE BEEN WARNED :-)
    >
    >"Kirk" <khaynes@digitalconsulting.net> wrote:
    >>
    >>Hi,
    >>
    >>I would like to do authentication programmatically.
    >>Currently, IIS handles authentication for 'secure' folders on the website.
    >>What I want to do is to provide all my clients with a login webpage with
    >>a username/password form.
    >>When the client types in their username/password for the NT account on

    the
    >>web server, I want to somehow authenticate them with ASP, like IIS does

    >when
    >>it brings up that dialog box and asks for the username and password.
    >>Once authenticated, I will then access a database that will return the

    URL
    >>to the client's folder to which they have access with that NT account username/password
    >>and redirect their browser to that URL.
    >>
    >>Thanks
    >>
    >>Bye
    >>

    >



  4. #4
    Michael Howard Guest

    Re: Authentication


    if that's all you want to do then it's even easier! just elect to use any
    of the auth schemes built into IIS on the vdir, dir or file in question and
    the user will be prompted to enter their creds.

    "Kirk" <khaynes@digitalconsulting.net> wrote:
    >
    >What does what you've suggested have to do with logging on a user with an
    >NT authentication on directories?
    >
    >"Michael Howard" <mikehow@microsoft.com> wrote:
    >>
    >>this is all very easy to do. All you need to do is offer a form which asks
    >>for user's name and pwd - you can they get this data from the form using
    >>ASP and perform a database lookup to see if that username and password

    exists.
    >>if you wanted to get really fancy, you could also have a list of valid

    urls
    >>the user is allowed to access and everything else is disallowed.
    >>
    >>make sure you read my article on web-based input before continuing.
    >>
    >>YOU HAVE BEEN WARNED :-)
    >>
    >>"Kirk" <khaynes@digitalconsulting.net> wrote:
    >>>
    >>>Hi,
    >>>
    >>>I would like to do authentication programmatically.
    >>>Currently, IIS handles authentication for 'secure' folders on the website.
    >>>What I want to do is to provide all my clients with a login webpage with
    >>>a username/password form.
    >>>When the client types in their username/password for the NT account on

    >the
    >>>web server, I want to somehow authenticate them with ASP, like IIS does

    >>when
    >>>it brings up that dialog box and asks for the username and password.
    >>>Once authenticated, I will then access a database that will return the

    >URL
    >>>to the client's folder to which they have access with that NT account

    username/password
    >>>and redirect their browser to that URL.
    >>>
    >>>Thanks
    >>>
    >>>Bye
    >>>

    >>

    >



  5. #5
    Kirk Guest

    Re: Authentication


    See, you're missing the point of my post. If you re-read the 1st line, you'll
    see that I'm trying to do this programmatically. And if you read on, you'll
    see that I'm trying to avoid having that dialog box come up.

    >>>>I would like to do authentication programmatically.
    >>>>Currently, IIS handles authentication for 'secure' folders on the website.
    >>>>What I want to do is to provide all my clients with a login webpage with
    >>>>a username/password form.
    >>>>When the client types in their username/password for the NT account on

    >>the
    >>>>web server, I want to somehow authenticate them with ASP, like IIS does
    >>>when
    >>>>it brings up that dialog box and asks for the username and password.
    >>>>Once authenticated, I will then access a database that will return the

    >>URL
    >>>>to the client's folder to which they have access with that NT account

    >username/password
    >>>>and redirect their browser to that URL.
    >>>>
    >>>>Thanks
    >>>>
    >>>>Bye
    >>>>
    >>>

    >>

    >



  6. #6
    Eli Allen Guest

    Re: Authentication

    I don't think you can do that with anything built in (assuming you aren't
    using ASP.net) You may be able to code an object that can make the thread
    impersonate a different user though.
    --
    Eli Allen
    eallen@bcpl.net

    "Kirk" <khaynes@digitalconsulting.net> wrote in message
    news:3aad9a9b$1@news.devx.com...
    >
    > What does what you've suggested have to do with logging on a user with an
    > NT authentication on directories?
    >
    > "Michael Howard" <mikehow@microsoft.com> wrote:
    > >
    > >this is all very easy to do. All you need to do is offer a form which

    asks
    > >for user's name and pwd - you can they get this data from the form using
    > >ASP and perform a database lookup to see if that username and password

    exists.
    > >if you wanted to get really fancy, you could also have a list of valid

    urls
    > >the user is allowed to access and everything else is disallowed.
    > >
    > >make sure you read my article on web-based input before continuing.
    > >
    > >YOU HAVE BEEN WARNED :-)
    > >
    > >"Kirk" <khaynes@digitalconsulting.net> wrote:
    > >>
    > >>Hi,
    > >>
    > >>I would like to do authentication programmatically.
    > >>Currently, IIS handles authentication for 'secure' folders on the

    website.
    > >>What I want to do is to provide all my clients with a login webpage with
    > >>a username/password form.
    > >>When the client types in their username/password for the NT account on

    > the
    > >>web server, I want to somehow authenticate them with ASP, like IIS does

    > >when
    > >>it brings up that dialog box and asks for the username and password.
    > >>Once authenticated, I will then access a database that will return the

    > URL
    > >>to the client's folder to which they have access with that NT account

    username/password
    > >>and redirect their browser to that URL.
    > >>
    > >>Thanks
    > >>
    > >>Bye
    > >>

    > >

    >




  7. #7
    Michael Howard Guest

    Re: Authentication


    out of interest - why do you wanna do it programmatically? you can always
    use, say, basic auth and stuff the username and password in as part of the
    uri? no work required by you!


    "Kirk" <khaynes@digitalconsulting.net> wrote:
    >
    >See, you're missing the point of my post. If you re-read the 1st line, you'll
    >see that I'm trying to do this programmatically. And if you read on, you'll
    >see that I'm trying to avoid having that dialog box come up.
    >
    >>>>>I would like to do authentication programmatically.
    >>>>>Currently, IIS handles authentication for 'secure' folders on the website.
    >>>>>What I want to do is to provide all my clients with a login webpage

    with
    >>>>>a username/password form.
    >>>>>When the client types in their username/password for the NT account

    on
    >>>the
    >>>>>web server, I want to somehow authenticate them with ASP, like IIS does
    >>>>when
    >>>>>it brings up that dialog box and asks for the username and password.
    >>>>>Once authenticated, I will then access a database that will return the
    >>>URL
    >>>>>to the client's folder to which they have access with that NT account

    >>username/password
    >>>>>and redirect their browser to that URL.
    >>>>>
    >>>>>Thanks
    >>>>>
    >>>>>Bye
    >>>>>
    >>>>
    >>>

    >>

    >



  8. #8
    Michael Howard Guest

    Re: Authentication


    this may not work in all cases because to log a user on in win2000 (and nt4)
    you need TCB priv and the asp page is already impersonating a user which
    would not have TCB priv, so the call to LogonUser() would fail owing to lack
    of priv.

    "Eli Allen" <eallen@bcpl.net> wrote:
    >I don't think you can do that with anything built in (assuming you aren't
    >using ASP.net) You may be able to code an object that can make the thread
    >impersonate a different user though.
    >--
    >Eli Allen
    >eallen@bcpl.net
    >
    >"Kirk" <khaynes@digitalconsulting.net> wrote in message
    >news:3aad9a9b$1@news.devx.com...
    >>
    >> What does what you've suggested have to do with logging on a user with

    an
    >> NT authentication on directories?
    >>
    >> "Michael Howard" <mikehow@microsoft.com> wrote:
    >> >
    >> >this is all very easy to do. All you need to do is offer a form which

    >asks
    >> >for user's name and pwd - you can they get this data from the form using
    >> >ASP and perform a database lookup to see if that username and password

    >exists.
    >> >if you wanted to get really fancy, you could also have a list of valid

    >urls
    >> >the user is allowed to access and everything else is disallowed.
    >> >
    >> >make sure you read my article on web-based input before continuing.
    >> >
    >> >YOU HAVE BEEN WARNED :-)
    >> >
    >> >"Kirk" <khaynes@digitalconsulting.net> wrote:
    >> >>
    >> >>Hi,
    >> >>
    >> >>I would like to do authentication programmatically.
    >> >>Currently, IIS handles authentication for 'secure' folders on the

    >website.
    >> >>What I want to do is to provide all my clients with a login webpage

    with
    >> >>a username/password form.
    >> >>When the client types in their username/password for the NT account

    on
    >> the
    >> >>web server, I want to somehow authenticate them with ASP, like IIS does
    >> >when
    >> >>it brings up that dialog box and asks for the username and password.
    >> >>Once authenticated, I will then access a database that will return the

    >> URL
    >> >>to the client's folder to which they have access with that NT account

    >username/password
    >> >>and redirect their browser to that URL.
    >> >>
    >> >>Thanks
    >> >>
    >> >>Bye
    >> >>
    >> >

    >>

    >
    >



  9. #9
    Eli Allen Guest

    Re: Authentication

    Say you have a list of users in a table in a SQL DB. But you only have a
    few types of users in that table so you only create a few user accounts to
    handle ACL and other security stuff.

    That requires much less work if each user requires a tuple in the DB since
    it doesn't require handling lots of user accounts.
    --
    Eli Allen
    eallen@bcpl.net

    "Michael Howard" <mikehow@microsoft.com> wrote in message
    news:3aafeef4$1@news.devx.com...
    >
    > out of interest - why do you wanna do it programmatically? you can always
    > use, say, basic auth and stuff the username and password in as part of the
    > uri? no work required by you!
    >
    >
    > "Kirk" <khaynes@digitalconsulting.net> wrote:
    > >
    > >See, you're missing the point of my post. If you re-read the 1st line,

    you'll
    > >see that I'm trying to do this programmatically. And if you read on,

    you'll
    > >see that I'm trying to avoid having that dialog box come up.
    > >
    > >>>>>I would like to do authentication programmatically.
    > >>>>>Currently, IIS handles authentication for 'secure' folders on the

    website.
    > >>>>>What I want to do is to provide all my clients with a login webpage

    > with
    > >>>>>a username/password form.
    > >>>>>When the client types in their username/password for the NT account

    > on
    > >>>the
    > >>>>>web server, I want to somehow authenticate them with ASP, like IIS

    does
    > >>>>when
    > >>>>>it brings up that dialog box and asks for the username and password.
    > >>>>>Once authenticated, I will then access a database that will return

    the
    > >>>URL
    > >>>>>to the client's folder to which they have access with that NT account
    > >>username/password
    > >>>>>and redirect their browser to that URL.
    > >>>>>
    > >>>>>Thanks
    > >>>>>
    > >>>>>Bye
    > >>>>>
    > >>>>
    > >>>
    > >>

    > >

    >




  10. #10
    Kirk Guest

    Re: Authentication


    I would say that it would not be very secure doing it that way, wouldn't you?

    I've been looking into this for the past few days and a meta-database of
    some sort keeps being referred to in several texts that purposefully sidestep
    their way around the issue I'm trying to explore.

    Ring any bells?

    "Michael Howard" <mikehow@microsoft.com> wrote:
    >
    >out of interest - why do you wanna do it programmatically? you can always
    >use, say, basic auth and stuff the username and password in as part of the
    >uri? no work required by you!



  11. #11
    Michael Howard Guest

    Re: Authentication


    to do this kinda stuff programmaticaly you need a username and password, which
    basic auth gives you. whether you use a forms-based approach, or basic auth
    - you need the password.

    >Ring any bells?

    not sure what you mean!

    "Kirk" <khaynes@digitalconsulting.net> wrote:
    >
    >I would say that it would not be very secure doing it that way, wouldn't

    you?
    >
    >I've been looking into this for the past few days and a meta-database of
    >some sort keeps being referred to in several texts that purposefully sidestep
    >their way around the issue I'm trying to explore.
    >
    >Ring any bells?
    >
    >"Michael Howard" <mikehow@microsoft.com> wrote:
    >>
    >>out of interest - why do you wanna do it programmatically? you can always
    >>use, say, basic auth and stuff the username and password in as part of

    the
    >>uri? no work required by you!

    >



  12. #12
    Kirk Guest

    Re: Authentication


    I think you have been up 20 hours before you post here. OF COURSE YOU NEED
    THE PASSWORD. WHAT ARE YOU TALKING ABOUT! Get some sleep!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center
 
 
FAQ
Latest Articles
Java
.NET
XML
Database
Enterprise
Questions? Contact us.
C++
Web Development
Wireless
Latest Tips
Open Source


   Development Centers

   -- Android Development Center
   -- Cloud Development Project Center
   -- HTML5 Development Center
   -- Windows Mobile Development Center