RE: Reading username if authentication failed?

From: Martin Smith (martinsmonline@microsoft.com)
Date: 06/05/02

Next message: Jack Brewster: "Re: Can't download exe's from my own site"
Previous message: Frank Reissner: "IIS + Cgi User_account"
In reply to: Hafis: "Reading username if authentication failed?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: martinsmonline@microsoft.com (Martin Smith)
Date: Wed, 05 Jun 2002 15:53:00 GMT

Hi,

You can use the Request object in ASP. Check out the below page.

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/iisref/html
/psdk/asp/vbob5vsj.asp

Thanks,
Martin

A new Security patch is available for IIS. Please read the information
available at:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
bulletin/MS02-018.asp

This posting is provided AS IS with no warranties, and confers no rights.

----------------------------------------------------------------------------
----------------------------------------------------------------------
Content-Class: urn:content-classes:message
From: "Hafis" <ghannam@gmx.net>
Sender: "Hafis" <ghannam@gmx.net>
Subject: Reading username if authentication failed?
Date: Tue, 4 Jun 2002 08:57:48 -0700
Lines: 21
Message-ID: <b00801c20be0$92a7b740$b1e62ecf@tkmsftngxa04>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Thread-Index: AcIL4JKn+1Ad7anVSMOhtMULWIOIvg==
Newsgroups: microsoft.public.inetserver.iis.security
NNTP-Posting-Host: TKMSFTNGXA04 10.201.232.163
Path: cpmsftngxa08!cpmsftngxa06!cpmsftngxa07
Xref: cpmsftngxa08 microsoft.public.inetserver.iis.security:7279
X-Tomcat-NG: microsoft.public.inetserver.iis.security

Hi Group,

one more post concerning Authentication and IIS.
If a user tries to log in through the popup window, is
there any chance to read his username to do a second
authorization step

a) if the user successfully logged in
b) if the user failed to log in

I do need the username in the second step to avoid another
html form based login step. I have seen this many times on
other sites. Is the username stored in a session variable?
What if I want to user the username and password to query
against other data like Name and others using LDAP?
Therefore i would need his username (and maybe password)

stored in session variables.

Thanks in advance for your help,

Hafis

Next message: Jack Brewster: "Re: Can't download exe's from my own site"
Previous message: Frank Reissner: "IIS + Cgi User_account"
In reply to: Hafis: "Reading username if authentication failed?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: [PHP] Authentication
... If memory doesn't fail me, if you work with IIS and protect the source pages of the application so that IUSR_xxxxx doesn't have access to those files and instead grant access to the NT users or groups which you want, the IIS when working with IE clients will take care of that as long as they are all in the same domain. ... I did it with IIS 3 and IE4 and it worked, I am not completely sure about the details, but it is something you do in the server administration and you don't need to do any programming at all, if the person reaches the page it is because it is who he says it is. ... Otherwise, no browser will give you access to any sensitive information on the client machine, nothing that someone, anyone, might pick on the server side just by receiving a page request. ... If you can find a JavaScript function to snoop the username, ...
(php.general)
RE: IIS 4 Security
... > Subject: IIS 4 Security ... > password protected web site is hosted using IIS 4 w/o ... > username and password. ... I would probably exploit 'Malformed HTR Request', ...
(Focus-Microsoft)
Re: identify disabled users and bad bad passwords
... which probably related to dynamic scripting, etc, hence IIS only ... >> the w3c extended iis log format. ... >> Bernard Cheah ... >>> The system takes both disabled accounts and bad username and password ...
(microsoft.public.inetserver.iis.security)
Re: Integrated Windows Authentication
... > Yes the IIS is part of a domain... ... > The error is just access denied in the browser after 3 attempts at putting ... > in the username and password. ... >> Rgds. ...
(microsoft.public.inetserver.iis.security)
Re: security between serving files from a fileshare
... Microsoft MVP - Windows Security ... Any other ideas, as I can browse to the file in iis manager, yet I ... When entering username ...
(microsoft.public.inetserver.iis.security)