Re: Detecting previously authenticated users.
From: Ken Schaefer (kenRMV@THISadOpenStatic.com)
Date: 11/06/02
- Next message: Walter: "Internet Information Server"
- Previous message: Karl Levinson [x y] mvp: "Re: Outside connections cannot connect to web server"
- In reply to: Shaun: "Detecting previously authenticated users."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Ken Schaefer" <kenRMV@THISadOpenStatic.com> Date: Wed, 6 Nov 2002 18:15:43 +1100
If you're using ASP (or similar), you can set the Response.Status to 403 Not
Authorized, eg:
<%
' You'll need more than this, but it's a start
If Request.ServerVariables("Logon_User") = "" then
' Force browser to send credentials from before
Response.Status = "403 Not Authorized"
Response.End
Else
Response.Redirect(...secure site...)
End If
%>
Cheers
Ken
-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Shaun" <sryan@wakefield.gov.uk> wrote in message news:5891fa87.0211050729.4ddfd9dd@posting.google.com... > Does anyone have a solution to this problem: > > I have a site within which is a secure directory (secured using NTLM). > A handful of users are authorized to enter the secure directory, and > obviously they need to log in, which they do via a login page. > However, they may also navigate back to the insecure pages of the site > from time to time before going back to the pages in the secure > directory. > > All links to the secure pages point to a portal page (located outside > the secure directory) that contains script which ascertains if they > have previously logged in. The script checks the LOGON_USER variable. > If it has a value the user is redirected to the secure directory. If > it doesn't he/she is redirected to the login page. > > The problem is that even though a user may have logged in, if they > then navigate outside the secure directory the LOGON_USER variable is > empty when it is checked (though very occassionally it does retain the > username). > > Does anyone know of a way to check, from OUTSIDE the secure directory, > if a user has logged in to the secure directory at some point > previously. Obviously, a session variable would do the trick but I > can't use them due to a company directive. > > By the way, the PermissionChecker object has the same flaw as the > LOGIN_USER variable in that it wont work outside a secure directory. > Any help would be appreciated. > > Thanks in anticipation. > > Shaun
- Next message: Walter: "Internet Information Server"
- Previous message: Karl Levinson [x y] mvp: "Re: Outside connections cannot connect to web server"
- In reply to: Shaun: "Detecting previously authenticated users."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
Loading
