Re: Pass through authentication

Are you sure the password is sent as a header -- because I am not aware of
any popular web browser that allows this unless you are running custom
client-side code.


If you are using Basic Authentication protocol in IIS you can trivially use
the AUTH_USER and AUTH_PASSWORD server variables to get what you want in
ASP. This is all documented on MSDN.

--
//David
IIS
http://blogs.msdn.com/David.Wang
This posting is provided "AS IS" with no warranties, and confers no rights.
//

"RaziLevin" <RaziLevin@xxxxxxxxxxx> wrote in message
news:1137171747.260119.225850@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> David,
>
> Thank you for the reply. I am using Basic Authentication protocol
> behind a corporate firewall. The browser sends the password as a header
> field. How can I access it? I have deployed third party software within
> IIS that does do this.
>
> Thanks
>
> David Wang [Msft] wrote:
>> Only insecure protocols like Basic authentication will give you that
>> behavior.
>>
>> Secure protocols never pass the user's password to the server, so you can
>> never "look it up" nor implicitly delegate from that server to another
>> server.
>>
>> I suggest you use secure protocols and mechanisms to delegate
>> credentials,
>> such as with Protocol Transitioning and Constrained Delegation in Windows
>> Server 2003. Everything else is pretty much insecure unless it does
>> something similar.
>>
>> --
>> //David
>> IIS
>> http://blogs.msdn.com/David.Wang
>> This posting is provided "AS IS" with no warranties, and confers no
>> rights.
>> //
>>
>> "RaziLevin" <RaziLevin@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> news:D6F36A1A-FBD6-42B9-BBF6-AA87DF43C771@xxxxxxxxxxxxxxxx
>> > Hello,
>> >
>> > I was wondering how I could implement pass through authentication. What
>> > I
>> > need is to be able to programmatically retrieve a users password so
>> > that I
>> > may pass that information along to another website.
>> > Request.ServerVariables("REMOTE_USER") will give me the username how
>> > can I
>> > get the password in ASP. If any more information is needed I will
>> > provide
>> > it.
>> >
>> > Razi
>> >
>


.

Relevant Pages

  • Re: Passing credentials
    ... > I have two web sites on the same IIS ... > server. ... Site B is set with 'Basic Authentication' mode. ... Tom Kaminski IIS MVP ...
    (microsoft.public.inetserver.iis.security)
  • Re: IIS Guru Help Please
    ... Check the login rights granted to this local USeRx ... the IIS server box. ... so clients can connect and the basic authentication works fine. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Certificate Server 2.0
    ... using basic authentication on IIS 5.0. ... Is there any other way to have a secure web folder? ... IIS server is directly connected to the internet, ...
    (microsoft.public.inetserver.iis.security)
  • Re: View Type of Protocol
    ... The manager shows the connections for ... protocol being used between a client and server? ... Server can use Named Pipes if TCP/IP is not available. ... IIS is not involved in this. ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: View Type of Protocol
    ... and it doesn't show the protocol ... Basically, we have an IIS ... server and separate SQL server. ...
    (microsoft.public.dotnet.framework.aspnet)