Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Basic Auth
- Thread starter destinyml
- Start date
- Thread starter
- #3
Well you can fake it and send them an fake 401 Access Denied[\b] ... This will cause their browser (assuming IE) to automatically resend the HTTP Request except with the credentials included. So in theory you could grab them and then do something with them.
In practice the way to do this would be to write an ISAPI filter because ASP strips the security credentials out of the header before you can get to it via Request.ServerVariables collection. Also you would need to be able to call an WinAPI function to verify the credentials so you'd have to do that from inside your ISAPI filter or from a second separate COM object.
Well that is great and all but now you need access to the server to install your nifty neato DLLs and I can almost guarantee they aint gonna work the first try so unless you've got a dev server to mess with this approach will actually mean spending more time on site.
In practice the way to do this would be to write an ISAPI filter because ASP strips the security credentials out of the header before you can get to it via Request.ServerVariables collection. Also you would need to be able to call an WinAPI function to verify the credentials so you'd have to do that from inside your ISAPI filter or from a second separate COM object.
Well that is great and all but now you need access to the server to install your nifty neato DLLs and I can almost guarantee they aint gonna work the first try so unless you've got a dev server to mess with this approach will actually mean spending more time on site.
- Status
Similar threads
