Re: Authentification - Server Variables ( omg! )

Hi Adrian,

I think Rob's analysis here is reasonable. As for IE, it will always send
an anonymous request to the remote web site first, then depend on whether
the webserver enable anonymous access or not, the following occurs:

**If allow anonymous, the first request can pass and be processed
successfully, there is no authentication info in the request/response

**If not allow anonymous, first request is rejected by 401 error, and the
IE will try sending a credential to server, here depend on whether the
credential is authenticatable on server, it will result the below behavior:

<< If the credential can be authenticatable( duplicated local account on
both client and server or a domain user account in shared domain or trusted
domain), the second request get processed.

<<If the credential not authenticatable, request fail.....

and as for those Server Variable (related to authentication info ), it will
contains the client user's value only if the request has passed the
authentication. Therefore, in your case, since the client machine can not
provide a valid account that is authenticatable on server, we really have
no luck here.

BTW, is the reason you don't want user to input username/password
credentials here specific to security consideration? If so, do you think it
is possible to use https/ssl security channel for authentication here?
This is the most common approach for passing clear/text credential over
internet. And on the server-side, the application and authenticate the
credentials against AD through ActiveDirectory membership provider... If
you think this doable for your scenario, we can provide some detailed
reference on this.

Please feel free to let me know if you have any other ideas or concerns
here.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead



==================================================

Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.



Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.

==================================================



This posting is provided "AS IS" with no warranties, and confers no rights.

.

Loading