Re: Request.ServerVariables("LOGON_USER")

From: David Wang [Msft] (someone_at_online.microsoft.com)
Date: 02/03/05 

Date: Thu, 3 Feb 2005 00:22:57 -0800

If the remote user does not authenticate to IIS, it is not possible for the
server (and hence ASP page) to figure out the remote user's logon name.
FYI: "allow IIS to control the anonymous account" has nothing to do with
getting the value of LOGON_USER at all.

Basically, what happens is that IIS is configured to either:
1. Allow anyone to automatically logon as the configured anonymous user
account (when Anonymous auth is enabled)
2. Force remote user to provide credentials via a specified authentication
protocol (Basic, Integrated, Digest, etc) to logon to the web server (who
then executes requests as the user)

Clearly, if the non-domain user does not have a local account on the web
server, their user credential will fail and if you have anonymous access
enabled, they will always use anonymous access. This means it is impossible
for an ASP page on the server to figure out the remote user's name -- and
that is by design. They are anonymous, after all. 

-- 
//David
IIS
http://blogs.msdn.com/David.Wang
This posting is provided "AS IS" with no warranties, and confers no rights.
//
"Selmac" <darren_sellner@hotmail.com> wrote in message
news:ctr6g2$f58$1@utornnr1pp.grouptelecom.net...
Hey everyone... This might seem like a stupid question, but I figured I'd
take a risk at being flamed.  I sort of work in a disconnected environment.
Does anyone know of a way to get the name of a connected remote user VIA
classic ASP when they aren't actually part of the domain?
I know you usually need to disable anonymous access or don't allow IIS to
control the anonymous account...but that only works for domain members.

Relevant Pages

  • Unknown Domain user - domain authentication appears limited
    ... IIS or Domain problem, it appears that it is actually a security ... When I tried this on the new server configuration I received the following ... due to the following error: Logon failure: the user has not been granted the ... requested logon type at this computer. ...
    (microsoft.public.windows.server.security)
  • Re: Anonymous works 1 Day ??
    ... - This server IS member of a domain. ... There is no group policy ... logon type permission... ... I cleared the "Allow IIS to control password" and it SEEMS ...
    (microsoft.public.inetserver.iis.security)
  • Re: Need to find out the IP of someone trying to hack a server
    ... If you know that it's IIS, then it most likely is OWA or some other Website ... If all the connections in the IIS logs show the IP address of the ISA server, ... I'm getting logon type 8, ... Having trouble finding a list of logon types referenced in event viewer. ...
    (microsoft.public.isa)
  • Single Sign On With ISA
    ... My web application sits on IIS located outside the domain. ... on IIS outside the domain) without having to go through the logon process ... That means the user's credential (username) must be send over to the ... Can Microsft ISA server solve the above mentioned scenario? ...
    (microsoft.public.isaserver)
  • Re: Web Single Sign On
    ... Can Microsoft ISA Server solve such issues? ... current Windows credentials to the server, ... My web application sits on IIS located outside the domain. ... common identity is the user's username used to logon to the domain/active ...
    (microsoft.public.dotnet.framework.aspnet.security)