|
Subject:
|
user log on
|
|
Posted By:
|
nutrino
|
Post Date:
|
4/7/2006 7:08:31 AM
|
We a company intranet asp pages that require the user to login and then the user id and password was verified against a database. Different users could only access different parts of the company intranet.
Well the asp pages where dressed up to look sharper. This has resulted in a problem which may not be eloquently resolved.
The new asp pages are in separate folders that when they are linked to force a message box from the server requiring a user id and password. Different folders have different user accounts set up.
So you click on a link for an asp application and you first need to log on for access (same as when connecting to system folders during a re-boot).
Here is the problem some of the asp pages are applications that do database updates and recording who the user making the changes are critical. Not only for auditing, but for sending automatically generated emails with the user id making the changes to group members.
The question is how can the asp page know who is making the changes without requiring a user id and password to verify. In other words is it at all possible to query the users p.c. for the system user id?
I do not think so, but thought would post the question anyway.
Again, true the user must respond to a 'system message box' to gain access to a drive but once the asp page starts how can the asp application know who the user is without asking for a user id and password to verify??
|
|
Reply By:
|
nutrino
|
Reply Date:
|
4/7/2006 8:19:29 AM
|
I could use cookies to keep people for having to re-type their userid and password.
Assuming they use the same p.c. and the p.c. is relatively secure.
|
|
