-----Original Message-----

From: jamaal dean [mailto:jamaal_dean@y...]

Sent: 09 August 2000 22:36

To: support@w...

Subject: ASP feedback





Feedback for book : Beginning ASP Databases



Beginning ASP databases has been an absolute goldmine

of ideas. 



One improvement would be if it could explain how to identify a user that 

has gone through a NT challenge Reponse, as this would be a brilliant way 

to identify a database user.



Let me explain further I know the book explains on how use and manipulate 

cookies to identify users but this is not useful for corporate/intranet 

sites which already have all the ID/passwords already held in a NT domain.



I and many people I would spoke to would love to leverage the NT domain by 

setting the appropriate ACL on a web page thus the user to provide a NT ID 

and password.



The problem we have found is that after the user has replied with a valid 

account there is no apparent way of saying who they are and what ID they 

entered. IF this could be done our database's will no longer need 

additional logon's with all the problems of ID and password synchronisation 

as the NT domain already has the info.



Is this a practical ID?