Wrox Programmer Forums
|
ASP Pro Code Clinic As of Oct 5, 2005, this forum is now locked. No posts have been deleted. Please use "Classic ASP Professional" at: http://p2p.wrox.com/forum.asp?FORUM_ID=56 for discussions similar to the old ASP Pro Code Clinic or one of the other many remaining ASP and ASP.NET forums here.
Welcome to the p2p.wrox.com Forums.

You are currently viewing the ASP Pro Code Clinic section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
 
Old September 23rd, 2003, 12:13 PM
Registered User
 
Join Date: Sep 2003
Posts: 5
Thanks: 0
Thanked 0 Times in 0 Posts
Default write to remote server fails

I have an asp page that writes to a remote server. The page is set up for anonymous access with a valid domain user as the account to use for anonymous access. This works until a page with non-anonymous access (so I can get the user name for a query) is visited first. Then I get a permission denied error. Has anybody experienced this before? If so, please provide a resolution for this.

Thanks
Bob

Thanks,
Bob
 
Old September 23rd, 2003, 12:48 PM
Friend of Wrox
 
Join Date: Jun 2003
Posts: 119
Thanks: 0
Thanked 1 Time in 1 Post
Default

Have you set your connection up as an ADO connection? If so, you can setup your username and password within an INCLUDE file and then setup your parameters with the #INCLUDE in your ASP page.

Just a suggestion, if I understand your question correctly.

Thanks.

 
Old September 23rd, 2003, 02:05 PM
Registered User
 
Join Date: Sep 2003
Posts: 5
Thanks: 0
Thanked 0 Times in 0 Posts
Default

I am trying to get the user id so that I can query the database and get that users information. I user this call on a page that does not have anonymous access in a corporate domain intranet server:
customer = ucase(Request.ServerVariables("LOGON_USER")).

if the customer then goes to another page that is supposed to write a text file to a remote server, the call fails with "permission denied".

This only happens when customer goes to a page that has anonymous access turned off.

The page that writes the file has anonymous access turned on with a corporate domain account user that it runs under.

Thanks,
Bob
 
Old September 23rd, 2003, 02:15 PM
Imar's Avatar
Wrox Author
 
Join Date: Jun 2003
Posts: 17,089
Thanks: 80
Thanked 1,576 Times in 1,552 Posts
Default

I find it hard to believe myself, but I read a couple of times that this can't be done. The Request.ServerVariables("AUTH_USER") is filled with the User's name, and it will be for as long as the browser is open. It's read-only so you can't clear it.

Opening a new browser window will not work either, as it shares the same authentication session.

The only thing that *might* work is to host your secure pages on a different domain or server (like secure.myDomain.com) or to use https for the secure section.

This may (but very well may not) force the browser to see the two types of requests as different, and use different authentication mechanisms.

It's an intriguing problem, and I'll keep an out for a solution.

Cheers,

Imar


---------------------------------------
Imar Spaanjaars
Everyone is unique, except for me.
 
Old September 23rd, 2003, 03:24 PM
Registered User
 
Join Date: Sep 2003
Posts: 5
Thanks: 0
Thanked 0 Times in 0 Posts
Default

To clear up the problem.

test1.asp contains this code:

<%
userid = ucase(Request.ServerVariables("LOGON_USER"))
Response.Write("<a href=test2.asp?uid=" & userid & ">Click here to create file</a>")
%>

test2.asp contains this code:
<%
myserverpath = "<your remote server and share go here>"
Filename = myserverpath & Request("uid") & ".txt"
Set OS = CreateObject("Scripting.FileSystemObject")
Set a = OS.CreateTextFile(FileName, True)
a.Writeline(now)
a.close
set a = nothing
Response.Write("It Worked!")
%>

if anonymous access is turned off for test1 then I don't get a userid, but the remote file is created. When I turn off anonymous access for test1, I get the userid, but I get permission denied for the file creation. The remote share is shared 'full control' to everyone. Test to still has anonymous access turned ON and should use the account that is set up for anonymous access.


Thanks,
Bob
 
Old September 24th, 2003, 12:25 AM
Imar's Avatar
Wrox Author
 
Join Date: Jun 2003
Posts: 17,089
Thanks: 80
Thanked 1,576 Times in 1,552 Posts
Default

No, I don't think so.

Here is what happens:

1. You request test1.asp. There is no need to authenticate, so the process runs under the account you set for anonymous access. The file is created just fine.

2. You request test2.asp. This requires authentication, so the process runs under *your* account.

3. The browser remembers who you are and keeps sending that info with each subsequent request. So, when you try to access test1.asp again, it's again *your* account that the process runs under.

That's what I was trying to say with my previous post. The user name is stored in LOGIN_USER and / or AUTH_USER which are both read-only. This means you can't reset them to force your user to log out. Subsequent calls to anonymous pages are made under the context of the logged on user.

Cheers,

Imar


---------------------------------------
Imar Spaanjaars
Everyone is unique, except for me.
 
Old September 24th, 2003, 08:56 AM
Friend of Wrox
 
Join Date: Jun 2003
Posts: 111
Thanks: 0
Thanked 0 Times in 0 Posts
Default

What Imar says is correct.

Furthermore, if you are using Integrated Windows Authentication as your auth mechanism, then the token that the webserver receives from the Domain Controller does *not* have permission to logon to remote resources. This is probably why you are getting the access denied errors (since NT Authority\Anonymous will be used instead). If you are using Windows 2000 (and Kerberos) you can enable delegation to get around this problem. A Windows 2003 domain however is better since you can use constrained delegation, which is more secure (in that you can limit what services can be accessed).

Otherwise, you can use basic authentication (though I would also recommend using SSL with this). When using Basic Auth, the webserver gets both the username *and* the user's password, and can use this to logon to the remote server on the user's behalf.

Cheers
Ken

www.adOpenStatic.com
 
Old September 9th, 2004, 03:33 AM
Authorized User
 
Join Date: Aug 2004
Posts: 29
Thanks: 0
Thanked 0 Times in 0 Posts
Default

hey, maybe it is one yr late.
however, for other users to get off this problem, my approach is here:
try this: make the folder u keep ur record "writable" for everyone.
and That's all!!! no need to change others!

hope helps






Similar Threads
Thread Thread Starter Forum Replies Last Post
Job Fails - trying to insert into remote machine happygv SQL Server 2000 0 March 8th, 2007 10:03 AM
Login Control fails on server PeterX ASP.NET 2.0 Basics 0 July 25th, 2006 10:53 AM
server fails to start z_idane Apache Tomcat 0 December 18th, 2005 12:51 PM
connecting web server and remote db server via asp moreyt Classic ASP Databases 0 May 31st, 2005 12:13 AM
printing to server fails, and I dont know why weekly_s Crystal Reports 0 September 29th, 2003 03:53 PM





Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright (c) 2020 John Wiley & Sons, Inc.