Wrox Programmer Forums
|
Classic ASP Professional For advanced coder questions in ASP 3. NOT for ASP.NET 1.0, 1.1, or 2.0.
Welcome to the p2p.wrox.com Forums.

You are currently viewing the Classic ASP Professional section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
 
Old September 7th, 2004, 08:33 AM
Registered User
 
Join Date: Sep 2004
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts
Default NTLM - Reauthenticate

Our Intranet uses NTLM to challenge/response users so that they login. We have migrated onto a new domain "SJP" but we still allow users to login under the "JRA1" domain. We want to redirect (the redirect part we can do) those logging in under the "JRA1" domain to a page that then re-prompts them for their credentials (username, password and domain) before passing them to the home page of our Intranet. We've tried this using the Response.Status = "401 Unauthorized" statement, but the user keeps getting asked for their credentials. Not sure if this is a ASP/VBScript issue, but does anyone know how we can ask user to re-authenticate?

 
Old September 7th, 2004, 09:45 AM
Friend of Wrox
 
Join Date: Jun 2003
Posts: 1,212
Thanks: 0
Thanked 1 Time in 1 Post
Default

Are you putting any conditons to decide whether to send the 401 response? Or are you just sending it all the time?

Why do you need the users to re-authenticate? This is handled in the background by the browser automatically sending the credentials so the user shouldn't need to actually enter their name/pwd.

Or do you mean that you want the user who is logged in under JRA1 domain to be rejected and asked to login under "SJP" domain? If so you should be able to do this by parsing the Request.ServerVariables("LOGON_USER") something like this:

' check for no credentials
If Len(Trim(Request.ServerVariables ("LOGON_USER"))) = 0 Then
    bNeedLogon = True
Else
    ' check for old domain
    sDomain = Split(Trim(Request.ServerVariables ("LOGON_USER")), "\")(0)
    bNeedLogon = (sDomain = "JRA1")
End If

If bNeedLogon Then
    Response.Status = "401 Unauthorized"
    Response.AddHeader "WWW-Authenticate", "NTLM"
    Response.End
End If

I'm confused though, you must be doing something like this already to decide on whether to redirect the user?

hth
Phil





Similar Threads
Thread Thread Starter Forum Replies Last Post
NTLM authentication sathish.hc ASP.NET 2.0 Professional 0 July 13th, 2006 12:22 AM
Using NTLM creds for remote web services jcrossett ASP.NET 2.0 Professional 0 December 5th, 2005 02:14 PM
Problem NTLM Authentication mmalik_altaf J2EE 1 November 18th, 2003 05:08 PM
NTLM without IIS sin_ Javascript How-To 0 September 19th, 2003 07:52 AM





Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright (c) 2020 John Wiley & Sons, Inc.