Wrox Programmer Forums

Need to download code?

View our list of code downloads.

| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read
Classic ASP Professional For advanced coder questions in ASP 3. NOT for ASP.NET 1.0, 1.1, or 2.0.
Welcome to the p2p.wrox.com Forums.

You are currently viewing the Classic ASP Professional section of the Wrox Programmer to Programmer discussions. This is a community of tens of thousands of software programmers and website developers including Wrox book authors and readers. As a guest, you can read any forum posting. By joining today you can post your own programming questions, respond to other developers’ questions, and eliminate the ads that are displayed to guests. Registration is fast, simple and absolutely free .
DRM-free e-books 300x50
Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old September 7th, 2004, 08:33 AM
Registered User
Join Date: Sep 2004
Location: Cirencester, Gloucestershire, United Kingdom.
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts
Default NTLM - Reauthenticate

Our Intranet uses NTLM to challenge/response users so that they login. We have migrated onto a new domain "SJP" but we still allow users to login under the "JRA1" domain. We want to redirect (the redirect part we can do) those logging in under the "JRA1" domain to a page that then re-prompts them for their credentials (username, password and domain) before passing them to the home page of our Intranet. We've tried this using the Response.Status = "401 Unauthorized" statement, but the user keeps getting asked for their credentials. Not sure if this is a ASP/VBScript issue, but does anyone know how we can ask user to re-authenticate?

Reply With Quote
  #2 (permalink)  
Old September 7th, 2004, 09:45 AM
Friend of Wrox
Join Date: Jun 2003
Location: , , United Kingdom.
Posts: 1,212
Thanks: 0
Thanked 1 Time in 1 Post

Are you putting any conditons to decide whether to send the 401 response? Or are you just sending it all the time?

Why do you need the users to re-authenticate? This is handled in the background by the browser automatically sending the credentials so the user shouldn't need to actually enter their name/pwd.

Or do you mean that you want the user who is logged in under JRA1 domain to be rejected and asked to login under "SJP" domain? If so you should be able to do this by parsing the Request.ServerVariables("LOGON_USER") something like this:

' check for no credentials
If Len(Trim(Request.ServerVariables ("LOGON_USER"))) = 0 Then
    bNeedLogon = True
    ' check for old domain
    sDomain = Split(Trim(Request.ServerVariables ("LOGON_USER")), "\")(0)
    bNeedLogon = (sDomain = "JRA1")
End If

If bNeedLogon Then
    Response.Status = "401 Unauthorized"
    Response.AddHeader "WWW-Authenticate", "NTLM"
End If

I'm confused though, you must be doing something like this already to decide on whether to redirect the user?

Reply With Quote

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
NTLM authentication sathish.hc ASP.NET 2.0 Professional 0 July 13th, 2006 12:22 AM
Using NTLM creds for remote web services jcrossett ASP.NET 2.0 Professional 0 December 5th, 2005 02:14 PM
Problem NTLM Authentication mmalik_altaf J2EE 1 November 18th, 2003 05:08 PM
NTLM without IIS sin_ Javascript How-To 0 September 19th, 2003 07:52 AM

All times are GMT -4. The time now is 09:24 AM.

Powered by vBulletin®
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.
© 2013 John Wiley & Sons, Inc.