.
IIS/ASP HEEEEEEEEEEELP! - Grin with cat attached
Previous Entry Next Entry
IIS/ASP HEEEEEEEEEEELP! Sep. 7th, 2004 03:00 pm
We have an ASP server script, hidden behind an HTTP AUTH login, on an NT/IIS box which contains the following line:

logonuser = (Request.ServerVariables("logon_user"))

It's suddenly started returning the wrong usernames. As we use the usernames it gives to provide moderately sensitive information, we'd really quite like to know why, and how to stop it.

I shall go a-googling shortly, but if anyone's got any *helpful* comments (ie, not "stop using IIS/ASP"), I'd love to hear them.

Not quite sure when the IIS servers became my problem, but there you go.

From: djm4
Date: September 7th, 2004 - 02:15 pm (Link)
logon_user will be the user name of an NT user account. This may be what you want, but auth_user will give you the user for standard HTTP authentication instead.