HomeBuilding Your WebsiteWeb Programming and Application Development

Passing UserID & Password - Hardcoded in ASP

Anonymous posted this at 04:40 — 22nd June 1999.

They have: 5,633 posts

Joined: Jan 1970

PJ,

I didn't quite understand your situation... Do you want to create a unique directory for each user, only giving that user access to the directory? And do you want this directory to be created automatically by the Server.CreateObject after a form is filled out? Or are you trying to give many users access to one directory?

I apologize for not understanding but I really can't provide help without knowing what I am helping with Smiling

----------
Dynamic Internet Solutions : http://www.dids.com
UNIX and Windows NT Hosting

PJ posted this at 18:38 — 22nd June 1999.

They have: 76 posts

Joined: Apr 1999

Chad,

Sorry about the confusion, it's a hard situation to describe. Wink

Ok, lets try this again:

Let's say I have a directory on my server named http:/test/cache. It is only accessible by one user, userid = Admin, password = Admin. Admin has full read/write access to that directory. What I would like to do is, for lack of a better word, impersonate the Admin userid so that any user who enters that directory through my ASP would trick the server into thinking that they were using the Admin id.

This would let me take advantage of the Server.CreateObject object without worrying about giving everyone read/write access to that directory.

I kind've liked your idea about the server creating a folder that is only accessible by that user, but the problem with that is I still have to leave the master directory read/writeable to everyone.

I hope that's a bit clearer, you don't want me to start drawing pictures! Wink

PJ

PJ posted this at 03:40 — 23rd June 1999.

They have: 76 posts

Joined: Apr 1999

I was wondering if it would be possible to pass a UserID and password with an ASP file?

I want to create a directory that has read/write access for a single UserID and then have users access that directory using an ASP that passes the above UserID and password that has access for that directory. That way the directory would still be protected from general use.

This problem arises when I use the Server.CreateObject to create an .htm file on the server. Even though the server is creating the object it still depends on the users authority, so if they only have read access the ASP will fail on permission denied. The alternative of just having a directory that everyone has read/write access to is to much of a security risk.

Any suggestions would be appreciated.

Thanks,
PJ

Anonymous posted this at 17:08 — 23rd June 1999.

They have: 5,633 posts

Joined: Jan 1970

PJ,

I am sorry I haven't replied earlier but I have been letting this thing rack my brain! Smiling ... I don't think it would be possible using just ASP either but some day if I ever have some spare time, I might see if I can put something together... In the mean time, good luck!

----------
Dynamic Internet Solutions : http://www.dids.com
UNIX and Windows NT Hosting

PJ posted this at 23:38 — 23rd June 1999.

They have: 76 posts

Joined: Apr 1999

Guys,

The more I think about it, I don't think this is possible. Sad

Even if I used some of the features of Windows Scripting Host I don't think I could do it.

It looks like the the only way is going to be to develop a custom VB component that runs on the server which handles all the impersonation stuff (not sure how yet, but I'm pretty sure it's possible).

If you still think its possible let me know, but don't wrack your brain over this since me thinks its impossible with just ASP.

Later,
PJ

PJ posted this at 23:41 — 29th June 1999.

They have: 76 posts

Joined: Apr 1999

FYI,

I just finished this problem and it was possible. You have to make a VB component that runs on the server which calls the LOGONUSER property that takes a userid, password, and domain, that you pass from your ASP like so:

Set objLogon = Server.CreateObject("logon.class20") 'Name of dll
objLogon.Logon "userid", "password", "domain"

Do your work here and then:

objLogon.Logoff
Set objLogon = Nothing

The VB component itself was a bit harder, it involved a couple lines in a module to declare API functions and about a page of code in the class module to handle impersonation and reverting back to the original user.

Just thought I'd let you guys know it is possible. Smiling)

Later,
PJ

Anonymous posted this at 17:56 — 1st July 1999.

They have: 5,633 posts

Joined: Jan 1970

PJ,

Glad you got it working. I didn't think it was possible just using ASP. Sounds like it was fun coding though Smiling

----------
Dynamic Internet Solutions : http://www.dids.com
UNIX and Windows NT Hosting

Want to join the discussion? Create an account or log in if you already have one. Joining is fast, free and painless! We’ll even whisk you back here when you’ve finished.