Using cookie's username

[NatuScape]

Hi all!

I'm trying to find a way to extract the username from a cookie when it is generated. What I mean is the "whatever" in whatever@mysite.com that is stored as the cookie name. I want to use this in an intranet application to recognize the users automatically without having them create a username and password for my site. Can this be done?

Thanks!

Natalia

[Ribeyed]

hi,
yes it can be done.

Response.Cookies("YourSiteName")("CookieID") = valueforyourID
Response.Cookies("YourSiteName").Expires = #31/12/2010 00:00:00#
Response.Cookies("YourSiteName")("UserName") = username

this will place a cookie on the users machine, gives the cookie an ID number, sets the cookie to expire in the future so that you get a physical cookie and not a memory resilient one and then sets the variable Username.

to retrieve use this:

username = request.Cookies("YourSiteName")("UserName")

hope this helps

[NatuScape]

Hi there!

Thanks for the suggestion. It kind of doesn't work... I tried it but I think the line

Response.Cookies("HSEuser")("UserName") = username

which is where I should store the cookie's username information does not work. Could my server/network configuration be preventing this information from being stored?

Thanks a bunch for the input!!!

Natalia

[Ribeyed]

hi,
did you go to your cookie folder and look for the cookie?

Try open the cookie if you did find it see if the variable username is there and it is equal to the username you specified in this line.
Response.Cookies("HSEuser")("UserName") = "David"
or
Response.Cookies("HSEuser")("UserName") = "NatuScape"
or
Username = "NatuScape"

Response.Cookies("HSEuser")("UserName") = "&username&"

if there is no cookie then check your settings make sure you have cookies enabled.

Also try write information to cookies before any HTML has been writen to screen.
You should have this code in your global.asa Sub On Sessions_Start, then you can use session variables to pass the username around the site

[NatuScape]

Hi and thanks again!

The catch here is that I don't want to tell the cookie what username to use, but rather catch that from the environment, given that the user has already logged on to the NT network. Is there any way I can recover that info from the cookie's filename? I tried stuff like Request.ServerVariables("LOGON_USER") and Request.ServerVariables("AUTH_USER"), but those don't work either.

Any more suggestions?

Natalia

[Ribeyed]

hi,
i think i get what you're trying to do here, but just let me check. You are building an Intranet that you want to be secure. You want to allow access to the network users but you don't want them to have to login every time or having to create a username and password to even start with. You want access to be granted based on username but you don't want to write the username to a cookie.

This this correct?

[NatuScape]

Hi again!

Got caught up in work... YES!! What you said, exactly those words, that's what I want to do!!!

Oh, please still be online!

Natalia

[Ribeyed]

hi,
where are the usernames stored or retrieved from to start with?

[NatuScape]

Hi!

The users log on to the NT network, and I'm guessing the username gets stored somewhere on the computer because the browser uses that information to compose the filename for the cookie (user@websitevisited.com).

Any ideas?

Thanks!!

Natalia

[Ribeyed]

hi,
ok you can use this code to loop through the ServerVariables:

<table width="100%" border="0" cellspacing="0" cellpadding="4">
<tr>
<td>Key</td>
<td>Value</td>
</tr>
<%
for each key in request.ServerVariables
response.write "<TR><TD>" & Key
response.write"<TD>" & Request.ServerVariables(key)
next

%>

</table>

First run this code to make sure the AUTH_USER value is there:

username = Request.ServerVariables("AUTH_USER")

you can then write this to a session variable which can't be viewed by anyone else using this:

session("username") = Request.ServerVariables("AUTH_USER")

then on every page you have the following code:

<%
username = session("username")
athenticusername = Request.ServerVariables("AUTH_USER")
if username = athenticusername then

%>
//////////display the page here///////////////

<%
else
%>

//////////////Sorry you don't have access to this page///////

<%
end if
%>

Hope this helps.

[NatuScape]

Hi!

Thanks!! Those were excellent suggestions!! I also had to de-activate the "anonymous access" in my IIS settings for it to work, and it does!!!

Natalia

[bazamai]

hi,
ok you can use this code to loop through the ServerVariables:

<table width="100%" border="0" cellspacing="0" cellpadding="4">
<tr>
<td>Key</td>
<td>Value</td>
</tr>
<%
for each key in request.ServerVariables
response.write "<TR><TD>" & Key
response.write"<TD>" & Request.ServerVariables(key)
next

%>

</table>

First run this code to make sure the AUTH_USER value is there:

username = Request.ServerVariables("AUTH_USER")

you can then write this to a session variable which can't be viewed by anyone else using this:

session("username") = Request.ServerVariables("AUTH_USER")

then on every page you have the following code:

<%
username = session("username")
athenticusername = Request.ServerVariables("AUTH_USER")
if username = athenticusername then

%>
//////////display the page here///////////////

<%
else
%>

//////////////Sorry you don't have access to this page///////

<%
end if
%>

Hope this helps.

Hi there

I know that this is more than two years

I am a student and I am trying to do the same
but the only different is that the user names are stored in a table in MySQL on the server side

Is it possible to validate every user before allowing access to the intranet

Could yoy please reply to
bazamai@gmail.com

Thanks

[buntine]

When the user logs into the system, you should store a Session variable containing their username or user ID.

When the user enters a page, you can check if they have a valid Session variable.

Code:

Dim strUserName: strUserName = Session("Username")
If strUserName = "" Then
   Response.Redirect("yourLoginPage.asp")
End If

Regards.