[thelist] Re: ASP LOGON_USER Variable
MRC
webmaster at equilon-mrc.com
Wed Dec 5 13:19:31 CST 2001
Josh,
> Anonymous access is checked. I don't want users to have to log on to the
> website. My understanding is that by unchecking anonymouse access users
> will be forced to authenticate. Is this accurate?
One of our network-admin gurus can give you a more thorough answer, but
the short of it is that checking the NT Authentication option does *nothing*
unless you uncheck the Anonymous Access option -- the idea is access by the
lowest-common-denominator, and anonymous access is the lowest common
denominator. If Anonymous Access is checked, users are connected under the
IUSR account, so you can't determine who they are.
In my experience, having only NT Authentication checked *may* require an
initial login, depending on how you have the security set up. I believe that
if the user is connecting from within the same domain and has been granted
access to the resource, the authentication is transparent; otherwise if the
user is connecting from another domain, the user will be prompted initially
for username, password, and domain (iirc), but just once (I'm not sure when
the need to log in is reestablished; in my experience it appears to be when
the user logs off the NT account, and not when an IIS session expires, since
I don't typically use sessions). I probably don't have these details exactly
right, but it's worked like this for me.
Again, I'm sure one of our network-admin gurus can sand off the rough
edges of my comments and can provide a more-detailed explanation...
James Aylard
More information about the thelist
mailing list