What dictates whether the LOGON_USER Server Variable is sent?

Hi

I'm using IIS 5.1 and I am trying to gain an understanding of what
dictates whether a client sends logon credentials, in order for the
Server Variable LOGON_USER to be accessible (i.e. contain useful info)?



The current setup I'm working with is as follows ...

There are ASP pages stored in DirRoot/ASPdir.

There's an ASP.NET project located in DirRoot/ASPNETdir.

The ASP pages and the ASP.NET pages refer to each other and both make
use of the Server Variable LOGON_USER.



ASPTest is a virtual directory mapping to the ASP directory -
DirRoot/ASPdir.

ASPNETTest is a virtual directory mapping to the ASP.Net directory -
DirRoot/ASPNETdir.

The application start page is located in the ASP.Net directory.


My assumption was that in order for this setup to work and the
LOGON_USER server variable to be accessible by both the ASP and the
ASP.NET pages, BOTH of these virtual directories would have to use
Windows Integrated Authentication. Whilst playing I've noticed that if
the ASPTest virtual directory is set to use Anonymous Authentication
the setup works, however not consistently.

This behaviour is the same for both FireFox and IE.

As this behaviour is inconsistent I would like to get a full
understanding of what is happening. So what factors affect whether
LOGON_USER is accessible?

Many thanks in advance!

Cheers

Nick

Re: What dictates whether the LOGON_USER Server Variable is sent?

wrote in message
news:1147875139.118038.170750@j55g2000cwa.googlegroups.com.. .
> Hi
>
> I'm using IIS 5.1 and I am trying to gain an understanding of what
> dictates whether a client sends logon credentials, in order for the
> Server Variable LOGON_USER to be accessible (i.e. contain useful info)?

To answer your question. This depends on whether or not anonymous
authentication is on or of.
If it is off, LOGON_USER equals the user that logged on, if succeeded.

>
> The current setup I'm working with is as follows ...
>
> There are ASP pages stored in DirRoot/ASPdir.
>
> There's an ASP.NET project located in DirRoot/ASPNETdir.
>
> The ASP pages and the ASP.NET pages refer to each other and both make
> use of the Server Variable LOGON_USER.
>
>
>
> ASPTest is a virtual directory mapping to the ASP directory -
> DirRoot/ASPdir.
>
> ASPNETTest is a virtual directory mapping to the ASP.Net directory -
> DirRoot/ASPNETdir.
>
> The application start page is located in the ASP.Net directory.
>
>
> My assumption was that in order for this setup to work and the
> LOGON_USER server variable to be accessible by both the ASP and the
> ASP.NET pages, BOTH of these virtual directories would have to use
> Windows Integrated Authentication. Whilst playing I've noticed that if
> the ASPTest virtual directory is set to use Anonymous Authentication
> the setup works, however not consistently.
>
> This behaviour is the same for both FireFox and IE.
>
> As this behaviour is inconsistent I would like to get a full
> understanding of what is happening. So what factors affect whether
> LOGON_USER is accessible?
>
> Many thanks in advance!
>
> Cheers
>
> Nick
>

Re: What dictates whether the LOGON_USER Server Variable is sent?

Thank you for your reply. What I'm wondering though is why LOGON_USER
sometimes contains information when anonymous authentication is on.

Cheers

Nick

Re: What dictates whether the LOGON_USER Server Variable is sent?

Logon_User is populated by the server based on the what the client sends to
the server. The client does not send Logon_User to the server per se.

If you visit a page that requires authentication, then for subsequent
requests to that server your browser will continue to send the same
credentials. If a file accepts both "anonymous" requests and "authenticated"
requests (e.g. Basic, IWA), and your browser sends credentials, then
Logon_User will be populated by IIS.

Cheers
Ken

"Nick" wrote in message
news:1147885653.451205.16100@i39g2000cwa.googlegroups.com...
> Thank you for your reply. What I'm wondering though is why LOGON_USER
> sometimes contains information when anonymous authentication is on.
>
> Cheers
>
> Nick
>

Re: What dictates whether the LOGON_USER Server Variable is sent?

Thank you both for helping out :-)

Cheers

Nick