iis security: I'm using servervariables("logon_user") (and other
goodies from the servervariables list) to fetch the logon
name of the domain user. Based on that I have
personalised the asp pages on our intranet server.
Now I need to let anonymous users (specific ones that are
allowed onto our lan) also acces some pages. I need a way
that IIS detects anonymous and connects this to a domain
account.
The anonymous setting in the IIS security has to remain
OF, because else servervariables("logon_user") doesn't
work anymore.

Up to this point, if I login anonymously I get the popup
for authentication. If I enter the anonymous-domainname I
can enter is the "logon_user" info is displayed.

I wan't this popup gone....

It might be easier to add a bit of logic and use a session var to the
LOGON_USER var content. In case of anonymous you set thist to whatever you
want so your code works as expected. Then enable anonymous access for the
pages you want to be accessible.

Your requirements contradict the design of what the LOGON_USER var is for.
The prompt will always be there if you want the user to be authenticated
(i.e. no anonymous allowed).

There are methods to cheat but these will introduce considerable security
issues so I cannot list these here (nor would I recommend to continue
working into that direction).

I hope this still helps.

--
Mit freundlichen Grüßen / Kind Regards,

Andreas Klein
Microsoft Services

Die Inhalte der in dieser Newsgroup eingestellten Nachrichten stammen von
Dritten. Microsoft kann daher für die Richtigkeit und Vollständigkeit der
Inhalte keine Haftung übernehmen.
This posting is provided "AS IS" with no warranties, and confers no rights.