Security Basics mailing list archives
RE: LOGON_USER through https tunnel
From: "Kenton Smith" <ksmith () chartwelltechnology com>
Date: Wed, 7 Jul 2004 15:06:07 -0600
Have you disabled anonymous access? HTTPS has no bearing on authentication; it's what users have access to the site that is the important thing. Go to IIS Manager, right click on the site and go to Directory Security. Click the Edit button in Authentication and access control, uncheck Enable Anonymous Access. If you've done that, then it could be the method of authentication you've chosen. That will depend on whether you're authenticating to a domain or not. There could be many more reasons, are you seeing anything in the IIS logs? Kenton -----Original Message----- From: Bénoni MARTIN [mailto:Benoni.MARTIN () libertis ga] Sent: Wednesday, July 07, 2004 10:15 AM To: security-basics () securityfocus com Subject: LOGON_USER through https tunnel Hi! I am trying to get the NT Login (through the ASP's server variable LOGON_USER) on an IIS 6.0. I can get it when connected locally to the server without any trouble, but when trying to connect to this server through the network, no way to get it! I disabled my https, and tried with just http...but no way neither... So, anyone knows how to get the NT Login using ASP/JScript under IIS 6.0? I am using Win 2003, and my users Win XP Pro. Thanks by advance, list ! --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- LOGON_USER through https tunnel Bénoni MARTIN (Jul 07)
- RE: LOGON_USER through https tunnel Kenton Smith (Jul 08)