How To Use ASP to Retrieve Authentication Information About Web Users in IIS (299984)


The information in this article applies to:

  • Microsoft Internet Information Server 4.0
  • Microsoft Internet Information Services 5.0
  • Microsoft Internet Information Services version 6.0
This article was previously published under Q299984
We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 6.0 running on Microsoft Windows Server 2003. IIS 6.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/prodtech/IIS.mspx

IN THIS TASK

SUMMARY

This step-by-step guide explains the correct ASP syntax for retrieving user authentication information from a Web site visitor.

NoteThis information can only be captured if the site uses Basic Authentication, Windows NT Challenge Response (NTLM), or Windows Integrated Authentication.

back to the top

Requirements

  • A Windows server that runs Internet Information Services (IIS) 4.0 or later
  • A text or ASP editor such as Notepad or Microsoft Visual InterDev
back to the top

The Code

To capture the visitor's domain and login, paste the following code into your ASP page. If the page also contains HTML, paste this code above the HTML tag. 
<%
Dim strUser
strUser = Request.ServerVariables("LOGON_USER")
Response.Write strUser
%>
This code will capture the user's domain and login, and then display it in the browser.

back to the top

Making the Code More Useful

Now that you have a method for capturing the user's login information, you may want to store it somewhere. The steps in this section demonstrate how to create a text file and write the information to it. Note that this method is only one of many that use Request.ServerVariables.
  1. Right-click Start, and then click Explore to open Windows Explorer.
  2. In Windows Explorer, click File, point to New, and then click Folder.
  3. This will create a new folder with the name area highlighted. Type ASP, and then press ENTER to name the new folder "ASP."
  4. Paste the following code into your ASP page. If the page also contains HTML, paste this code above the HTML tag. 
    <%
Dim objFSO, strUser, objFile
strUser = Request.ServerVariables("LOGON_USER")
set objFSO = Server.CreateObject("scripting.FileSystemObject")
set objFile = objFSO.CreateTextFile("C:\asp\test.txt", true)
objFile.WriteLine strUser
objFile.Close
Response.Write strUser
%>
  5. This code will write the user's login information to a text file that is automatically created in the ASP folder (the folder you created in step 3).
back to the top
Modification Type:MinorLast Reviewed:6/22/2005
Keywords:kbHOWTOmaster KB299984 kbAudDeveloper
©2004 Microsoft Corporation. All rights reserved.