Using Integrated Security

Web Server Talk > Web Servers reviews > IIS server support > IIS Server Security > Using Integrated Security

Last Thread Next Thread Next

Using Integrated Security

abel.khumalo@hotmail.com

06-21-06 12:37 PM

Good day,

I have a Login.asp page to authenticate the users to my Web
application. Is it possible for someone to hack into the Login.asp page
by changing the value of the REMOTE_USER variable in the header and
then gaining access to the page? How would that be done (hacking?)
Also, what happens to the following piece of code if:

> I login to my machine as MyDomain\User1, somehow manage to hack the Login.asp page
 to accept the user as MyDomain\User2:

Set objSecurity =
GetSecurityCallContext("OriginalCaller")
If objSecurity("AuthenticationService") = 10 Then
sExternalUserName = objSecurity("AccountName")
End If

What will the value of the REMOTE_USER variable be after executing the
code above? Will it be MyDomain\User1 or MyDomain\User2?

Regards,

[ Post a follow-up to this message ]

Most Popular forums

Apache Server	MySQL for Windows	Sendmail
Red Hat Networking	SuSe Linux	Debian Linux
FreeBSD administration	Sun Solaris administration	Unix Shell programming
WebSphere Portal Server	Exchange 2000 administration	PostgreSQL administration
Linux Security	Computer Security	Firewalls

Forum Jump:

Forum Rules:

You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

HTML code is OFF
vB code is ON
Smilies are ON
[IMG] code is OFF

Medical and Health forum | Computer Games Reviews | Graphics design forum

Automated OffSite Backup	Shopping Cart Software
tattoos	RAM Memory Upgrades
Moving Companies

Syndicate this forum via XML or simple JavaScript feed

Home | Usercp | Faq | Register