Results 1 to 4 of 4
  1. #1
    Join Date
    Jul 2003

    Unanswered: Bypassing NT Authentication

    I've two websites both are NT authenticated(i.e. User will be prompted to enter user name and password when he tries to access the site). I also have a link to the second site in the first site. The problem now is even after logging into the first site, user will be prompted to login again on clicking the link to the second site. I want the user to bypass this second login if he has already logged in.

    Any help?

    Thanks in advance.

  2. #2
    Join Date
    Jan 2003
    you can't...since they are 2 separate sites they will be required to log into them individually. You can't pass NT Authentication logins from one site to another.

  3. #3
    Join Date
    Feb 2002
    North Wales, UK
    Develop your own security system rather than using NT authentication. There are various ways to allow access to both sites from one login.
    J^ - web | email
    newsASP Developer

  4. #4
    Join Date
    Jul 2003
    when you enter a site that has anonymous browsing turned off, aka you enter your windows nt credentials blah blah blah, you get authenticated and it starts a header that says this user is now authenticated. And any page underneath that page or in the same folder, is then passed the header saying that you are NT authenticated.

    Header stucture is a form of inheritence, if i have my first login NT page at the root level, every page linked to it from that specific site will get the header saying ok, this user is authenticated. Meaning whether you specify the site to run as another name or not, it runs as the NT name if anonymous browsing is turned off (otherwise if annonymous browsing is on, it reverts to the defaults, mind you these are the actual defaults, not the ones you specify which is a whole nother nightmare) Lets say you have page.asp in a folder called NTYES which has all the NT login pages there. And page2.asp remains in the root directory. Since this page is behind the inhertience rule of the http header, it will able to user the default account (user specified) for the webpage AND active x controls as opposed to the NT login name passed from the NTYES page.. Since your pages are split up onto 2 different sites they are not in the same folder together so it is impossible to get the right header saying yes, this user is authenticated. As far as i know, you can't fake a header from a script, if this were C, we'd be talking, but security is tighter on the ASP pages.

    Architect your sites better, or develope your own authentication means as JohnathanB stated.
    Last edited by unatratnag; 08-19-03 at 23:04.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts