Saturday, August 21, 2010

How to set the HTTP header, HTTP_Authorization using ASP?

I am developing a website that allows users to upload and download files using ASP. However, I want to only allow the users to download the files which are uploaded by the corresponding users. So, now, I enable the Basic Authentication to protect the folders that contain the files. However, this needs users to type userid and password twice (one is inside the ASP and the other is the windows authentication dialog box). My ultimate goal is the ASP code can pass the userid and password to the dialog box. I know there should be something to be done with the HTTP_Authorization header. However, I found that I cannot use the response.addheader command to set this. What can I do with this? Many thanks.How to set the HTTP header, HTTP_Authorization using ASP?
You'd be better off using just forms authentication, rather than trying to mix and match. You are really going to confuse the heck out of your users with the convoluted scheme you are using.





Take the forms authentication you begin with, create a boolean session var called ';boolLoggedIn'; and set it to true. Boot out any user (via your global.asa) who does not have 'Session(';boolLoggedIn';) = true'

No comments:

Post a Comment