realmtech.net

NTLM Authentication

nemesis @ Thursday 4th December, 2003

Here's some code you can use to do NTLM Authentication in ASP.

The basic idea is IE will tell IIS which user is currently logged on (in the form DOMAIN\User). However, this can be spoofed.

Ah! But IIS will also tell you which Auth type was used (Basic/NTLM/etc). So as long as we check that NTLM was used, we're all good.

  Dim User
  User = Request.ServerVariables("AUTH_USER")

  If User != "DOMAIN\ThisUser" Then
    Response.Write "Not Authorised"
 Response.End
  ElseIf Request.ServerVariables("AUTH_TYPE") <> "NTLM"
Then
    Response.Write "Not Authorised"
 Response.End
  End If

« Previous Thread
Next Thread »

0 Responses

Leave a comment

Sign in to leave a comment!

Don't have a login yet? Get one now!