Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: LOGON_USER through https tunnel

From: "Kenton Smith" <ksmith () chartwelltechnology com>
Date: Wed, 7 Jul 2004 15:06:07 -0600
Have you disabled anonymous access? HTTPS has no bearing on authentication;
it's what users have access to the site that is the important thing.
Go to IIS Manager, right click on the site and go to Directory Security.
Click the Edit button in Authentication and access control, uncheck Enable
Anonymous Access. If you've done that, then it could be the method of
authentication you've chosen. That will depend on whether you're
authenticating to a domain or not. There could be many more reasons, are you
seeing anything in the IIS logs?

Kenton

-----Original Message-----
From: Bénoni MARTIN [mailto:Benoni.MARTIN () libertis ga] 
Sent: Wednesday, July 07, 2004 10:15 AM
To: security-basics () securityfocus com
Subject: LOGON_USER through https tunnel

Hi!
 
I am trying to get the NT Login (through the ASP's server variable
LOGON_USER) on an IIS 6.0.
 
I can get it when connected locally to the server without any trouble, but
when trying to connect to this server through the network, no way to get it!
I disabled my https, and tried with just http...but no way neither...
 
So, anyone knows how to get the NT Login using ASP/JScript under IIS 6.0? I
am using Win 2003, and my users Win XP Pro.
 
Thanks by advance, list !


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the
skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------



---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: