Login trouble, ServerVariables REMOTE_USER and/or AUTH_USER

Dec 26, 2010 at 11:13 AM

The REMOTE_USER or AUTH_USER Server.Variables are not set after succesfully passing the login prompt.

For example awstats uses the Request.ServerVariables(REMOTE_USER) value to determine if the user is allowed to see statistics for requested website.
IISPassword creates it's own ServerVariable, eg: Request.ServerVariables(HTTP_IISPWD_USER), but also sets REMOTE_USER or AUTH_USER values to this value to be compatible with other scripts.

I think it with would be a valuable addition if the REMOTE_USER or AUTH_USER Server.Variables are added and filled after successfully passing username and password.

Dec 27, 2010 at 11:31 AM

BTW, i think this easily can be achieved, just alter SecureFolders.cs like this:


using System.Security.Principal;

                // validate user credentials
                if (config.Users.ContainsKey(username))
                    // check password
                    BsdDES des = new BsdDES();
                    string storedPassword = config.Users[username];
                    string cryptPassword = des.Crypt(password, storedPassword);
                    if (String.Compare(storedPassword, cryptPassword, true) == 0)
                        // user is valid
                        // perform authorization

                        // create the user principal and associate it with the request
                        // this populates REMOTE_USER/AUTH_USER server variables.
                        context.User = new GenericPrincipal(new GenericIdentity(username), null);

                        // check for any valid user
                            return; // success

                        // check for specific user
                        else if(config.RequiredUsers.Contains(username))
                            return; // user found - success