Thu, 01 Jul 1999 17:56:00 +0000

PJ,

Glad you got it working. I didn't think it was possible just using ASP. Sounds like it was fun coding though

----------
Dynamic Internet Solutions : http://www.dids.com
UNIX and Windows NT Hosting

PJ — Tue, 29 Jun 1999 23:41:00 +0000

FYI,

I just finished this problem and it was possible. You have to make a VB component that runs on the server which calls the LOGONUSER property that takes a userid, password, and domain, that you pass from your ASP like so:

Set objLogon = Server.CreateObject("logon.class20") 'Name of dll
objLogon.Logon "userid", "password", "domain"

Do your work here and then:

objLogon.Logoff
Set objLogon = Nothing

The VB component itself was a bit harder, it involved a couple lines in a module to declare API functions and about a page of code in the class module to handle impersonation and reverting back to the original user.

Just thought I'd let you guys know it is possible. )

Later,
PJ

PJ — Wed, 23 Jun 1999 23:38:00 +0000

Guys,

The more I think about it, I don't think this is possible.

Even if I used some of the features of Windows Scripting Host I don't think I could do it.

It looks like the the only way is going to be to develop a custom VB component that runs on the server which handles all the impersonation stuff (not sure how yet, but I'm pretty sure it's possible).

If you still think its possible let me know, but don't wrack your brain over this since me thinks its impossible with just ASP.

Later,
PJ

Wed, 23 Jun 1999 17:08:00 +0000

PJ,

I am sorry I haven't replied earlier but I have been letting this thing rack my brain! ... I don't think it would be possible using just ASP either but some day if I ever have some spare time, I might see if I can put something together... In the mean time, good luck!

----------
Dynamic Internet Solutions : http://www.dids.com
UNIX and Windows NT Hosting

PJ — Wed, 23 Jun 1999 03:40:00 +0000

I was wondering if it would be possible to pass a UserID and password with an ASP file?

I want to create a directory that has read/write access for a single UserID and then have users access that directory using an ASP that passes the above UserID and password that has access for that directory. That way the directory would still be protected from general use.

This problem arises when I use the Server.CreateObject to create an .htm file on the server. Even though the server is creating the object it still depends on the users authority, so if they only have read access the ASP will fail on permission denied. The alternative of just having a directory that everyone has read/write access to is to much of a security risk.

Any suggestions would be appreciated.

Thanks,
PJ

PJ — Tue, 22 Jun 1999 18:38:00 +0000

Chad,

Sorry about the confusion, it's a hard situation to describe.

Ok, lets try this again:

Let's say I have a directory on my server named http:/test/cache. It is only accessible by one user, userid = Admin, password = Admin. Admin has full read/write access to that directory. What I would like to do is, for lack of a better word, impersonate the Admin userid so that any user who enters that directory through my ASP would trick the server into thinking that they were using the Admin id.

This would let me take advantage of the Server.CreateObject object without worrying about giving everyone read/write access to that directory.

I kind've liked your idea about the server creating a folder that is only accessible by that user, but the problem with that is I still have to leave the master directory read/writeable to everyone.

I hope that's a bit clearer, you don't want me to start drawing pictures!