Rather than changing access permissions on the server, I added the following lines at the bottom of config.asp in the else part of if strAuthType = "db" then
'## Force NT Authentication if Request.ServerVariables("LOGON_USER") = "" Then Response.Status = "401 Access Denied" Response.End end if
This did the trick. My question is - is there any reason I should not do it this way?
This forces the browser/server to authenticate when accessing forums on my web site without makeing the whole site insist on authentication.
I.e. it allows authentication to be controlled by the ASP code, rather than on a site or directory level.
Q. can you set non-anonymous access on a sub-directory of an application root only so the application does not require authentication but everything under the (snitz) directory requires authentication. If you can then the above code does not offer any benefits.
Except, it saves the person setting up snitz having to set the authentication cos snitz control it based upon the flag in the config table.
Topic Locked
Posted - 30 January 2001 : 12:40:26
z - 
