I'm supporting a site that still uses mixed ASP.Net and classic ASP. The user receives a 'You are not authorized' error page while accessing certain classic ASP page. I've checked her active directory account and she could had access other pages in the said site. I wonder if it could be arttributed to classic ASP or to IIS.
views:
423answers:
3
+2
A:
ASP is a very simple framework. I cannot imagine it having its own security framework (i assume that means user authentication etc.) unless it was programmed into the application itself.
Alexandros Marinos
2008-10-03 10:41:37
+2
A:
ASP is entirely dependant on the underlying IIS and the OS for security. It has none of its own. In ASP you access Request.ServerVariables("AUTH_USER") etc when the connection authenticated but this is done by IIS.
AnthonyWJones
2008-10-03 13:36:57
+1
A:
You can force ASP to use the ASP.NET authentication by making a few changes in IIS so ASP files are using the aspnet_isapi.dll just like the asp.net pages.
Scott Guthrie published an article about this Tip/Trick: Integrating ASP.NET Security with Classic ASP and Non-ASP.NET URLs
Once you make this change classic asp pages can be protected just as asp.net pages using the standard asp.net security features.
Brian Boatright
2008-10-03 13:51:45
Well, I'm not looking for how to implement ASP.Net security for classic ASP, but the post is helpful for future use ;)
OnesimusUnbound
2008-10-06 14:09:48