3

is it possible to assign a value to a ServerVariable("Something") using the code? instead of doing it via the IIS?

something as simple as this?

Request.ServerVariables("LOGON_USER")="test"

i also found the following at another forum:

Request.ServerVaria bles.Add(name, value)

but i keep getting the same error on both: "Declaration Expected"

some background:

i am trying to do is pass in the ("LOGON_USER") variable from one applicaton to another (on a different domain), to somehow allow for single sign on. I now pass hidden variables to the new server and then want to assign them to proper servervariables. would I then need to edit response or request? am i waaay off on this?

Madam Zu Zu
  • 6,437
  • 19
  • 83
  • 129
  • How is the user getting between the two applications? Are you forwarding them from one to another, or are they visiting them independently, or something else? I don't think you can do this by setting request server properties - they're a combination of request headers, which only exist for that request, and server environment variables which are not specific to the current user but only exist on this current server. – Rup Mar 22 '12 at 13:09
  • i am forwarding them to the new application, here is an example: http://www.eggheadcafe.com/articles/20021207.asp – Madam Zu Zu Mar 22 '12 at 13:12
  • Oh, OK - but that's using [`Session`](http://msdn.microsoft.com/en-us/library/system.web.httpcontext.session.aspx) not [`Request.ServerVariables`](http://msdn.microsoft.com/en-us/library/system.web.httprequest.servervariables.aspx). It'll require the user to have the same session information - a cookie, by default, so if you need to transfer this across domains you'll have to do something else or read, pass and write it - and the server access to the same shared session store. – Rup Mar 22 '12 at 13:17
  • i was going to assign the session variable to the request.serverVariable. to try and avoid the windows login pop up. – Madam Zu Zu Mar 22 '12 at 13:17

2 Answers2

2

Single sign-on is not usually implemented in this manner. Typically you would authenticate the user in the first system, create a secure token, then pass the token along with some identifying information to the second system. The second system would validate the token and the additional data, and if successful, authenticate the user in the second system (usually by creating an auth cookie).

This link gives you an overview of one approach, but you can Google for other techniques: http://msdn.microsoft.com/en-us/library/ms972971.aspx

mgnoonan
  • 7,060
  • 5
  • 24
  • 27
0

You can set server variables (although you would usually want to change the response rather than the request), and the most likely place to do this would be in a custom HttpModule. You can find more info here:

http://learn.iis.net/page.aspx/686/setting-http-request-headers-and-iis-server-variables/

and

http://forums.asp.net/t/1125149.aspx

Richard
  • 21,728
  • 13
  • 62
  • 101
  • thanks you. basically what i am trying to do is pass in the ("LOGON_USER") variable from one applicaton to another, to somehow allow for single sign on. would i then need to edit response or request? Thanks! – Madam Zu Zu Mar 22 '12 at 12:59
  • If this is a single sign on then I would look at another way. – Richard Mar 22 '12 at 13:46