Question about user authentication and ASP

[Sarah]

This is not really an Ebase problem, but it is a technique commonly used by Ebase developers so I thought that you may know of a work around.

Taking our FLYTIP form as an example, the form may be used by people on the internet and people on the intranet but either way the form is read from an Ebase server in the DMZ. When an intranet user uses the form, an asp page is called to extract the user's logon details so that fields such as name and address may automatically be populated. The asp page resides on an IIS server which is on the local network. Unfortunately when the asp page is called the user is required to type in their domain account and password details in order to authenticate.

Other than having two separate Ebase servers, can you think of a way to avoid this need for a user to authenticate?

[Sarah]

There is an IIS setting that can be turned off in the security settings on your web server.

Log into your server, open up the IIS manager, click on ’properties’ for your website, click on Directory and Security tab and edit 'Authentication and Access control'. Untick 'Integrated Windows authentication' and tick 'Anonymous access'.

We advise that you speak to your IT department regarding changing the security settings to find out what effect these changes may have on your system, as Ebase cannot really make this recommendation.

This information is one of the ways of achieving what you asked for and unfortunately we don't really know much more about this topic. It seems like more things need to be taken into consideration regarding your environment settings, so it would be best if you spoke to your Web/IT people regarding this security issue. They may be able to better advise you on how to achieve what you need on your particular environment setup.