Home

ASP ADVANCED

When a Web page is password-protected, four headers are useful for retrieving information about the user accessing the page.  The AUTH_TYPE header indicates the authentication method used to access the page.  The AUTH_USER and LOGON_USER headers contain the name of the Windows NT account of the user.  Finally, when Basic authentication is used, the AUTH_PASSWORD header contains the password that was used to access the page.

For example, the following Active Server Page checks whether the user has used Basic authentication to access the page. This is accomplished by using the AUTH_TYPE header.

This header can have only two possible values: Basic for Basic authentication, or NTLM for NT Challenge and Response. (The LM stands for LAN Manager-Microsoft's pre-Windows NT network operating system.) Next, the Windows NT account of the user is displayed:

<HTML>
<HEAD><TITLE>Password Protected</TITLE></HEAD>
<BODY>
<%
IF Request.ServerVariables("AUTH_TYPE")="Basic" THEN
%>
You are logged in using Basic Authentication.
Your account is <%=Request.ServerVariables("LOGON_USER")%>.
<% ELSE %>
You are logged in using NT Challenge and Response.
Your account is <%=Request.ServerVariables("LOGON_USER")%>.
<% END IF %>
</BODY>
</HTML>

Modifying the Content -Type Header

The Content -Type header indicates the media type of the body of the response (.the MIME type).  Common examples are "text /HTML", "image/gif ", " application/msword", or "text/rtf" You can use the ContentType property of the Response object to set this header.

One common use of the ContentType property is to display the source of an HTML document.  If you set the ContentType property to "text/plain", the body of the response is sent as normal text rather than HTML.  Consider the following example:

<%
Response.ContentType="text/plain"
 %>
<HTML>
<HEAD><TITLE>HTML Document</TITLE></HEAD>
<BODY>
<H1>This is an HTML document!</H1>
</BODY>
</HTML>

When this file is displayed in a Web browser, all the text below the script appears exactly as shown here.  By setting the ContentType property to "text/plain", you can prevent a Web browser from interpreting the contents of an HTML page.

The Status Code

For the sake of completeness, the status property of the Response object is discussed here.  However, this property doesn't modify a header; the status property is used to specify the status code returned in an HTTP response.

Whenever a server responds to a request, the first line it sends is the status line.  The status line includes a three-digit status code and a description of the status code (called a reason phrase).  The following list describes the five classes of status codes:

  • 1xx Informational.  The status codes in this class are mainly experimental.

  • 2xx Success.  The status codes in this class are used to indicate that a request was fulfilled successfully.  For example, status code 200 can indicate that the Web page requested was retrieved successfully.

  • 3xx Redirection. The status codes in this class are used to indicate that some further action must be taken before the request can be fulfilled.  For example, status code 301 can indicate that a Web page has been moved permanently to another address.  In this case, the browser may be redirected automatically to the new address.

  • 4xx Client Error.  This status code is returned when the browser has made a request that can't be fulfilled, For example, status code 404 indicates that the requested Web page doesn't exist.

  • 5xx Server Error.  The status codes in this class indicate a problem with the server.
    For example, status code 503 can indicate the server is currently overwhelmed.

You can use the status property of the Response object to specify the status code that should be returned in a response.  For example, if someone attempts to retrieve the following Active Server Page on a Wednesday, the status code 401 Not Authorized is returned (this results in a password dialog box appearing):

<%
IF WEEKDAYNAME (WEEKDAY (DATE)) = "Wednesday" THEN
Response.Status="401 Not Authorized"
Response.End
ELSE
%>
<HTML>
<HEAD><TITLE> Not Wednesday </TITLE></HEAD>
<BODY>
Welcome! Today is not Wednesday.
</BODY>
</HTML>
<% END IF %>