This example illustrates how you can use ASP to leverage IIS and Windows 2000® security features and authentication schemes to provide secure logon screens. In general, initial authentication should, if possible, take place before any of the content has actually been sent to the client browser. This example demonstrates one method for accomplishing this.
For the purposes of demonstration, this script simply gets the LOGON_USER variable from the Request.ServerVariables property, and checks that the user has been authenticated by the user's local server. An actual application could just as easily check the username and password against a database at this point in the script.
If the user making the request, with the client browser, has not been authenticated, this script bars access to them. Response.Status is set to the HTTP 401 error code, indicating that there has been an access problem, and the Response.End method is then called, which ceases script processing and terminates the connection.
If the user has been authenticated, the rest of the Web page is sent to the client browser as usual. This sample uses the Request.ServerVariables twice more to retrieve some information on your current logon and authentication status.
The VBScript and JScript versions of this script are available in the IIS samples directory, at ...\asp\interaction\Logon_VBScript.asp and ...\asp\interaction\Logon_JScript.asp.