Classic ASP enabled Windows Authentication but Request.ServerVariables(“LOGON_USER”) sometimes return wrong username

3
votes

I have a classic ASP deployed in IIS 7. The Windows Authentication is enabled and every other authentication is disabled. Thus the page does not require any login, the server is able to determine the NTADMIN username.

We have an Apache rewrite in place so that the page can be accessed in an alias such as https://www-site/app/page.asp rather than accessing it like https://ntp123:8090/app/page.asp; the rewrite is like this:

RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^/app https://%{HTTP_HOST} %{REQUEST_URI} [R,L]
ProxyPass /app http://ntp123:8090/app/ 
ProxyPassReverse /app http://ntp123:8090/app/

Most of the time, perhaps 99% of the time the code returns the correct "NTADMIN\user":

LoginName = Request.ServerVariables("Logon_User")

However there were several cases when the code is getting the wrong NTADMIN username. I tried to look for any similar issues via Google but most does not show the resolution.

Perhaps the ASP / IIS experts here may have the solution?

1
apacheasp-classiciis-7
Why don't you just add the correct address to DNS? I'm also confused how your environment is setup, how does an apache rewite work with IIS 7?user692942
From my understanding (Java coder here and not a network guru), the rewrite is just "mapping" the alias to the actual ip address. Hence, when the user accesses the alias www-site/app/page.asp, he is actually accessing the underlying ntp123:8090/app/page.aspCarlos Jaime C. De Leon

1 Answers

0
votes

It turns out the culprit was Apache HTTP Rewrite, because from observation of the IIS logs, the client IP address is always the same, in this case the Apache Server. It looks like it either has some caching issue or it's just not compatible with IIS's windows authentication. Either way, by removing this, the issue is no longer encountered.