When you think ASP, think...
Recent Articles xml
All Articles
ASP.NET Articles
Related Web Technologies
User Tips!
Coding Tips
spgif spgif

Sample Chapters
JavaScript Tutorials
MSDN Communities Hub
Official Docs
Stump the SQL Guru!
XML Info
Author an Article
spgif spgif
ASP ASP.NET ASP FAQs Feedback topnav-right
Print this page.
Published: Tuesday, September 22, 1998

Using the Request.ServerVariables Object

Active Server Pages exposes an object called ServerVariables, which is part of the Request object. This ServerVariables object allows the programmer to see many environment variables. You can use the ServerVariables along with IIS's directory sercurity options to determine who is currently accessing your site. You can also grab the visitor's IP address using the ServerVariables object. This article includes a question and answer from the Activer Server Pages mailing list, as well as an excerpt from the Visual InterDev 1.0 help files detailing all of the properties of the ServerVariables object.

Obtaining the User Name of your Visitor:
Here is the question posted to the mailing list:

Does anybody know how to get the NT User Logon Name from within the Netscape Browser? Within Explorer no Problem due to Challenge/Response option but what to do with Netscape?

- continued -

Here is the answer:

Try Request.ServerVariables("LOGON_USER").

And this is exactly what you should do. If you turn on the directory security through the IIS Administration Console, user's will be prompted to enter their username and password (you must have the clear text option selected if you want to make it Netsca pe compatible. You can also select the NT Challenge / Response, which will work with Internet Explorer). Once they enter their name and password, it will check to see if the user has an NT account on the webserver, and if they've entered the correct pas sword. Once they are validated, you can view who they are, exactly, using Request.ServerVariables("LOGON_USER").

For example, you can write an ASP page like this:

      You are <%=Request.ServerVariables("LOGON_USER")%>

If the directory security options are set so that this directory does not allow anonymous users, when the surfer hits this page they will be prompted with the standard modal dialog asking for username and password. Once they enter this information, assum ing it is valid, the page will load and it will say, "You are \", where is their username, and the is the webserver's domain name.

You can use this "LOGON_USER" ServerVariable for a number of purposes. One application I've used this for is to set permissions to various parts of an intranet. You can use the LOGON_USER variable to determine who is visiting the page, and if they are a particular user, then they will be allowed to continue on, else they are taken to a page explaining that they do not have adequate permissions.

Other Uses of the Request.ServerVariables Object:
The ServerVariables Object has many properties besides the "LOGON_USER". Here is a list of all of the properties and their uses:

Variable Description
AUTH_TYPE The authentication method that the server uses to validate users when they attempt to access a protected script.
CONTENT_LENGTH The length of the content as given by the client.
CONTENT_TYPE The data type of the content. Used with queries that have attached information, such as the HTTP queries POST and PUT.
GATEWAY_INTERFACE The revision of the CGI specification used by the server. Format: CGI/revision.
HTTP_<HeaderName> The value stored in the header HeaderName. Any header other than those listed in this table must be prefixed by "HTTP_" in order for the ServerVariables collection to retrieve its value.

Note: The server interprets any underscore (_) characters in HeaderName as dashes in the actual header. For example if you specify HTTP_MY_HEADER, the server searches for a header sent as MY-HEADER.

LOGON_USER The Windows NTŪ account that the user is logged into.
PATH_INFO Extra path information as given by the client. You can access scripts by using their virtual path and the PATH_INFO server variable. If this information comes from a URL it is decoded by the server before it is passed to the CGI script.
PATH_TRANSLATED A translated version of PATH_INFO that takes the path and performs any necessary virtual-to-physical mapping.
QUERY_STRING Query information stored in the string following the question mark (?) in the HTTP request.
REMOTE_ADDR The IP address of the remote host making the request.
REMOTE_HOST The name of the host making the request. If the server does not have this information, it will set REMOTE_ADDR and leave this empty.
REQUEST_METHOD The method used to make the request. For HTTP, this is GET, HEAD, POST, and so on.
SCRIPT_MAP Gives the base portion of the URL.
SCRIPT_NAME A virtual path to the script being executed. This is used for self-referencing URLs.
SERVER_NAME The server's host name, DNS alias, or IP address as it would appear in self-referencing URLs.
SERVER_PORT The port number to which the request was sent.
SERVER_PORT_SECURE A string that contains either 0 or 1. If the request is being handled on the secure port, then this will be 1. Otherwise, it will be 0.
SERVER_PROTOCOL The name and revision of the request information protocol. Format: protocol/revision.
SERVER_SOFTWARE The name and version of the server software answering the request (and running the gateway). Format: name/version.
URL Gives the base portion of the URL.

Here is some code to iterate through all of the ServerVariable properties:

                <B>Server Varriable</B>

      <% For Each name In Request.ServerVariables %>
                <%= name %>
                <%= Request.ServerVariables(name) %>
      <% Next %>
[View the live demo!]

In this article we explored the uses of the ServerVariables object. Be forewarned that the use of the object is not very efficient, because when you ask the server to hand you just one variable (such as "LOGON_USER"), all ServerVariables are handed to yo u. Since this inefficiency exists, the use of Session variables here is preferred. Once someone has logged in successfully, you can set a Session variable named something like "CURRENTUSER" equal to the Request.ServerVariables("LOGON_USER"). Happy Prog ramming!

ASP.NET [1.x] [2.0] | ASPFAQs.com | Advertise | Feedback | Author an Article