Writing in server variables

Nov 26, 2007 at 4:22 PM

I use Filter.NET to authenticate users on my website.

Everything works fine until I try to save the username in the "LOGON_USER" server variable, which is read-only.

Is there an ISAPI technical limitation which forces you to make the server variables read-only ? Have you a workaround ?

Thank you for your answer.

Stéphane de Wit
Nov 27, 2007 at 7:50 PM
Hi Stéphane,

Server Variables are always read-only (its an IIS by design feature) and they are basically the contextual properties IIS makes available to any Http Request. The server variables expose the Request Headers content among other things such as the AppPool ID, certificate information, IIS metabase info and others. The LOGON_USER server variable, in particular, is set to the authenticated user by IIS when Basic Authentication, Digest or Integrated Windows Authentication is used.

If you're using a custom authentication method, you can always set a custom request header via the headers collection which will be available to the processing request in the request headers collection and the server variables collection prepended with HTTP_xxx where xxx is the custom request header name.

Hope it helps,
Tiago Halm