At 03:18 AM 11/4/2004, you wrote: >No need to worry about the REMOTE_USER, it's the standard behaviour of ASP.NET >and not from mod_aspdotnet, it turns out that I've to write an own IHttpModule >that handles authentication now I'm using LDAP as authentication (interpret >the authenticated user from the LDAP server variables and set the >context.User). So no need to bother you mod_aspdotnet guys any more :)
Do you mean IIS behavior v.s. Apache behavior? Are we certain this isn't a shortcoming of mod_aspdotnet? >I've onw other question, why is ExecCGI needed in the Options sections (and is >also checked to be set in mod_aspdotnet.cpp). I understand that allowing CGI >can a security hazard. What is the reason for this setting? .NET is a form of code execution, so the ExecCGI was used to test that execution is permitted. We cannot extend the Options directive to something like Options ExecNET, but we could use an alternate directive to do something like AspNetOptions [+/-]Exec. Thoughts? Bill
