in reply to Forcing REMOTE_USER

From the CGI/1.1 Specification:

REMOTE_USER

If the server supports user authentication, and the script is protected, this is the username they have authenticated as.

Basically that means, that if your web-server enforces authentication to access the script in question, a browser who doesn't send accepted credentials will be denied access; if credentials are sent, it's up to the web-server to set the environment (of your script while executed) according to the specifications, which most servers will do...

Nevertheless it's up to you to code your scripts in a way, that they behave correctly under any possible circumstances; checking an env-var isn't that complicated after all :-)

regards,
tomte

Hlade's Law:

If you have a difficult task, give it to a lazy person --
they will find an easier way to do it.

Replies are listed 'Best First'.
Re: Re: Forcing REMOTE_USER
by qadwjoh (Scribe) on Mar 09, 2004 at 13:59 UTC
    I'm having a problem with IIS then.

    My script uses REMOTE_USER but checks to see if it exists beforehand. If it doesn't the script prints an error message. I've been running this script all day now, and sometimes REMOTE_USER is set, and other times it isn't.

    I'm using IIS with Integrated Windows Authentication and anonymous access with a specified user ID.

    Any ideas what's going wrong?

    A
[reply]
      I'm still not sure what you want to do.
      If you don't need authentication, disable checking for the variable. And if you have another auth mechanism apart form .htaccess then use it, maybe you don't need remote_user either? And anyway, do you _have_to_ use IIS? usually microsoft servers are more expensive than open source, and what advantage does IIS give you over apache?
[reply]

In Section Seekers of Perl Wisdom