How to pass the REMOTE_USER variable from IIS to PASOE web transport? - Forum - OpenEdge Development - Progress Community

How to pass the REMOTE_USER variable from IIS to PASOE web transport?

 Forum

How to pass the REMOTE_USER variable from IIS to PASOE web transport?

This question is not answered

Hi,

I have a problem to pass the REMOTE_USER functionality we used to have from webspeed in a PASOE instance.

In the logging from IIS I see that the REMOTE_USER is working by setting the windows authentication (SSO).

We have some rewrite rules in IIS to allow the pasoe instance to be accessible from the outside of the server but I can not see any variable in PASOE which contains that REMOTE_USER value.

Does anyone have any thoughts how to implement this with the PASOE web transport and using the Compatibility handler?

Kind regards,

Roel de Wildt

All Replies
  • Roel,

    I remember finding this frustrating as well when initially evaluating the PASOE migration for our existing WebSpeed applications.  The value is there if you run a WebSpeed agentsr, but completely missing when using PASOE agents.

    Solutions depend on how you are proxying IIS to the PASOE web transport.  I found that if you are using something like the BonCode AJP13 connector, the 'REMOTE_USER' value was pushed into the 'HTTP_AUTH_USER' CGI context.  This may be true for the Apache IIS/AJP13 connector as well.  Using REMOTE_USER = GET-CGI("HTTP_AUTH_USER") then allowed us to access the value.  

    Another option is to use a 3rd party re-writer (like what is described here: www.techpaste.com/.../).  Be careful relying on these generated headers though, as a malicious user 'could' populate the header and provide improper credentials in certain situations.

    You may want to consider getting away from using the IIS authentication and moving to Form Authentication built into PASOE.  This allows much more control over the user experience (rather than using the default browser popup), and then provides the user credentials in a client principal.  Once configured you would then retrieve the user with some code like: hCP = session:current-request-info:GetClientPrincipal(). IF VALID-OBJECT(hCP) THEN REMOTE_USER = hCP:USER-ID.

    Have a great day,

    Brian