Microsoft KB Archive/835388

= BUG: The Request.ServerVariables(&quot;AUTH_PASSWORD&quot;) object does not display certain characters from an ASPX page =

Article ID: 835388

Article Last Modified on 5/17/2007

-

APPLIES TO


 * Microsoft ASP.NET 1.1
 * Microsoft .NET Framework 1.0

-





SYMPTOMS
When an ASPX page is requested with a password that has characters such as Æ, ç, €, œ, ž, or £, the Request.ServerVariables(&quot;AUTH_PASSWORD&quot;) object omits these characters when the password is displayed.



WORKAROUND
To work around the behavior that is described in the &quot;Symptoms&quot; section of this article, follow these steps:  Start Notepad.  Paste the following code in Notepad: <%   Dim header as string Dim ticket as string Dim GetAuthPassword as string header=Request.ServerVariables(&quot;HTTP_AUTHORIZATION&quot;) If header.StartsWith(&quot;Basic&quot;) or header =&quot;&quot; then ticket = header.Substring(6) ticket = System.Text.Encoding.Default.GetString(Convert.FromBase64String(ticket)) response.write(ticket.Substring((ticket.IndexOf(&quot;:&quot;)+1))) GetAuthPassword =ticket.Substring((ticket.IndexOf(&quot;:&quot;)+1)) end if %>

AUTH_USER=<%=Request.ServerVariables(&quot;AUTH_USER&quot;) %> AUTH_PAssword=<%=GetAuthPassword%>  Save the file as.

Note  is a placeholder for the name of the .aspx file.



STATUS
Microsoft has confirmed that this is a bug in the Microsoft products that are listed in the &quot;Applies to&quot; section of this article.



Create a user
 At a command prompt, create a local user by using the following command:

net user MyUser &quot;TestÆç123&quot; /add

 Add the user to the Administrators group.</li></ol>

Create an ASP page
 Start Notepad.</li>  Paste the following code in Notepad: AUTH_USER=<%=Request.ServerVariables(&quot;AUTH_USER&quot;) %> AUTH_Password=<%=Request.ServerVariables(&quot;AUTH_PASSWORD&quot;) %> </li> Save the page as.

Note  is a placeholder for the name of the .asp file.</li></ol>

Create an ASPX page
  In Notepad, paste the following code: AUTH_USER=<%=Request.ServerVariables(&quot;AUTH_USER&quot;) %> AUTH_PASSWORD=<%=Request.ServerVariables(&quot;AUTH_PASSWORD&quot;) %> </li> Save the page as.

Note  is a placeholder for the name of the .aspx file.</li></ol>

Put the files in a folder
Create a folder in C:\Inetpub\wwwroot that is named, and then put the created files to this folder.

Note  is a placeholder for the name of the folder.

Create a virtual directory in Internet Information Services (IIS)

 * 1) Click Start, point to Settings, and then click Control Panel.
 * 2) Double-click Administrative Tools, and then double-click Internet Services Manager.
 * 3) In the Internet Information Services window, double-click the computer name, and then click Default Web Site.
 * 4) On the Action menu, point to New, and then click Virtual Directory.
 * 5) Complete the Virtual Directory Creation Wizard. Map the folder   to a virtual directory in IIS. Name the virtual directory in IIS as.

Note  is a placeholder for the virtual directory name in IIS.

Set the directory security of the virtual directory

 * 1) In IIS, click the virtual directory in IIS that was created in the &quot;Create a virtual directory in Internet Information Services (IIS)&quot; section of this article.
 * 2) On the Action menu, click Properties. The   Properties dialog box appears.
 * 3) On the Directory Security tab, click Edit under Anonymous access and authentication control. The Authentication Methods dialog box appears.
 * 4) Click to clear the Anonymous access check box, and then click to select the Basic authentication (password is sent in clear test) check box. A warning message appears.
 * 5) Click Yes.
 * 6) Click to clear the Integrated windows authentication check box, and then click OK two times.

Access the ASP page from Internet Explorer
 Start Microsoft Internet Explorer.</li> In the address bar, type the following URL:

http:// / /ExampleASP.asp

Note  is a placeholder for the name of the Web server.</li> Click Go.</li> In the dialog box that appears, type MyUser in the User Name box, and then type TestÆç123 in the Password box.

Note  is the user name and   is the password that were created in step 1 of the &quot;Create a user&quot; section of this article.</li> Click OK.

Notice that the user name and the password with which the ASP page is being accessed appears correctly.</li></ol>

Access the ASPX page from Internet Explorer
 Start Internet Explorer.</li> <li>In the address bar, type the following URL:

http:// / /ExampleASPX.aspx

Note  is a placeholder for the name of the Web server.</li> <li>Click Go.</li> <li>In the dialog box that appears, type MyUser in the User Name box, and then type TestÆç123 in the Password box.

Note MyUser is the user name and TestÆç123 is the password that you created in the &quot;Create a User&quot; section of the article.</li> <li>Click OK.</li></ol>

Notice that the user name that the ASPX page is accessed with is displayed correctly but that the password that the ASPX page is accessed with appears incorrectly. The characters that are specified in the password are omitted.

<div class="references_section">