fre 2010-05-28 klockan 09:53 +0200 skrev Gabriele Gabriele: > Nothing is wrong, but I cant' siccess to watch in my http haeder the > X-Authenticated-User field. Why do you need it in a custom non-standard X-Authenticated-User header extension instead of the standard HTTP authentication header? Adding an X-Authenticated-User header is not hard, but I just wonder why you want the username in this non-standard header with all the security implications of that instead of the standad header defined by HTTP with well defined security profile? Regards Henrik