>You want the real address in the auth_context at least on the server >side. How come? I mean, I'm trying to understand this, but I guess I'm just missing something. And when you say "the server side", do you mean the server's local IP address on the application server or the client's remote IP address on the application server, or both? --Ken