Pages

Advertisement

Friday, July 13, 2007

Authenticate in ASP without NT

Share |

There is a simple alternative to NT authenication is to cheat. Here's a "no NT involved" version of security.inc; just put 

<!--#INCLUDE FILE="security.inc"-->

at the top of each ASP page you want to protect, and put this in security.inc: 
<%

'does the session know the user?

UserID=Session("UserID")

Rejected=False



If IsEmpty(UserID) Or IsNull(UserID) Or UserID="" Then

	Attempted=False



	'Figure out who we are, for later

	URL=Request.ServerVariables("QUERY_STRING")

	If IsEmpty(URL) Or URL="" Then

		URL=""  ' just in case

	Else

		URL="?" & URL

	End If

	URL=Request.ServerVariables("SCRIPT_NAME") & URL



	'check for POSTed authentication information

	UserID=Request.Form("UserID")

	UserPWD=Request.Form("UserPWD")



	If IsEmpty(UserID) Or IsNull(UserID) Or UserID="" Then

		Rejected=True

	Else

		' insert your own checking here -- this is deliberately lame

		If UserID="Foo" AND UserPWD="Foo" Then

			'wahoo!

			'set the session variable

			Session("UserID")=UserID

			Rejected=False

		Else

			Attempted=True

			Rejected=True

		End If

	End If

End If



If Rejected Then

	If Attempted Then

		Title="Authentication Failure"

	Else

		Title="Please Authenticate"

	End If

%>

<!--#INCLUDE FILE="authentication_form.htm"-->

<%

	Response.End 'stop processing before it gets back to your page

End If

' ... otherwise, on with your normal page.

%>
The authentication page (authentication_form.htm) could look like this: 
	&lthtml>&lthead>&lttitle><%=Title%></title></head>

	&lth1><%=Title%></h1>

	&ltform action="<%=URL%>" method="POST">

	Username: &ltinput type="text" name="UserID" size="20">&ltbr>

	Password: &ltinput type="password" name="UserPWD" size="20">&ltbr>

		&ltinput type="submit">

	</form>

	</html>



You could just as easily paste this HTML in where the INCLUDE is, but it makes it a little harder to edit using FrontPage. Note that anyone trying to hit authentication_form.htm is going to find it a little... well, useless. I'll leave it as an exercise to the reader how to get around this.
How does security.inc work?
If the user has authenticated already, security.inc notices that the UserID session variable is set and passes control back to your page. If they haven't, it sends them a form which asks for their username and password. When they submit that information, security.inc checks it and either gives them the form again or passes control back to your page.
The extra code is there to tweak the form if the user failed authentication (as opposed to simply not having authenticated yet), and to preserve any query information in the URL.
Note that if the user doesn't accept the ASP cookie (or is using a non-cookie-aware browser), the session variable won't be preserved and they'll be continuously asked to re-authenticate. You should modify the authentication page so that it warns users of this.

Posted by S3 Technology Softwares at 12:51 PM

Labels: , , , , , , , ,

Subscribe : Subscribe By Email Add to Technorati Favorites

2 comments:

  1. AnonymousJanuary 19, 2010 at 8:25 PM

    [color=red]The Most Affordable XRUMER/BACKLINK SERVICE Online!
    The EFFORTLESS and POWERFUL WAY TO BUILD MASSIVE # OF BACKLINKS
    [color=black]
    200,000 BLASTS of your URLs+ Anchor Tex, message, pictures (can be spinned) etc
    $10 USD (shared with other clients like a carpool), or
    $25/200k for exclusive!(you control EVERYTHING)
    $50 Exclusive @ 500,000 blasts.
    (Complete reports will be given to clients)

    [IMG]http://img697.imageshack.us/img697/1540/arrowdownh.gif[/IMG]
    For orders, questions or concerns? Email: [u]formless.void47 at gmail.com [/u]
    Note:
    1. For STRICT Whitehat sites, it is advised to create buffers to pass on linkjuice. i.e. social bookmarks, cloaked pages etc.
    You can blast the site directly, but it entails risk.
    Using buffers are 100% safe, speaking from experience.
    2. Xrumer is a very technical tool. Just describe to me what sorts of effects you want and well make it happen!
    If you want to buy Xrumer?
    >>>>> http://cloakedlink.com/chzgykebsd <<<<<<

    [color=black]
    -------
    CLIENT 2 SAMPLE SPACE FILLED WITH URLs,Pics and Keywords
    seo elite crack seo consultants directory top 10 seo tips backlinks lancaster seo seo basics seo services thailand buy antibiotics Xrumer 3 Gold seo taunton seo indore hubspot seo buy overnight seo reseller twitter seo seo shopping cart seo engine purchase buy seo class quick seo seo cornwall one way link building search engine submission exchange link seo results seo new york city linux seo software seo company dubai seo information spanish seo seo portsmouth website promotion software seo black hat inexpensive seo search engine optimization tutorial seo education seo quotation seo cape town seo outsourcing foreign language seo seo auckland reviews seo roi seo affiliate chicago seo company seo jobs mumbai seo jobs in chennai seo guy seo indonesia seo jobs in pune

    -----
    CLIENT 3 SAMPLE SPACE
    [url=http://provenheightincrease.co.cc/ebook/do-growing-taller-pills-really-work]do growing taller pills really work[/url] http://provenheightincrease.co.cc/ebook/do-growing-taller-pills-really-work

    [url=http://herpeset.co.cc/cheap/Chickenpox-Herpes-Ocular-Herpes-Home-Remedies-For-Genital-Herpes.html]chickenpox herpes ocular herpes home remedies for genital herpes[/url]

    http://www.ripoffreport.com/smoke-shops/global-life/global-life-didn-t-deliver-the-c3m7d.htm

    http://bufosalvarius2.sosblog.com/-b/How-To-Use-Ayahuasca-Growing-Ayahuasca-Get-Ayahuasca-Can-Ayahuasca-Buying-Ayahuasca-Buy-Ayahuasca-b1-p13.htm##How To Use Ayahuasca Growing Ayahuasca Get Ayahuasca Can Ayahuasca Buying Ayahuasca Buy Ayahuasca


    -----
    CLIENT 4 SAMPLE SPACE
    [url=http://provenheightincrease.co.cc/ebook/stand-taller]stand taller[/url] http://provenheightincrease.co.cc/ebook/stand-taller

    [url=http://growyourdick.co.cc/penile/penies-enlagement]penies enlagement[/url] http://growyourdick.co.cc/penile/penies-enlagement

    http://weedvaporizer-volcanovaporizer.info/herbal/hookah.php?vo=heat&ho=on&vaporisers=home&vaporizing=jNEZ

    http://buycheapplasmatv.info/cgi-bin/index.pl?=plasma-tv-hanger [url=http://buycheapplasmatv.info/cgi-bin/index.pl?=plasma-tv-hanger]plasma tv hanger[/url]

    [url=http://teethwhiteningstripsreviews.info/xr/Baton-Rouge]tooth whitening omaha Utah looking for Shizuoka Chile voluminous El Salvador Parksville Bathurst kansas city teeth whitening[/url]

    -----
    CLIENT 5 SAMPLE SPACE
    [url=http://cheapxrumerservice.co.cc]Cheap Xrumer Service[/url]
    [url=http://cheapxrumerservice.co.cc]Cheapest Xrumer Service[/url]
    [url=http://cheapxrumerservice.co.cc]Best Xrumer Service[/url]
    --------
    http://pleodinosaurforsale3.blogspot.com/2009/12/pleo-toy-dinosaur-robotic-baby-dinosaur.html##Pleo Toy Dinosaur Robotic Baby Dinosaur Buy Pleo Dinosaur Buy Ugobe Pleo Cheap Pleo Dinosaur

    http://cheaphdtvplasma.co.cc/television/flat-hdtv [url=http://cheaphdtvplasma.co.cc/television/flat-hdtv]flat hdtv[/url]

    [url=http://stopacaiberryscams.info/cgi-bin/index.pl/acai-berry-brochures]acai berry brochures[/url]

    ReplyDelete
  2. AnonymousJanuary 29, 2010 at 1:10 AM

    LOL this is a funny place. I think You dont know what You are writing about. Better see some [url=http://saltydroid.wordpress.com]TRUTH on Saltydroid[/url] and stop wanking like a cat.

    ReplyDelete

Subscribe to: Post Comments (Atom)