Basic-like authentication
-
Hi I try to restrict access to some pages.. I don't want to use username/password text Input controls,, instead I want to display the basic authentication dialog but i face a problem reading the username/password that the user inputs :
Response.Clear Response.Write Request.ServerVariables("AUTH_USER") if Request.ServerVariables("AUTH_USER")<>"ABC" and Request.ServerVariables("AUTH_PASSWORD")<>"123" then Response.AddHeader "WWW-Authenticate","basic" Response.Status="401" Response.End else Response.Write "user=" & Request.ServerVariables("AUTH_USER") & vbCrLf Response.Write "PWD=" & Request.ServerVariables("AUTH_PASSWORD") end ifthe dialog shows up and i input data but seems that the checking for AUTH_USER and AUTH_PASSWORD is wrong.. please help me with this. I use IIS 5.0 and basic authentication is enabled.Request.ServerVariables("AUTH_USER") will have domain name in front of it. i.e. the value should be "<>\ABC" //Start of joke Never comment ur code. If it was hard to write, it should be hard to understand !!! //End of joke
-
Request.ServerVariables("AUTH_USER") will have domain name in front of it. i.e. the value should be "<>\ABC" //Start of joke Never comment ur code. If it was hard to write, it should be hard to understand !!! //End of joke
Bee Master wrote: Request.ServerVariables("AUTH_USER") will have domain name in front of it. i.e. the value should be "<>\ABC" I think this goes for NT authentication, any way i changes the condition to :
if len(Request.ServerVariables("AUTH_PASSWORD"))>0 then Response.Write "user=" & Request.ServerVariables("AUTH_USER") & vbCrLf Response.Write "PWD=" & Request.ServerVariables("auth_type") else Response.AddHeader "WWW-Authenticate","basic" Response.Status="401" Response.End end ifbut still does not work !!!:confused:
-
Bee Master wrote: Request.ServerVariables("AUTH_USER") will have domain name in front of it. i.e. the value should be "<>\ABC" I think this goes for NT authentication, any way i changes the condition to :
if len(Request.ServerVariables("AUTH_PASSWORD"))>0 then Response.Write "user=" & Request.ServerVariables("AUTH_USER") & vbCrLf Response.Write "PWD=" & Request.ServerVariables("auth_type") else Response.AddHeader "WWW-Authenticate","basic" Response.Status="401" Response.End end ifbut still does not work !!!:confused:
Don't forget that the AUTH_PASSWORD and AUTH_USER variables are going to be Base64 Encoded. You will need to unencode them to be able to test them against a value- .Net has some classes in the Texting namespace that should do the trick. I also notice that you are setting just the Status property. Try setting the StatusCode property and StatusDescription seperatly. ie. Response.StatusCode = 401; Response.StatusDescription="Unauthorized "
-
Don't forget that the AUTH_PASSWORD and AUTH_USER variables are going to be Base64 Encoded. You will need to unencode them to be able to test them against a value- .Net has some classes in the Texting namespace that should do the trick. I also notice that you are setting just the Status property. Try setting the StatusCode property and StatusDescription seperatly. ie. Response.StatusCode = 401; Response.StatusDescription="Unauthorized "
Also, I think the header needs to have a realm. WWW-Authenticate: Basic realm="WallyWorld" http://www.w3.org/Protocols/HTTP/1.0/draft-ietf-http-spec.html#WWW-Authenticate Gives more details.
-
Don't forget that the AUTH_PASSWORD and AUTH_USER variables are going to be Base64 Encoded. You will need to unencode them to be able to test them against a value- .Net has some classes in the Texting namespace that should do the trick. I also notice that you are setting just the Status property. Try setting the StatusCode property and StatusDescription seperatly. ie. Response.StatusCode = 401; Response.StatusDescription="Unauthorized "
thank you.. but encoding is sill a coming problem :) even if I check for the length of the AUTH_PASSWORD server variable i get 0 !!!
-
thank you.. but encoding is sill a coming problem :) even if I check for the length of the AUTH_PASSWORD server variable i get 0 !!!
Hi, AUTH_USER and AUTH_PASSWORD are populated by IIS if it requested the authentication itself. You need to check the HTTP_AUTHORIZATION variable. This will be Base64 encoded and will encompass both the username and password. See the specification I posted earlier to figure out how it is put together.
-
Hi, AUTH_USER and AUTH_PASSWORD are populated by IIS if it requested the authentication itself. You need to check the HTTP_AUTHORIZATION variable. This will be Base64 encoded and will encompass both the username and password. See the specification I posted earlier to figure out how it is put together.
HTTP_AUTHORIZATION is the answer !! thanks alot now the next step is to decode the Base64 encoded string.. wish me luck :)
-
HTTP_AUTHORIZATION is the answer !! thanks alot now the next step is to decode the Base64 encoded string.. wish me luck :)
.Net provides a class to do that for you. Try looking under System.Text
-
.Net provides a class to do that for you. Try looking under System.Text
yes i know it already exists in .net but i can't use .net for this project. so i'll have to do it myself :)
-
yes i know it already exists in .net but i can't use .net for this project. so i'll have to do it myself :)
http://www.freevbcode.com/ShowCode.asp?ID=5248 This should do the trick.
-
http://www.freevbcode.com/ShowCode.asp?ID=5248 This should do the trick.
again (5):-D i was going to code it myself .. now i'll reuse the code :) many thanks.