Caffeine
04-07-2003, 09:39 AM
Hi all,
I'm sitting here with this problem I can not solve by my self.
I need my users to validate themselves before entering the page, of security reasons.
Only a few persons will have access to these pages and there is some classified information that can not be allowed to be spread. Those who will have access to the pages know that, but I need to be sure that only those ppl have access. All other userAccounts(Domain-Accounts) will be denied.
At this time I'm entering the accounts with access staticly in the script, however this will change later on. I just need to get this problem sloved first.
Here is the code I have got:
--------------------------------------------------------------------------------------------------
<%@LANGUAGE="VBScript", EnableSessionState = false %>
<%
Option Explicit
Response.Buffer = True
Response.Clear
Function verifyUser()
Dim Myname, MyPass
Call GetUser(Myname, MyPass)
if len(Myname) = 0 Then
Response.Status = "401 Unauthorized"
Response.AddHeader "WWW-Authenticate","BASIC Realm=enter your realm here."
' elseif ( LCase(request.ServerVariables("LOGON_USER"))<>LCase("ese") AND LCase(request.ServerVariables("LOGON_USER"))<>LCase("wserv\lmapp") ) THEN
elseif ( LCase(request.ServerVariables("LOGON_USER"))<>LCase("wserv\lmapp") ) THEN
Response.Status = "401 Unauthorized"
Response.AddHeader "WWW-Authenticate","BASIC Realm=enter your realm here."
response.write("={"& request.ServerVariables("LOGON_USER") &"}=")
else
Response.Write(MyName & "-> passwd hemligt<BR><BR>") ' & MyPass
Response.write("<SCRIPT>alert('"& replace(request.ServerVariables("LOGON_USER"), "\", "\\") &"');</SCRIPT>")
response.write("You are now logged in! ]"& request.ServerVariables("LOGON_USER") &"[")
end if
END Function
Function GetUser(LOGON_USER, LOGON_PASSWORD)
Dim UP, Pos, Auth
Auth = Request.ServerVariables("HTTP_AUTHORIZATION")
LOGON_USER = ""
LOGON_PASSWORD = ""
if LCase(Left(Auth, 5)) = "basic" Then
UP = Base64Decode(Mid(Auth, 7))
Pos = InStr(UP, ":")
if Pos > 1 Then
LOGON_USER = Left(UP, Pos - 1)
LOGON_PASSWORD = Mid(UP, Pos + 1)
End if
End if
End Function
' Decodes a base-64 encoded string.
Function Base64Decode(base64String)
Const Base64CodeBase = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"
Dim dataLength, Out, groupBegin
dataLength = Len(base64String)
Out = ""
if dataLength Mod 4 <> 0 Then
Err.Raise 1, "Base64Decode", "Bad Base64 string."
Exit function
End if
' Now decode each group:
For groupBegin = 1 To dataLength Step 4
Dim numDataBytes, CharCounter, thisChar, thisData, groupData
' Each data group encodes up To 3 actual bytes.
numDataBytes = 3
groupData = 0
For CharCounter = 0 To 3
' <B>Convert</B> each character into 6 bits of data, And add it To an integer For
' temporary storage. If a character is a '=', there is one fewer data byte. (There can
' only be a maximum of 2 '=' in the whole string.)
thisChar = Mid(base64String, groupBegin + CharCounter, 1)
if thisChar = "=" Then
numDataBytes = numDataBytes - 1
thisData = 0
Else
thisData = InStr(Base64CodeBase, thisChar) - 1
End if
if thisData=-1 Then
Err.Raise 2, "Base64Decode", "Bad character In Base64 string."
Exit function
End if
groupData = 64 * groupData + thisData
Next
' Convert 3-byte integer into up To 3 characters
Dim OneChar
For CharCounter = 1 To numDataBytes
Select Case CharCounter
Case 1: OneChar = groupData \ 65536
Case 2: OneChar = (groupData And 65535) \ 256
Case 3: OneChar = (groupData And 255)
End Select
Out = Out & Chr(OneChar)
Next
Next
Base64Decode = Out
End Function
Call verifyUser()
%>
--------------------------------------------------------------------------------------------------
thanks,
-phleg-
I'm sitting here with this problem I can not solve by my self.
I need my users to validate themselves before entering the page, of security reasons.
Only a few persons will have access to these pages and there is some classified information that can not be allowed to be spread. Those who will have access to the pages know that, but I need to be sure that only those ppl have access. All other userAccounts(Domain-Accounts) will be denied.
At this time I'm entering the accounts with access staticly in the script, however this will change later on. I just need to get this problem sloved first.
Here is the code I have got:
--------------------------------------------------------------------------------------------------
<%@LANGUAGE="VBScript", EnableSessionState = false %>
<%
Option Explicit
Response.Buffer = True
Response.Clear
Function verifyUser()
Dim Myname, MyPass
Call GetUser(Myname, MyPass)
if len(Myname) = 0 Then
Response.Status = "401 Unauthorized"
Response.AddHeader "WWW-Authenticate","BASIC Realm=enter your realm here."
' elseif ( LCase(request.ServerVariables("LOGON_USER"))<>LCase("ese") AND LCase(request.ServerVariables("LOGON_USER"))<>LCase("wserv\lmapp") ) THEN
elseif ( LCase(request.ServerVariables("LOGON_USER"))<>LCase("wserv\lmapp") ) THEN
Response.Status = "401 Unauthorized"
Response.AddHeader "WWW-Authenticate","BASIC Realm=enter your realm here."
response.write("={"& request.ServerVariables("LOGON_USER") &"}=")
else
Response.Write(MyName & "-> passwd hemligt<BR><BR>") ' & MyPass
Response.write("<SCRIPT>alert('"& replace(request.ServerVariables("LOGON_USER"), "\", "\\") &"');</SCRIPT>")
response.write("You are now logged in! ]"& request.ServerVariables("LOGON_USER") &"[")
end if
END Function
Function GetUser(LOGON_USER, LOGON_PASSWORD)
Dim UP, Pos, Auth
Auth = Request.ServerVariables("HTTP_AUTHORIZATION")
LOGON_USER = ""
LOGON_PASSWORD = ""
if LCase(Left(Auth, 5)) = "basic" Then
UP = Base64Decode(Mid(Auth, 7))
Pos = InStr(UP, ":")
if Pos > 1 Then
LOGON_USER = Left(UP, Pos - 1)
LOGON_PASSWORD = Mid(UP, Pos + 1)
End if
End if
End Function
' Decodes a base-64 encoded string.
Function Base64Decode(base64String)
Const Base64CodeBase = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"
Dim dataLength, Out, groupBegin
dataLength = Len(base64String)
Out = ""
if dataLength Mod 4 <> 0 Then
Err.Raise 1, "Base64Decode", "Bad Base64 string."
Exit function
End if
' Now decode each group:
For groupBegin = 1 To dataLength Step 4
Dim numDataBytes, CharCounter, thisChar, thisData, groupData
' Each data group encodes up To 3 actual bytes.
numDataBytes = 3
groupData = 0
For CharCounter = 0 To 3
' <B>Convert</B> each character into 6 bits of data, And add it To an integer For
' temporary storage. If a character is a '=', there is one fewer data byte. (There can
' only be a maximum of 2 '=' in the whole string.)
thisChar = Mid(base64String, groupBegin + CharCounter, 1)
if thisChar = "=" Then
numDataBytes = numDataBytes - 1
thisData = 0
Else
thisData = InStr(Base64CodeBase, thisChar) - 1
End if
if thisData=-1 Then
Err.Raise 2, "Base64Decode", "Bad character In Base64 string."
Exit function
End if
groupData = 64 * groupData + thisData
Next
' Convert 3-byte integer into up To 3 characters
Dim OneChar
For CharCounter = 1 To numDataBytes
Select Case CharCounter
Case 1: OneChar = groupData \ 65536
Case 2: OneChar = (groupData And 65535) \ 256
Case 3: OneChar = (groupData And 255)
End Select
Out = Out & Chr(OneChar)
Next
Next
Base64Decode = Out
End Function
Call verifyUser()
%>
--------------------------------------------------------------------------------------------------
thanks,
-phleg-