Link to home
Start Free TrialLog in
Avatar of countrymeister
countrymeister

asked on

Classic ASP authentication issue

I have a classic ASP page which calls another asp page within it.
But for whatever reason, it just keeps asking for the Userid/password credentials, and keeps looping


Main ASP page has the following code
 
<form name="Main" action="adjustment.asp" method="post">
 
Then in a vbscript function I have 
Main.action = "adjustmentprocess.asp"
Main.submit()
 
I expect the adjustmentprocess.asp page to be invoked but it throws the windows login credentials dialog box, to enter userid/password.
 
This works fine in uat env, but does not in production
Any suggestions?

Open in new window

Avatar of Wayne Barron
Wayne Barron
Flag of United States of America image

May I suggest a better authentication system then what you are using?
Please have a look here, it is using Cookies.
======Taken from another post that I have it on=======
http://ee.cffcs.com/Q_24252782/login.asp
username:  logincookie
password: 12345678
(Type in a bad username (or) password and it will let you know that it is bad)
Code
http://ee.cffcs.com/Q_24252782/Q_24252782.zip

This is pretty simple to understand and use.
The
IsLoggedIn.asp
This is the key, this needs to be placed in the header of all pages that you want to protect.
Use this in place of long codes    <%= strUserName %>
If you are doing a SELECT Statement or other type.
Something like this will do.

<!--#include file="IsLoggedIn.asp"-->
sql = "SELECT UserName FROM Users WHERE UserName = " & strUserName & ""

Now, you will have to make sure that the file IsLoggedIn.asp is always in the header of the
Page where you are going to use the    strUserName at.

The cookie properties can be found in   login_validate.asp
Here you can set the cookie Expire date to as long or short of a time frame that you with.
Right now it is set at a default of 30-days.
you can set it to 1 year if you desire      Expires = Now() + 365
That will give you the 1 year, but in my opinion, that is just a bit to much.
About like EE here has theres set to log me out when I turn 106yrs old... ouch...

If you have any questions, please ask away.
Good Luck and enjoy.
Carrzkiss
Avatar of countrymeister
countrymeister

ASKER

Carrzkiss

I am typing in a valid userid/password, and thats how I get into the Main asp page - adjustment.asp, but when I try to submit some changes, it gives me the windows dialog again, instead of passing control to the adjutmentprocess.asp page.

What bothers me is this works in one env, but not in another.
Are you stating that the credentials are lost.
It sounds like you are sending to the same page.
You type in your information and you are sent here :  adjustment.asp
 What is this: --> adjustmentprocess.asp
What is on that page, are you sure that it is not rerouting you back to the login page?
Also.
If using Sessions, are you sure that the session is working properly?

It is really hard to tell without actually seeing it in action, and see the loop happening.
I know that I had the same thing happen, and the <body onLoad> was resending the information
Before it dawned on me that the onLoad needed to be put in another page, and not the one that I was submitting....

Let me know?
Carrzkiss
I have pasted the vbscript code that calls adjustmentprocess.asp and the relevant code of the adjustment.asp page

The adjustment.asp has a submit button which when clicked invokes the vbscript sub routine subForm

The adjustmentprocess is another asp page, which has the following, it has a button Goback, which should take it back to the adjustment.asp page

<form action="adjustment.asp" method="post">
<input type="submit" value="Go Back">
<input type="hidden" name="Area" value="<%=tradingArea%>">
<input type="hidden" name="adjustmentDate" value="<%=adjustmentDate%>">
</form>
<Script Language="vbscript">
'************************************************
'* submitForm
'*
'* called when user selects the process button
'* it checks that all the necessary data entry has
'* been completed.
'***********************************************
sub submitForm()
dim intLoop
dim bComplete
Dim bHasGoodOne
Dim bInvalidAcct
Const accountPrefix = "<%=AREA%>"
Dim value
 
 
  intLoop= 0
  bComplete = True
  bHasGoodOne = False
  bInvalidAcct = False
 
	For intLoop = 0 to Document.Main.Elements.Length - 1
		If Left(Document.Main.Elements(intLoop).Name, Len(accountPrefix)) = accountPrefix Then
			value = Document.Main.Elements(intLoop).Value
			If value <> "" Then
				If Not IsNumeric(value) Then
					bInvalidAcct = True
					Exit For
				Else
					bHasGoodOne = True
				End If
			End if
		End if
	Next
 
	For intLoop = 0 to 4
		if len(Main.PositionID(intLoop).value) > 0 then
			If len(Main.ChargeType(intLoop).value) = 0 or not isnumeric(Main.ChargeAmount(intLoop).value) or not isnumeric(Main.LocalAmount(intLoop).value) or not isnumeric(Main.FXRate(intLoop).value) then
				bComplete = False
				Exit For
			Else
				bHasGoodOne = True
			end if 'other fields missing
		end if 'position complete
 
		if len(Main.ChargeType(intLoop).value)> 0 then
			If len(Main.PositionID(intLoop).value) = 0 or not isnumeric(Main.ChargeAmount(intLoop).value) or not isnumeric(Main.LocalAmount(intLoop).value) or not isnumeric(Main.FXRate(intLoop).value) then
				bComplete = False
				Exit For
			end if 'other fields missing
		end if 'ChargeType complete
 
		if isnumeric(Main.ChargeAmount(intLoop).value) then
			If len(Main.ChargeType(intLoop).value) = 0 or len(Main.PositionID(intLoop).value) = 0 or not isnumeric(Main.LocalAmount(intLoop).value) or not isnumeric(Main.FXRate(intLoop).value) then
				bComplete = False
				Exit For
			end if 'other fields missing
		end if 'ChargeAmount complete
 
		if isnumeric(Main.LocalAmount(intLoop).value) then
			If len(Main.ChargeType(intLoop).value) = 0 or len(Main.PositionID(intLoop).value) = 0 or not isnumeric(Main.ChargeAmount(intLoop).value) or not isnumeric(Main.FXRate(intLoop).value) then
				bComplete = False
				Exit For
			end if 'other fields missing
		end if 'ChargeAmount complete
 
		if isnumeric(Main.FXRate(intLoop).value) then
			If len(Main.ChargeType(intLoop).value) = 0 or len(Main.PositionID(intLoop).value) = 0 or not isnumeric(Main.ChargeAmount(intLoop).value) or not isnumeric(Main.LocalAmount(intLoop).value) then
				bComplete = False
				Exit For
			end if 'other fields missing
		end if 'ChargeAmount complete
	Next
 
  If bInvalidAcct Then
	msgbox "A non-numeric Account-based change has been entered.", vbOKOnly+vbExclamation
  ElseIf Not bComplete Then
	msgbox "There are incomplete Ticker-based changes.", vbOKOnly+vbExclamation
  ElseIf Not bHasGoodOne Then
	msgbox "No adjustments have been entered.  No action will be taken.", vbOKOnly+vbExclamation
  Else    
	document.Main.action = "adjustmentprocess.asp"
	document.Main.submit()
  End If 'bComplete
 
end sub 'submitForm
 
</HEAD>
<BODY>
<span class="pageTitle">P&L Adjustments Data Entry</span></br>
<form name="Main" action="adjustment.asp" method="post">
<table border="0" style="border: 1 solid black">
<tr>
<td colSpan="9" align="left" class="subheading"><b>Select an account and enter a date:</b></td>
</tr>
<Table border="0" width="100%">
<tr class="columnHeadings">
<td align="center">
<input type="button" id="btnSubmit" value="Submit" onclick="submitForm()" <%= fieldsEnabledDisabled %>>
</td>
</tr>
</Table>
 
</form>
 
</BODY>
</HTML>

Open in new window

Is that how your code actually looks?
Did you copy it straight out of your page and paste it in here?
If so, then you are missing quite a bit of stuff.

Please see code below.

Lines that are missing
Line1:        <Script Language="vbscript">
Should be  <%@Script Language="vbscript"%>
And then on line 2:
There needs to be    <%

And then above the </head> there needs to be a closing   %>

I am still not sure about what is causing the loop.
Will have to check back on it a little later.
As I am getting ready for a reinstall on my system.
Just wanted to tie up a few loose ends before I jumped into that.

Have a good one
Carrzkiss
<%@Script Language="vbscript"%>
<%
'************************************************
'* submitForm
'*
'* called when user selects the process button
'* it checks that all the necessary data entry has
'* been completed.
'***********************************************
sub submitForm()
dim intLoop
dim bComplete
Dim bHasGoodOne
Dim bInvalidAcct
Const accountPrefix = "<%=AREA%>"
Dim value
 
 
  intLoop= 0
  bComplete = True
  bHasGoodOne = False
  bInvalidAcct = False
 
	For intLoop = 0 to Document.Main.Elements.Length - 1
		If Left(Document.Main.Elements(intLoop).Name, Len(accountPrefix)) = accountPrefix Then
			value = Document.Main.Elements(intLoop).Value
			If value <> "" Then
				If Not IsNumeric(value) Then
					bInvalidAcct = True
					Exit For
				Else
					bHasGoodOne = True
				End If
			End if
		End if
	Next
 
	For intLoop = 0 to 4
		if len(Main.PositionID(intLoop).value) > 0 then
			If len(Main.ChargeType(intLoop).value) = 0 or not isnumeric(Main.ChargeAmount(intLoop).value) or not isnumeric(Main.LocalAmount(intLoop).value) or not isnumeric(Main.FXRate(intLoop).value) then
				bComplete = False
				Exit For
			Else
				bHasGoodOne = True
			end if 'other fields missing
		end if 'position complete
 
		if len(Main.ChargeType(intLoop).value)> 0 then
			If len(Main.PositionID(intLoop).value) = 0 or not isnumeric(Main.ChargeAmount(intLoop).value) or not isnumeric(Main.LocalAmount(intLoop).value) or not isnumeric(Main.FXRate(intLoop).value) then
				bComplete = False
				Exit For
			end if 'other fields missing
		end if 'ChargeType complete
 
		if isnumeric(Main.ChargeAmount(intLoop).value) then
			If len(Main.ChargeType(intLoop).value) = 0 or len(Main.PositionID(intLoop).value) = 0 or not isnumeric(Main.LocalAmount(intLoop).value) or not isnumeric(Main.FXRate(intLoop).value) then
				bComplete = False
				Exit For
			end if 'other fields missing
		end if 'ChargeAmount complete
 
		if isnumeric(Main.LocalAmount(intLoop).value) then
			If len(Main.ChargeType(intLoop).value) = 0 or len(Main.PositionID(intLoop).value) = 0 or not isnumeric(Main.ChargeAmount(intLoop).value) or not isnumeric(Main.FXRate(intLoop).value) then
				bComplete = False
				Exit For
			end if 'other fields missing
		end if 'ChargeAmount complete
 
		if isnumeric(Main.FXRate(intLoop).value) then
			If len(Main.ChargeType(intLoop).value) = 0 or len(Main.PositionID(intLoop).value) = 0 or not isnumeric(Main.ChargeAmount(intLoop).value) or not isnumeric(Main.LocalAmount(intLoop).value) then
				bComplete = False
				Exit For
			end if 'other fields missing
		end if 'ChargeAmount complete
	Next
 
  If bInvalidAcct Then
	msgbox "A non-numeric Account-based change has been entered.", vbOKOnly+vbExclamation
  ElseIf Not bComplete Then
	msgbox "There are incomplete Ticker-based changes.", vbOKOnly+vbExclamation
  ElseIf Not bHasGoodOne Then
	msgbox "No adjustments have been entered.  No action will be taken.", vbOKOnly+vbExclamation
  Else    
	document.Main.action = "adjustmentprocess.asp"
	document.Main.submit()
  End If 'bComplete
 
end sub 'submitForm
%> 
</HEAD>
<BODY>
<span class="pageTitle">P&L Adjustments Data Entry</span></br>
<form name="Main" action="adjustment.asp" method="post">
<table border="0" style="border: 1 solid black">
<tr>
<td colSpan="9" align="left" class="subheading"><b>Select an account and enter a date:</b></td>
</tr>
<Table border="0" width="100%">
<tr class="columnHeadings">
<td align="center">
<input type="button" id="btnSubmit" value="Submit" onclick="submitForm()" <%= fieldsEnabledDisabled %>>
</td>
</tr>
</Table>
 
</form>
 
</BODY>
</HTML>

Open in new window

Carrzkiss
I tried adding another page instead of adjustmentprocess.asp in the flow logic
and the submit action does take me to the new page I added, so guess there is soemthing in the adjustmentprocess.asp that is causing the looping.
Also the adjustmentprocess.asp has the following for its form definition

<form action="adjustment.asp" method="post">
<input type="submit" value="Go Back">
<input type="hidden" name="Area" value="<%=Area%>">
<input type="hidden" name="adjustmentDate" value="<%=adjustmentDate%>">
</form>

Changed the foll
Main.action = "adjustmentprocess.asp"
Main.submit()
 
To flow to a some other page
Main.action = "confirm.asp"
Main.submit()
 
Definition of form in adjustmentprocess.asp, has action of adjustment.asp
 
<form action="adjustment.asp" method="post">
<input type="submit" value="Go Back">
<input type="hidden" name="Area" value="<%=Area%>">
<input type="hidden" name="adjustmentDate" value="<%=adjustmentDate%>">
</form>

Open in new window

What else is in the "adjustmentprocess.asp" page besides this?

<form action="adjustment.asp" method="post">
<input type="submit" value="Go Back">
<input type="hidden" name="Area" value="<%=Area%>">
<input type="hidden" name="adjustmentDate" value="<%=adjustmentDate%>">
</form>

This would not cause your loop to happen.
Then only way would be if you had something in your <body> tag that was submitted the form
(or) it was being done programicaly via javascript or vb?
I have pasted below the entire code of adjustmentprocess.asp.
Let me know if you find anything strange, what stumps me is this works in uat env but not in production
<%Option Explicit
Server.ScriptTimeout = 6000
%>
 
<!--#INCLUDE Virtual="/includes/adovbs.inc"-->
 
<HTML>
<HEAD>
<TITLE>Adjustment Page</TITLE>
<link rel="stylesheet" href="/commonStylesheet.css">
</HEAD>
<BODY>
<span class="pageTitle">Adjustments Data Entry</span></br>
 
<%
STOP
Dim ConnectionString
ConnectionString = Application("PAN_DETAILS")
 
const BROKER = "ZZAccount_"
 
Dim oConn
Dim Area
Dim adjustmentDate
Dim sOutput
 
Area = Request.Form("Area")
adjustmentDate = Request.Form("adjustmentDate")
 
Set oConn = Server.CreateObject("ADODB.Connection")
oConn.ConnectionString = ConnectionString
oConn.CommandTimeout = 600
oConn.Open
 
sOutput = MakeAccountBasedChanges()
If sOutput <> "" Then
	Response.Write "<BR><BR><SPAN class=heading>Account-based changes</SPAN><BR><BR>"
	Response.Write sOutput
End If
oConn.Close
Set oConn = Nothing
 
Function MakeAccountBasedChanges()
 
	Dim changeType						'type of change(margin interest, ticket charges, etc)
	Dim changeAmount					'amount of adjustment to make to the account
	Dim item
	Dim sOutput
 
	'handle all the account-based adjustments
 
	For each item in Request.Form
		if left(item, Len(BROKER)) = BROKER and trim(Request.Form(item)) <> "" then
			changeType = mid(item, Len(BROKER)+1)
			changeAmount = Request.Form(item)
 
			sOutput = sOutput & ExecuteStoredProc(changeType, changeAmount)
		end if
	next
	
	MakeAccountBasedChanges = sOutput
 
End Function
 
Function ExecuteStoredProc(ByVal changeType, ByVal changeAmount)
 
	Dim oComm
	Dim retval
	Dim paramQuantity
	Dim paramTradeDate
	Dim paramSecurity
	Dim paramAccount
	Dim paramIPAddress
	Dim paramBroker
 
	set oComm = Server.CreateObject("ADODB.Command")
	with oComm
		.ActiveConnection = oConn
		.CommandType = adCmdStoredProc
		.CommandText = "dbo.p_AdjustmentAccount"
		.CommandTimeout = 600
 
		.Parameters("@Area").Value = Area
		.Parameters("@BusDate").Value = adjustmentDate
		.Parameters("@Type").Value = changeType
		.Parameters("@Amount").Value = changeAmount
 
		.Execute
	end with
 
	set oComm = nothing
 
	ExecuteStoredProc = "The account adjustment of " + FormatCurrency(changeAmount) + " for " + changeType + " was successfully processed."+ "<br>" + vbcrlf
 
End Function
'----------------------------end MakeAccountBasedChanges ------------------------------------
 
Function ToBoolean(value)
	ToBoolean = False
 
	If IsNull(value) Then
		Exit Function
	End If
 
	If VarType(value) = vbBoolean Then
		ToBoolean = value
		Exit Function
	End If
 
	Select Case UCase(Left(Trim(CStr(value)), 1))
		Case "T", "Y", "1"
			ToBoolean = True
	End Select			
End Function
'----------------------------end subs/functions section------------------------------------
 
%>
 
<form action="pladjustment.asp" method="post">
<input type="submit" value="Go Back">
<input type="hidden" name="Area" value="<%=Area%>">
<input type="hidden" name="adjustmentDate" value="<%=adjustmentDate%>">
</form>
 
</BODY>
</HTML>

Open in new window

What happens if you remove this

<%Option Explicit
Server.ScriptTimeout = 6000
%>

Try that, and see what the results are please?

Carrzkiss
Also.
Line: 32
oConn.CommandTimeout = 600

That is 600
And your
Server.ScriptTimeout = 6000
Is 6000

I doubt that will have anything to do with anything.
But, should they be the same?
(I have not run them together, so I am not really sure)
remmoved
<%Option Explicit
Server.ScriptTimeout = 6000
%>
 but that did not help, got the same looping windows dialog box asking userid/pwd crendentials
you stated that you made another page and that it worked fine.
Why dont you try something.
(This is what I do if something breaks)

In the new page, add in pieces of code at a time.
NOT the whole code form this page, but just pieces of code.
And run your page against it each time.
And see when the code makes the loop.

This is the only thing that I can suggest, as I am not seeing nothing visiably that would be causing this looping issue.

Carrzkiss
carrzkiss:

This is even bizarre,
I took the adjustmentprocess page and made a copy of it adjustmentprocess1.asp,
The called it from the main adjustment page, as below and this worked.
Could you kow of any reason this worked.

Main.action = "adjustmentprocess1.asp"
Main.submit()
ASKER CERTIFIED SOLUTION
Avatar of Wayne Barron
Wayne Barron
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
I  took a new file copied the contents and deleted the old, then renamed the new file as adjustmentprocess.asp

Also took the new file and made a copy of it as adjustment2.asp

The new file named adjustmentprocess.asp did not work, but when I modified the code to point to adjustment2.asp it worked.

Next I brought down the IIS server, stopped and restarted it, did the same exercise above of creating a brand new file and copying the contents and then deleting the old  and renaming the new as adjustment process.asp and this time adjustmentprocess.asp worked.

Thanks for your help, spent quite some time on this
thanks a bunch for your help
IIS can be a pain I tell you.
Glad that it worked for you.

What most likely happened in IIS that caused it to where you had to restart IIS.
Is it did not let loose of the original file in cache.

Have a good one.
Carrzkiss