Solved

hybrid authentication (base 64)

Posted on 2004-09-08
7
388 Views
Last Modified: 2012-08-14
Hi,

Im using the script below for hybrid authentication with classic asp and access2000 but I am not able to login even if I provide valid login information. Could anyone help me to find out what's wrong with the script?

<%
SET UUEncode = server.CreateObject ("Scripting.Dictionary")
For i=0 to 63
      Select Case i
            Case 0 offset = 65
            Case 26 offset = 71
            Case 52 offset = -4
      End Select
      UUEncode (CHR( i + offest )) = i
Next

Function Decode (theString)
      For byteGroup = 1 to Len(theString) Step 4
            numBytes = 3
            groupBytes = 0
            For CharCounter = 0 to 3
                  thisChar = Mid(theString, byteGroup + CharCounter, 1)
                  If thisChar = "=" Then
                        numBytes = numBytes - 1
                        thisByte = 0
                  Else
                        thisByte = UUEncode(thisChar)
                  End If
                  groupBytes = 64 * groupBytes + thisByte
            Next
            
            For k = 1 to numBytes
                  Select Case k
                        Case 1: thisChar = groupBytes \ 65536
                        Case 2: thisChar = (groupBytes And 65535) \ 256
                        Case 3: thisChar = (groupBytes And 255)
                  End Select
                  Decode = Decode & Chr (thisChar)
            Next
      Next
End Function

auth = Trim(Request.ServerVariables("HTTP_AUTHORISATION"))
If auth = "" Then
      Response.Status = "401 Not Authorized"
      Response.AddHeader "WWW-Authenticate", "Basic realm=""localhost"""
      Response.End
End If

auth = Trim(Mid( auth,6))
auth = Decode(auth)
authSplit = SPLIT(auth,":")
username = authSplit(0)
password = authSplit(1)

Set Con = Server.CreateObject ("adodb.connection")
Con.Open "JobCard","admin","admin"

sqlString = "Select userID from tblUsers Where userID = '" & username & "' and Password = '" & password & "'"
Set rs = Con.Execute (sqlString)

      If rs.Eof Then
            Response.Status = "401 Not Authorized"
            Response.AddHeader "WWW-Authenticate", "Basic realm=""localhost"""
            Response.End
      End If
%>

<html>
<head><title>Welcome</title></head>
<body>
Welcome <%=username%>!
</body>
</html>


hafs.
0
Comment
Question by:ayha1999
  • 3
  • 3
7 Comments
 
LVL 75

Expert Comment

by:Anthony Perkins
Comment Utility
You could start by spelling "HTTP_AUTHORIZATION" correctly.
0
 
LVL 7

Author Comment

by:ayha1999
Comment Utility
@acperkins,

I have already tried "HTTP_AUTHORIZATION" but I the following error;

Error Type:
Microsoft VBScript runtime (0x800A0009)
Subscript out of range: '[number: 1]'
/authentication.asp, line 49

the following script is at line 49:
password = authSplit(1)

When I use "HTTP_AUTHORISATION" I get the password dialogue box but I am not able to login. After three attemps ( whether it is correct login info or not) the page display without its contents(<body>Welcome <%=username%>!</body>).

could u pls check it?

hafs.
0
 
LVL 11

Expert Comment

by:kelvinwkw
Comment Utility
this mean somehting is wrong with the username and password after u decode it
the username and password before and after the encoding and decoding are not the same
double check the algorithm
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 75

Accepted Solution

by:
Anthony Perkins earned 30 total points
Comment Utility
And more explicitly it means there is no ":" in teh variable auth when you execute this line:
authSplit = SPLIT(auth,":")
0
 
LVL 7

Author Comment

by:ayha1999
Comment Utility
Hi,

what are the problems with the algorithm and ":". Could u pls. explain and give the solution?

ayha1999
0
 
LVL 7

Author Comment

by:ayha1999
Comment Utility
Hi,

could u answer for my last post?

ayha1999.
0
 
LVL 75

Expert Comment

by:Anthony Perkins
Comment Utility
I am sorry I have no idea.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

I have helped a lot of people on EE with their coding sources and have enjoyed near about every minute of it. Sometimes it can get a little tedious but it is always a challenge and the one thing that I always say is:  The Exchange of information …
This demonstration started out as a follow up to some recently posted questions on the subject of logging in: http://www.experts-exchange.com/Programming/Languages/Scripting/JavaScript/Q_28634665.html and http://www.experts-exchange.com/Programming/…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now