Solved

hybrid authentication (base 64)

Posted on 2004-09-08
7
402 Views
Last Modified: 2012-08-14
Hi,

Im using the script below for hybrid authentication with classic asp and access2000 but I am not able to login even if I provide valid login information. Could anyone help me to find out what's wrong with the script?

<%
SET UUEncode = server.CreateObject ("Scripting.Dictionary")
For i=0 to 63
      Select Case i
            Case 0 offset = 65
            Case 26 offset = 71
            Case 52 offset = -4
      End Select
      UUEncode (CHR( i + offest )) = i
Next

Function Decode (theString)
      For byteGroup = 1 to Len(theString) Step 4
            numBytes = 3
            groupBytes = 0
            For CharCounter = 0 to 3
                  thisChar = Mid(theString, byteGroup + CharCounter, 1)
                  If thisChar = "=" Then
                        numBytes = numBytes - 1
                        thisByte = 0
                  Else
                        thisByte = UUEncode(thisChar)
                  End If
                  groupBytes = 64 * groupBytes + thisByte
            Next
            
            For k = 1 to numBytes
                  Select Case k
                        Case 1: thisChar = groupBytes \ 65536
                        Case 2: thisChar = (groupBytes And 65535) \ 256
                        Case 3: thisChar = (groupBytes And 255)
                  End Select
                  Decode = Decode & Chr (thisChar)
            Next
      Next
End Function

auth = Trim(Request.ServerVariables("HTTP_AUTHORISATION"))
If auth = "" Then
      Response.Status = "401 Not Authorized"
      Response.AddHeader "WWW-Authenticate", "Basic realm=""localhost"""
      Response.End
End If

auth = Trim(Mid( auth,6))
auth = Decode(auth)
authSplit = SPLIT(auth,":")
username = authSplit(0)
password = authSplit(1)

Set Con = Server.CreateObject ("adodb.connection")
Con.Open "JobCard","admin","admin"

sqlString = "Select userID from tblUsers Where userID = '" & username & "' and Password = '" & password & "'"
Set rs = Con.Execute (sqlString)

      If rs.Eof Then
            Response.Status = "401 Not Authorized"
            Response.AddHeader "WWW-Authenticate", "Basic realm=""localhost"""
            Response.End
      End If
%>

<html>
<head><title>Welcome</title></head>
<body>
Welcome <%=username%>!
</body>
</html>


hafs.
0
Comment
Question by:ayha1999
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
7 Comments
 
LVL 75

Expert Comment

by:Anthony Perkins
ID: 12023278
You could start by spelling "HTTP_AUTHORIZATION" correctly.
0
 
LVL 7

Author Comment

by:ayha1999
ID: 12030170
@acperkins,

I have already tried "HTTP_AUTHORIZATION" but I the following error;

Error Type:
Microsoft VBScript runtime (0x800A0009)
Subscript out of range: '[number: 1]'
/authentication.asp, line 49

the following script is at line 49:
password = authSplit(1)

When I use "HTTP_AUTHORISATION" I get the password dialogue box but I am not able to login. After three attemps ( whether it is correct login info or not) the page display without its contents(<body>Welcome <%=username%>!</body>).

could u pls check it?

hafs.
0
 
LVL 11

Expert Comment

by:kelvinwkw
ID: 12041314
this mean somehting is wrong with the username and password after u decode it
the username and password before and after the encoding and decoding are not the same
double check the algorithm
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 75

Accepted Solution

by:
Anthony Perkins earned 30 total points
ID: 12043606
And more explicitly it means there is no ":" in teh variable auth when you execute this line:
authSplit = SPLIT(auth,":")
0
 
LVL 7

Author Comment

by:ayha1999
ID: 12063135
Hi,

what are the problems with the algorithm and ":". Could u pls. explain and give the solution?

ayha1999
0
 
LVL 7

Author Comment

by:ayha1999
ID: 12188277
Hi,

could u answer for my last post?

ayha1999.
0
 
LVL 75

Expert Comment

by:Anthony Perkins
ID: 12190222
I am sorry I have no idea.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I recently decide that I needed a way to make my pages scream on the net.   While searching around how I can accomplish this I stumbled across a great article that stated "minimize the server requests." I got to thinking, hey, I use more than one…
This demonstration started out as a follow up to some recently posted questions on the subject of logging in: http://www.experts-exchange.com/Programming/Languages/Scripting/JavaScript/Q_28634665.html and http://www.experts-exchange.com/Programming/…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question