Solved

hybrid authentication (base 64)

Posted on 2004-09-08
7
396 Views
Last Modified: 2012-08-14
Hi,

Im using the script below for hybrid authentication with classic asp and access2000 but I am not able to login even if I provide valid login information. Could anyone help me to find out what's wrong with the script?

<%
SET UUEncode = server.CreateObject ("Scripting.Dictionary")
For i=0 to 63
      Select Case i
            Case 0 offset = 65
            Case 26 offset = 71
            Case 52 offset = -4
      End Select
      UUEncode (CHR( i + offest )) = i
Next

Function Decode (theString)
      For byteGroup = 1 to Len(theString) Step 4
            numBytes = 3
            groupBytes = 0
            For CharCounter = 0 to 3
                  thisChar = Mid(theString, byteGroup + CharCounter, 1)
                  If thisChar = "=" Then
                        numBytes = numBytes - 1
                        thisByte = 0
                  Else
                        thisByte = UUEncode(thisChar)
                  End If
                  groupBytes = 64 * groupBytes + thisByte
            Next
            
            For k = 1 to numBytes
                  Select Case k
                        Case 1: thisChar = groupBytes \ 65536
                        Case 2: thisChar = (groupBytes And 65535) \ 256
                        Case 3: thisChar = (groupBytes And 255)
                  End Select
                  Decode = Decode & Chr (thisChar)
            Next
      Next
End Function

auth = Trim(Request.ServerVariables("HTTP_AUTHORISATION"))
If auth = "" Then
      Response.Status = "401 Not Authorized"
      Response.AddHeader "WWW-Authenticate", "Basic realm=""localhost"""
      Response.End
End If

auth = Trim(Mid( auth,6))
auth = Decode(auth)
authSplit = SPLIT(auth,":")
username = authSplit(0)
password = authSplit(1)

Set Con = Server.CreateObject ("adodb.connection")
Con.Open "JobCard","admin","admin"

sqlString = "Select userID from tblUsers Where userID = '" & username & "' and Password = '" & password & "'"
Set rs = Con.Execute (sqlString)

      If rs.Eof Then
            Response.Status = "401 Not Authorized"
            Response.AddHeader "WWW-Authenticate", "Basic realm=""localhost"""
            Response.End
      End If
%>

<html>
<head><title>Welcome</title></head>
<body>
Welcome <%=username%>!
</body>
</html>


hafs.
0
Comment
Question by:ayha1999
  • 3
  • 3
7 Comments
 
LVL 75

Expert Comment

by:Anthony Perkins
ID: 12023278
You could start by spelling "HTTP_AUTHORIZATION" correctly.
0
 
LVL 7

Author Comment

by:ayha1999
ID: 12030170
@acperkins,

I have already tried "HTTP_AUTHORIZATION" but I the following error;

Error Type:
Microsoft VBScript runtime (0x800A0009)
Subscript out of range: '[number: 1]'
/authentication.asp, line 49

the following script is at line 49:
password = authSplit(1)

When I use "HTTP_AUTHORISATION" I get the password dialogue box but I am not able to login. After three attemps ( whether it is correct login info or not) the page display without its contents(<body>Welcome <%=username%>!</body>).

could u pls check it?

hafs.
0
 
LVL 11

Expert Comment

by:kelvinwkw
ID: 12041314
this mean somehting is wrong with the username and password after u decode it
the username and password before and after the encoding and decoding are not the same
double check the algorithm
0
Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

 
LVL 75

Accepted Solution

by:
Anthony Perkins earned 30 total points
ID: 12043606
And more explicitly it means there is no ":" in teh variable auth when you execute this line:
authSplit = SPLIT(auth,":")
0
 
LVL 7

Author Comment

by:ayha1999
ID: 12063135
Hi,

what are the problems with the algorithm and ":". Could u pls. explain and give the solution?

ayha1999
0
 
LVL 7

Author Comment

by:ayha1999
ID: 12188277
Hi,

could u answer for my last post?

ayha1999.
0
 
LVL 75

Expert Comment

by:Anthony Perkins
ID: 12190222
I am sorry I have no idea.
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I have helped a lot of people on EE with their coding sources and have enjoyed near about every minute of it. Sometimes it can get a little tedious but it is always a challenge and the one thing that I always say is:  The Exchange of information …
This demonstration started out as a follow up to some recently posted questions on the subject of logging in: http://www.experts-exchange.com/Programming/Languages/Scripting/JavaScript/Q_28634665.html and http://www.experts-exchange.com/Programming/…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
This tutorial gives a high-level tour of the interface of Marketo (a marketing automation tool to help businesses track and engage prospective customers and drive them to purchase). You will see the main areas including Marketing Activities, Design …

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now