?
Solved

hybrid authentication (base 64)

Posted on 2004-09-08
7
Medium Priority
?
423 Views
Last Modified: 2012-08-14
Hi,

Im using the script below for hybrid authentication with classic asp and access2000 but I am not able to login even if I provide valid login information. Could anyone help me to find out what's wrong with the script?

<%
SET UUEncode = server.CreateObject ("Scripting.Dictionary")
For i=0 to 63
      Select Case i
            Case 0 offset = 65
            Case 26 offset = 71
            Case 52 offset = -4
      End Select
      UUEncode (CHR( i + offest )) = i
Next

Function Decode (theString)
      For byteGroup = 1 to Len(theString) Step 4
            numBytes = 3
            groupBytes = 0
            For CharCounter = 0 to 3
                  thisChar = Mid(theString, byteGroup + CharCounter, 1)
                  If thisChar = "=" Then
                        numBytes = numBytes - 1
                        thisByte = 0
                  Else
                        thisByte = UUEncode(thisChar)
                  End If
                  groupBytes = 64 * groupBytes + thisByte
            Next
            
            For k = 1 to numBytes
                  Select Case k
                        Case 1: thisChar = groupBytes \ 65536
                        Case 2: thisChar = (groupBytes And 65535) \ 256
                        Case 3: thisChar = (groupBytes And 255)
                  End Select
                  Decode = Decode & Chr (thisChar)
            Next
      Next
End Function

auth = Trim(Request.ServerVariables("HTTP_AUTHORISATION"))
If auth = "" Then
      Response.Status = "401 Not Authorized"
      Response.AddHeader "WWW-Authenticate", "Basic realm=""localhost"""
      Response.End
End If

auth = Trim(Mid( auth,6))
auth = Decode(auth)
authSplit = SPLIT(auth,":")
username = authSplit(0)
password = authSplit(1)

Set Con = Server.CreateObject ("adodb.connection")
Con.Open "JobCard","admin","admin"

sqlString = "Select userID from tblUsers Where userID = '" & username & "' and Password = '" & password & "'"
Set rs = Con.Execute (sqlString)

      If rs.Eof Then
            Response.Status = "401 Not Authorized"
            Response.AddHeader "WWW-Authenticate", "Basic realm=""localhost"""
            Response.End
      End If
%>

<html>
<head><title>Welcome</title></head>
<body>
Welcome <%=username%>!
</body>
</html>


hafs.
0
Comment
Question by:ayha1999
  • 3
  • 3
7 Comments
 
LVL 75

Expert Comment

by:Anthony Perkins
ID: 12023278
You could start by spelling "HTTP_AUTHORIZATION" correctly.
0
 
LVL 7

Author Comment

by:ayha1999
ID: 12030170
@acperkins,

I have already tried "HTTP_AUTHORIZATION" but I the following error;

Error Type:
Microsoft VBScript runtime (0x800A0009)
Subscript out of range: '[number: 1]'
/authentication.asp, line 49

the following script is at line 49:
password = authSplit(1)

When I use "HTTP_AUTHORISATION" I get the password dialogue box but I am not able to login. After three attemps ( whether it is correct login info or not) the page display without its contents(<body>Welcome <%=username%>!</body>).

could u pls check it?

hafs.
0
 
LVL 11

Expert Comment

by:kelvinwkw
ID: 12041314
this mean somehting is wrong with the username and password after u decode it
the username and password before and after the encoding and decoding are not the same
double check the algorithm
0
What Kind of Coding Program is Right for You?

There are many ways to learn to code these days. From coding bootcamps like Flatiron School to online courses to totally free beginner resources. The best way to learn to code depends on many factors, but the most important one is you. See what course is best for you.

 
LVL 75

Accepted Solution

by:
Anthony Perkins earned 120 total points
ID: 12043606
And more explicitly it means there is no ":" in teh variable auth when you execute this line:
authSplit = SPLIT(auth,":")
0
 
LVL 7

Author Comment

by:ayha1999
ID: 12063135
Hi,

what are the problems with the algorithm and ":". Could u pls. explain and give the solution?

ayha1999
0
 
LVL 7

Author Comment

by:ayha1999
ID: 12188277
Hi,

could u answer for my last post?

ayha1999.
0
 
LVL 75

Expert Comment

by:Anthony Perkins
ID: 12190222
I am sorry I have no idea.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

I would like to start this tip/trick by saying Thank You, to all who said that this could not be done, as it forced me to make sure that it could be accomplished. :) To start, I want to make sure everyone understands the importance of utilizing p…
Have you ever needed to get an ASP script to wait for a while? I have, just to let something else happen. Or in my case, to allow other stuff to happen while I was murdering my MySQL database with an update. The Original Issue This was written…
Free Data Recovery software is an advanced solution from Kernel Tools to recover data and files such as documents, emails, database, media and pictures, etc. It supports recovery from physical & logical drive after a hard disk crash, accidental/inte…
Watch the video to know the simple way to remove or recover or reset lost or forgotten passwords of Outlook PST file. With Kernel Outlook Password Recovery tool such operation is very easy to perform. It is a freeware with limitation to use with 500…

569 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question