Solved

hybrid authentication (base 64)

Posted on 2004-09-08
7
393 Views
Last Modified: 2012-08-14
Hi,

Im using the script below for hybrid authentication with classic asp and access2000 but I am not able to login even if I provide valid login information. Could anyone help me to find out what's wrong with the script?

<%
SET UUEncode = server.CreateObject ("Scripting.Dictionary")
For i=0 to 63
      Select Case i
            Case 0 offset = 65
            Case 26 offset = 71
            Case 52 offset = -4
      End Select
      UUEncode (CHR( i + offest )) = i
Next

Function Decode (theString)
      For byteGroup = 1 to Len(theString) Step 4
            numBytes = 3
            groupBytes = 0
            For CharCounter = 0 to 3
                  thisChar = Mid(theString, byteGroup + CharCounter, 1)
                  If thisChar = "=" Then
                        numBytes = numBytes - 1
                        thisByte = 0
                  Else
                        thisByte = UUEncode(thisChar)
                  End If
                  groupBytes = 64 * groupBytes + thisByte
            Next
            
            For k = 1 to numBytes
                  Select Case k
                        Case 1: thisChar = groupBytes \ 65536
                        Case 2: thisChar = (groupBytes And 65535) \ 256
                        Case 3: thisChar = (groupBytes And 255)
                  End Select
                  Decode = Decode & Chr (thisChar)
            Next
      Next
End Function

auth = Trim(Request.ServerVariables("HTTP_AUTHORISATION"))
If auth = "" Then
      Response.Status = "401 Not Authorized"
      Response.AddHeader "WWW-Authenticate", "Basic realm=""localhost"""
      Response.End
End If

auth = Trim(Mid( auth,6))
auth = Decode(auth)
authSplit = SPLIT(auth,":")
username = authSplit(0)
password = authSplit(1)

Set Con = Server.CreateObject ("adodb.connection")
Con.Open "JobCard","admin","admin"

sqlString = "Select userID from tblUsers Where userID = '" & username & "' and Password = '" & password & "'"
Set rs = Con.Execute (sqlString)

      If rs.Eof Then
            Response.Status = "401 Not Authorized"
            Response.AddHeader "WWW-Authenticate", "Basic realm=""localhost"""
            Response.End
      End If
%>

<html>
<head><title>Welcome</title></head>
<body>
Welcome <%=username%>!
</body>
</html>


hafs.
0
Comment
Question by:ayha1999
  • 3
  • 3
7 Comments
 
LVL 75

Expert Comment

by:Anthony Perkins
ID: 12023278
You could start by spelling "HTTP_AUTHORIZATION" correctly.
0
 
LVL 7

Author Comment

by:ayha1999
ID: 12030170
@acperkins,

I have already tried "HTTP_AUTHORIZATION" but I the following error;

Error Type:
Microsoft VBScript runtime (0x800A0009)
Subscript out of range: '[number: 1]'
/authentication.asp, line 49

the following script is at line 49:
password = authSplit(1)

When I use "HTTP_AUTHORISATION" I get the password dialogue box but I am not able to login. After three attemps ( whether it is correct login info or not) the page display without its contents(<body>Welcome <%=username%>!</body>).

could u pls check it?

hafs.
0
 
LVL 11

Expert Comment

by:kelvinwkw
ID: 12041314
this mean somehting is wrong with the username and password after u decode it
the username and password before and after the encoding and decoding are not the same
double check the algorithm
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 75

Accepted Solution

by:
Anthony Perkins earned 30 total points
ID: 12043606
And more explicitly it means there is no ":" in teh variable auth when you execute this line:
authSplit = SPLIT(auth,":")
0
 
LVL 7

Author Comment

by:ayha1999
ID: 12063135
Hi,

what are the problems with the algorithm and ":". Could u pls. explain and give the solution?

ayha1999
0
 
LVL 7

Author Comment

by:ayha1999
ID: 12188277
Hi,

could u answer for my last post?

ayha1999.
0
 
LVL 75

Expert Comment

by:Anthony Perkins
ID: 12190222
I am sorry I have no idea.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
how to maintain the user-usage-log in database for restrict the user --- 2 45
classic asp checkbox uncheck and check 2 58
JSON error 4 54
Choose the older file FSO 6 43
I would like to start this tip/trick by saying Thank You, to all who said that this could not be done, as it forced me to make sure that it could be accomplished. :) To start, I want to make sure everyone understands the importance of utilizing p…
I was asked about the differences between classic ASP and ASP.NET, so let me put them down here, for reference: Let's make the introductions... Classic ASP was launched by Microsoft in 1998 and dynamically generate web pages upon user interact…
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now