Solved

simple asp (or aspx) password page

Posted on 2007-11-14
13
1,431 Views
Last Modified: 2009-07-29
I'm looking for a very simple asp (or perhaps aspx) password page with a redirect to the target page if the password input is correct. I'd be working with a url & query string like this:

http://www.domain.com/password.asp?target=http://www.domain.com:8080/dzkp-wzo/oror/library.dll?TN=Catalog&QF0=ID&QI0=17/10&BU=http%3A//www.domain.com%3A8080/here/simple-search.htm&MR=&RF=infot&RL=0&DF=FullCite%20Web&DL=0&NP=&XM=0&XE=0&AC=QBE_QUERY

Sorry about the target page, but that's what i gotta work with. All the password page would contain is a single field for the password input and a submit button (no user name). Ideally, a successful submit would set a cookie for the current browser session so that successive attempts to access the page would not require password input again. So I need a cookie check built in as well. Problem is: I don't know the last thing about coding in asp and my exposure to .net is very limited and long ago. Who can help?
0
Comment
Question by:GessWurker
  • 8
  • 3
  • 2
13 Comments
 
LVL 16

Expert Comment

by:anoyes
Comment Utility
How will you be validating the password?  Are you willing to hard-code it in the ASP code, or will it be looked up in a database, etc.?  If you're fine with hard-coding it, this should do the trick for a simple page.  It's set up so that it's saved as password.asp:

<%@LANGUAGE="VBSCRIPT" CODEPAGE="65001"%>
<%
      If Request.Cookies("PasswordIsValidated") = "true" Then
            Response.Redirect(Request.QueryString("target"))
      End If
      
      If Request.QueryString("action")="login" Then
            dim pwd
            pwd = "1234"

            
            If pwd = Trim(Request.Form("txtPassword"))
                  Response.Cookies("PasswordIsValidated") = "true"
                  Response.Redirect(Request.QueryString("target"))
            Else
                  Response.Redirect("password.asp?result=loginfailed")
            End If
      End If
%>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Login</title>
</head>

<body>
    <form action="password.asp?action=login" method="post">
            <% If Request.QueryString("result")="loginfailed" Then %>
                <p>Login Failed - please check that you have entered the correct username and password</p>
            <% End If %>
            <h2>Login</h2>
            <p>Password: <input type="password" id="txtPassword" name="txtPassword" /></p>
            <p><input type="submit" id="btnLogin" name="btnLogin" value="Login" onclick="return ValidateLogin();" /></p>
    </form>
</body>
</html>


Let me know if you have questions / this doesn't work.
-Adam
0
 

Author Comment

by:GessWurker
Comment Utility
I'll be hardcoding the password for the moment. Although it might be nice if it could reside in a text file somewhere. Anyway, I'll give your suggestion a shot tomorrow. Time to go to sleep now.
0
 

Author Comment

by:GessWurker
Comment Utility
anoyes: The asp page doesn't like my target url. I guess we need to escape it? Here's a sample target page:

http://ww2.domain.com:8080/dbtw-wpd/exec/dbtwpub.dll?TN=Catalog&QF0=ID&QI0=17/10&BU=http%3A//ww2.domain.com%3A8080/AIMVA/simple-search.htm&MR=&RF=infocart&RL=0&DF=FullCite%20Web&DL=0&NP=&XM=0&XE=0&AC=QBE_QUERY

As usual, it's the ampersands that mess things up. After processing, I end up on this page:

http://ww2.timothyemerson.com:8080/dbtw-wpd/exec/dbtwpub.dll?TN=Catalog

Should we escape the target url?
0
 
LVL 16

Expert Comment

by:ThinkPaper
Comment Utility
would server.urlencode work perhaps?
0
 

Author Comment

by:GessWurker
Comment Utility
I think I might need to encode and decode, no? I tried just encode and it failed. Another option might be to temporarily replace the ampersands and then put them back. I need help with the syntax though.
0
 
LVL 16

Expert Comment

by:ThinkPaper
Comment Utility
what errors do you get? can you show us a snippet of your code?
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:GessWurker
Comment Utility
I tried changing line 15 to this:

            Response.Redirect(server.URLEncode(Request.QueryString("target")))

But then I ended up with a page not found error (after entering the password) because this page didn't exist:

http://ww2.domain.com:8080/aimva/http%253A%252F%252Fww2%252Edomain%252Ecom%253A8080%252Fdbtw%252Dwpd%252Fexec%252Fdbtwpub%252Edll%253FTN%253DCatalog

But even the string above has been truncated. Here (again) is the full url:
http://ww2.domain.com:8080/dbtw-wpd/exec/dbtwpub.dll?TN=Catalog&QF0=ID&QI0=56/1/4/50&BU=http%3A//ww2.domain.com%3A8080/AIMVA/simple-search.htm&MR=&RF=infocart&RL=0&DF=FullCite%20Web&DL=0&NP=&XM=0&XE=0&AC=QBE_QUERY

As soon as we get to the ampersand after Catalog, it's curtains!
0
 

Author Comment

by:GessWurker
Comment Utility
Note: I'm passing the target url via javascript. I can replace ampersands before they're passed. But what's the syntax for replacing them in the asp page?
0
 

Author Comment

by:GessWurker
Comment Utility
This almost works. I'm replacing all ampersands in the query string with gggAmPggg and then on the asp side I'm putting things back. Problem is: the first time I log in, I get an error saying there's no url in line 16 of the asp script. However, the cookie is set, so the next time I click the password link, I go all the way to the target page (so there IS a url in line 16).
      If Request.Cookies("PasswordIsValidated") = "true" Then
            Response.Redirect(Replace(Request.QueryString("target"),"gggAmPggg","&"))
      End If
     
      If Request.QueryString("action")="login" Then
            dim pwd
            pwd = "1234"

           
            If pwd = Trim(Request.Form("txtPassword")) Then
                  Response.Cookies("PasswordIsValidated") = "true"
                  Response.Redirect(Replace(Request.QueryString("target"),"gggAmPggg","&"))
            Else
                  Response.Redirect("password.asp?result=loginfailed")
            End If
      End If
0
 
LVL 16

Expert Comment

by:anoyes
Comment Utility
How about URLEncoding using the javascript before you move on to the login page.  I believe you just have to put escape() around the string.
0
 

Author Comment

by:GessWurker
Comment Utility
It's not the encoding or decoding. It seems that when I click the login button, the target url is wiped out. I debugged by replacing Response.Redirect(Replace(Request.QueryString("target"),"gggAmPggg","&"))with Response.Write.(Replace(Request.QueryString("target"),"gggAmPggg","&")). Once I arrived at the login page, I saw my target url and it was perfect. Once I clicked the login button, the target url disappeared. If we can get it to stick around, everything will work fine.
0
 
LVL 16

Accepted Solution

by:
anoyes earned 500 total points
Comment Utility
Ah, ok.  Let's give this a try.  Where you have <form action=password.asp?action=login>, try changing it to password.asp?action=login&target=<%=Request.QueryString("target"))%>
0
 

Author Comment

by:GessWurker
Comment Utility
anoyes: That did the trick! Thanks. Have some points!!
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Problem Hi all,    While many today have fast Internet connection, there are many still who do not, or are connecting through devices with a slower connect, so light web pages and fast load times are still popular.    If your ASP.NET page …
It was really hard time for me to get the understanding of Delegates in C#. I went through many websites and articles but I found them very clumsy. After going through those sites, I noted down the points in a easy way so here I am sharing that unde…
The viewer will learn the basics of jQuery, including how to invoke it on a web page. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery.: (CODE)
The viewer will learn the basics of jQuery including how to code hide show and toggles. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now