Solved

simple asp (or aspx) password page

Posted on 2007-11-14
13
1,452 Views
Last Modified: 2009-07-29
I'm looking for a very simple asp (or perhaps aspx) password page with a redirect to the target page if the password input is correct. I'd be working with a url & query string like this:

http://www.domain.com/password.asp?target=http://www.domain.com:8080/dzkp-wzo/oror/library.dll?TN=Catalog&QF0=ID&QI0=17/10&BU=http%3A//www.domain.com%3A8080/here/simple-search.htm&MR=&RF=infot&RL=0&DF=FullCite%20Web&DL=0&NP=&XM=0&XE=0&AC=QBE_QUERY

Sorry about the target page, but that's what i gotta work with. All the password page would contain is a single field for the password input and a submit button (no user name). Ideally, a successful submit would set a cookie for the current browser session so that successive attempts to access the page would not require password input again. So I need a cookie check built in as well. Problem is: I don't know the last thing about coding in asp and my exposure to .net is very limited and long ago. Who can help?
0
Comment
Question by:GessWurker
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 3
  • 2
13 Comments
 
LVL 16

Expert Comment

by:anoyes
ID: 20286378
How will you be validating the password?  Are you willing to hard-code it in the ASP code, or will it be looked up in a database, etc.?  If you're fine with hard-coding it, this should do the trick for a simple page.  It's set up so that it's saved as password.asp:

<%@LANGUAGE="VBSCRIPT" CODEPAGE="65001"%>
<%
      If Request.Cookies("PasswordIsValidated") = "true" Then
            Response.Redirect(Request.QueryString("target"))
      End If
      
      If Request.QueryString("action")="login" Then
            dim pwd
            pwd = "1234"

            
            If pwd = Trim(Request.Form("txtPassword"))
                  Response.Cookies("PasswordIsValidated") = "true"
                  Response.Redirect(Request.QueryString("target"))
            Else
                  Response.Redirect("password.asp?result=loginfailed")
            End If
      End If
%>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Login</title>
</head>

<body>
    <form action="password.asp?action=login" method="post">
            <% If Request.QueryString("result")="loginfailed" Then %>
                <p>Login Failed - please check that you have entered the correct username and password</p>
            <% End If %>
            <h2>Login</h2>
            <p>Password: <input type="password" id="txtPassword" name="txtPassword" /></p>
            <p><input type="submit" id="btnLogin" name="btnLogin" value="Login" onclick="return ValidateLogin();" /></p>
    </form>
</body>
</html>


Let me know if you have questions / this doesn't work.
-Adam
0
 

Author Comment

by:GessWurker
ID: 20286642
I'll be hardcoding the password for the moment. Although it might be nice if it could reside in a text file somewhere. Anyway, I'll give your suggestion a shot tomorrow. Time to go to sleep now.
0
 

Author Comment

by:GessWurker
ID: 20289079
anoyes: The asp page doesn't like my target url. I guess we need to escape it? Here's a sample target page:

http://ww2.domain.com:8080/dbtw-wpd/exec/dbtwpub.dll?TN=Catalog&QF0=ID&QI0=17/10&BU=http%3A//ww2.domain.com%3A8080/AIMVA/simple-search.htm&MR=&RF=infocart&RL=0&DF=FullCite%20Web&DL=0&NP=&XM=0&XE=0&AC=QBE_QUERY

As usual, it's the ampersands that mess things up. After processing, I end up on this page:

http://ww2.timothyemerson.com:8080/dbtw-wpd/exec/dbtwpub.dll?TN=Catalog

Should we escape the target url?
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 16

Expert Comment

by:ThinkPaper
ID: 20290675
would server.urlencode work perhaps?
0
 

Author Comment

by:GessWurker
ID: 20290729
I think I might need to encode and decode, no? I tried just encode and it failed. Another option might be to temporarily replace the ampersands and then put them back. I need help with the syntax though.
0
 
LVL 16

Expert Comment

by:ThinkPaper
ID: 20291351
what errors do you get? can you show us a snippet of your code?
0
 

Author Comment

by:GessWurker
ID: 20291467
I tried changing line 15 to this:

            Response.Redirect(server.URLEncode(Request.QueryString("target")))

But then I ended up with a page not found error (after entering the password) because this page didn't exist:

http://ww2.domain.com:8080/aimva/http%253A%252F%252Fww2%252Edomain%252Ecom%253A8080%252Fdbtw%252Dwpd%252Fexec%252Fdbtwpub%252Edll%253FTN%253DCatalog

But even the string above has been truncated. Here (again) is the full url:
http://ww2.domain.com:8080/dbtw-wpd/exec/dbtwpub.dll?TN=Catalog&QF0=ID&QI0=56/1/4/50&BU=http%3A//ww2.domain.com%3A8080/AIMVA/simple-search.htm&MR=&RF=infocart&RL=0&DF=FullCite%20Web&DL=0&NP=&XM=0&XE=0&AC=QBE_QUERY

As soon as we get to the ampersand after Catalog, it's curtains!
0
 

Author Comment

by:GessWurker
ID: 20291520
Note: I'm passing the target url via javascript. I can replace ampersands before they're passed. But what's the syntax for replacing them in the asp page?
0
 

Author Comment

by:GessWurker
ID: 20291567
This almost works. I'm replacing all ampersands in the query string with gggAmPggg and then on the asp side I'm putting things back. Problem is: the first time I log in, I get an error saying there's no url in line 16 of the asp script. However, the cookie is set, so the next time I click the password link, I go all the way to the target page (so there IS a url in line 16).
      If Request.Cookies("PasswordIsValidated") = "true" Then
            Response.Redirect(Replace(Request.QueryString("target"),"gggAmPggg","&"))
      End If
     
      If Request.QueryString("action")="login" Then
            dim pwd
            pwd = "1234"

           
            If pwd = Trim(Request.Form("txtPassword")) Then
                  Response.Cookies("PasswordIsValidated") = "true"
                  Response.Redirect(Replace(Request.QueryString("target"),"gggAmPggg","&"))
            Else
                  Response.Redirect("password.asp?result=loginfailed")
            End If
      End If
0
 
LVL 16

Expert Comment

by:anoyes
ID: 20291595
How about URLEncoding using the javascript before you move on to the login page.  I believe you just have to put escape() around the string.
0
 

Author Comment

by:GessWurker
ID: 20291744
It's not the encoding or decoding. It seems that when I click the login button, the target url is wiped out. I debugged by replacing Response.Redirect(Replace(Request.QueryString("target"),"gggAmPggg","&"))with Response.Write.(Replace(Request.QueryString("target"),"gggAmPggg","&")). Once I arrived at the login page, I saw my target url and it was perfect. Once I clicked the login button, the target url disappeared. If we can get it to stick around, everything will work fine.
0
 
LVL 16

Accepted Solution

by:
anoyes earned 500 total points
ID: 20292139
Ah, ok.  Let's give this a try.  Where you have <form action=password.asp?action=login>, try changing it to password.asp?action=login&target=<%=Request.QueryString("target"))%>
0
 

Author Comment

by:GessWurker
ID: 20292647
anoyes: That did the trick! Thanks. Have some points!!
0

Featured Post

What Is Transaction Monitoring and who needs it?

Synthetic Transaction Monitoring that you need for the day to day, which ensures your business website keeps running optimally, and that there is no downtime to impact your customer experience.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Just a quick little trick I learned recently.  Now that I'm using jQuery with abandon in my asp.net applications, I have grown tired of the following syntax:      (CODE) I suppose it just offends my sense of decency to put inline VBScript on a…
This article demonstrates how to create a simple responsive confirmation dialog with Ok and Cancel buttons using HTML, CSS, jQuery and Promises
The viewer will learn the basics of jQuery, including how to invoke it on a web page. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery.: (CODE)
The viewer will learn the basics of jQuery including how to code hide show and toggles. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question