Solved

simple asp (or aspx) password page

Posted on 2007-11-14
13
1,440 Views
Last Modified: 2009-07-29
I'm looking for a very simple asp (or perhaps aspx) password page with a redirect to the target page if the password input is correct. I'd be working with a url & query string like this:

http://www.domain.com/password.asp?target=http://www.domain.com:8080/dzkp-wzo/oror/library.dll?TN=Catalog&QF0=ID&QI0=17/10&BU=http%3A//www.domain.com%3A8080/here/simple-search.htm&MR=&RF=infot&RL=0&DF=FullCite%20Web&DL=0&NP=&XM=0&XE=0&AC=QBE_QUERY

Sorry about the target page, but that's what i gotta work with. All the password page would contain is a single field for the password input and a submit button (no user name). Ideally, a successful submit would set a cookie for the current browser session so that successive attempts to access the page would not require password input again. So I need a cookie check built in as well. Problem is: I don't know the last thing about coding in asp and my exposure to .net is very limited and long ago. Who can help?
0
Comment
Question by:GessWurker
  • 8
  • 3
  • 2
13 Comments
 
LVL 16

Expert Comment

by:anoyes
ID: 20286378
How will you be validating the password?  Are you willing to hard-code it in the ASP code, or will it be looked up in a database, etc.?  If you're fine with hard-coding it, this should do the trick for a simple page.  It's set up so that it's saved as password.asp:

<%@LANGUAGE="VBSCRIPT" CODEPAGE="65001"%>
<%
      If Request.Cookies("PasswordIsValidated") = "true" Then
            Response.Redirect(Request.QueryString("target"))
      End If
      
      If Request.QueryString("action")="login" Then
            dim pwd
            pwd = "1234"

            
            If pwd = Trim(Request.Form("txtPassword"))
                  Response.Cookies("PasswordIsValidated") = "true"
                  Response.Redirect(Request.QueryString("target"))
            Else
                  Response.Redirect("password.asp?result=loginfailed")
            End If
      End If
%>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Login</title>
</head>

<body>
    <form action="password.asp?action=login" method="post">
            <% If Request.QueryString("result")="loginfailed" Then %>
                <p>Login Failed - please check that you have entered the correct username and password</p>
            <% End If %>
            <h2>Login</h2>
            <p>Password: <input type="password" id="txtPassword" name="txtPassword" /></p>
            <p><input type="submit" id="btnLogin" name="btnLogin" value="Login" onclick="return ValidateLogin();" /></p>
    </form>
</body>
</html>


Let me know if you have questions / this doesn't work.
-Adam
0
 

Author Comment

by:GessWurker
ID: 20286642
I'll be hardcoding the password for the moment. Although it might be nice if it could reside in a text file somewhere. Anyway, I'll give your suggestion a shot tomorrow. Time to go to sleep now.
0
 

Author Comment

by:GessWurker
ID: 20289079
anoyes: The asp page doesn't like my target url. I guess we need to escape it? Here's a sample target page:

http://ww2.domain.com:8080/dbtw-wpd/exec/dbtwpub.dll?TN=Catalog&QF0=ID&QI0=17/10&BU=http%3A//ww2.domain.com%3A8080/AIMVA/simple-search.htm&MR=&RF=infocart&RL=0&DF=FullCite%20Web&DL=0&NP=&XM=0&XE=0&AC=QBE_QUERY

As usual, it's the ampersands that mess things up. After processing, I end up on this page:

http://ww2.timothyemerson.com:8080/dbtw-wpd/exec/dbtwpub.dll?TN=Catalog

Should we escape the target url?
0
3 Use Cases for Connected Systems

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, testing some more, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us.

 
LVL 16

Expert Comment

by:ThinkPaper
ID: 20290675
would server.urlencode work perhaps?
0
 

Author Comment

by:GessWurker
ID: 20290729
I think I might need to encode and decode, no? I tried just encode and it failed. Another option might be to temporarily replace the ampersands and then put them back. I need help with the syntax though.
0
 
LVL 16

Expert Comment

by:ThinkPaper
ID: 20291351
what errors do you get? can you show us a snippet of your code?
0
 

Author Comment

by:GessWurker
ID: 20291467
I tried changing line 15 to this:

            Response.Redirect(server.URLEncode(Request.QueryString("target")))

But then I ended up with a page not found error (after entering the password) because this page didn't exist:

http://ww2.domain.com:8080/aimva/http%253A%252F%252Fww2%252Edomain%252Ecom%253A8080%252Fdbtw%252Dwpd%252Fexec%252Fdbtwpub%252Edll%253FTN%253DCatalog

But even the string above has been truncated. Here (again) is the full url:
http://ww2.domain.com:8080/dbtw-wpd/exec/dbtwpub.dll?TN=Catalog&QF0=ID&QI0=56/1/4/50&BU=http%3A//ww2.domain.com%3A8080/AIMVA/simple-search.htm&MR=&RF=infocart&RL=0&DF=FullCite%20Web&DL=0&NP=&XM=0&XE=0&AC=QBE_QUERY

As soon as we get to the ampersand after Catalog, it's curtains!
0
 

Author Comment

by:GessWurker
ID: 20291520
Note: I'm passing the target url via javascript. I can replace ampersands before they're passed. But what's the syntax for replacing them in the asp page?
0
 

Author Comment

by:GessWurker
ID: 20291567
This almost works. I'm replacing all ampersands in the query string with gggAmPggg and then on the asp side I'm putting things back. Problem is: the first time I log in, I get an error saying there's no url in line 16 of the asp script. However, the cookie is set, so the next time I click the password link, I go all the way to the target page (so there IS a url in line 16).
      If Request.Cookies("PasswordIsValidated") = "true" Then
            Response.Redirect(Replace(Request.QueryString("target"),"gggAmPggg","&"))
      End If
     
      If Request.QueryString("action")="login" Then
            dim pwd
            pwd = "1234"

           
            If pwd = Trim(Request.Form("txtPassword")) Then
                  Response.Cookies("PasswordIsValidated") = "true"
                  Response.Redirect(Replace(Request.QueryString("target"),"gggAmPggg","&"))
            Else
                  Response.Redirect("password.asp?result=loginfailed")
            End If
      End If
0
 
LVL 16

Expert Comment

by:anoyes
ID: 20291595
How about URLEncoding using the javascript before you move on to the login page.  I believe you just have to put escape() around the string.
0
 

Author Comment

by:GessWurker
ID: 20291744
It's not the encoding or decoding. It seems that when I click the login button, the target url is wiped out. I debugged by replacing Response.Redirect(Replace(Request.QueryString("target"),"gggAmPggg","&"))with Response.Write.(Replace(Request.QueryString("target"),"gggAmPggg","&")). Once I arrived at the login page, I saw my target url and it was perfect. Once I clicked the login button, the target url disappeared. If we can get it to stick around, everything will work fine.
0
 
LVL 16

Accepted Solution

by:
anoyes earned 500 total points
ID: 20292139
Ah, ok.  Let's give this a try.  Where you have <form action=password.asp?action=login>, try changing it to password.asp?action=login&target=<%=Request.QueryString("target"))%>
0
 

Author Comment

by:GessWurker
ID: 20292647
anoyes: That did the trick! Thanks. Have some points!!
0

Featured Post

ScreenConnect 6.0 Free Trial

At ScreenConnect, partner feedback doesn't fall on deaf ears. We collected partner suggestions off of their virtual wish list and transformed them into one game-changing release: ScreenConnect 6.0. Explore all of the extras and enhancements for yourself!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Web site error 3 41
HTML5 frame 5 25
How to show span when clicked on? 10 22
Remove the hyphen(-) and filesize from the document list and open in a new window? 5 30
This demonstration started out as a follow up to some recently posted questions on the subject of logging in: http://www.experts-exchange.com/Programming/Languages/Scripting/JavaScript/Q_28634665.html and http://www.experts-exchange.com/Programming/…
Boost your ability to deliver ambitious and competitive web apps by choosing the right JavaScript framework to best suit your project’s needs.
The viewer will learn the basics of jQuery, including how to invoke it on a web page. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery.: (CODE)
The viewer will learn the basics of jQuery including how to code hide show and toggles. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question