Solved

simple asp (or aspx) password page

Posted on 2007-11-14
13
1,447 Views
Last Modified: 2009-07-29
I'm looking for a very simple asp (or perhaps aspx) password page with a redirect to the target page if the password input is correct. I'd be working with a url & query string like this:

http://www.domain.com/password.asp?target=http://www.domain.com:8080/dzkp-wzo/oror/library.dll?TN=Catalog&QF0=ID&QI0=17/10&BU=http%3A//www.domain.com%3A8080/here/simple-search.htm&MR=&RF=infot&RL=0&DF=FullCite%20Web&DL=0&NP=&XM=0&XE=0&AC=QBE_QUERY

Sorry about the target page, but that's what i gotta work with. All the password page would contain is a single field for the password input and a submit button (no user name). Ideally, a successful submit would set a cookie for the current browser session so that successive attempts to access the page would not require password input again. So I need a cookie check built in as well. Problem is: I don't know the last thing about coding in asp and my exposure to .net is very limited and long ago. Who can help?
0
Comment
Question by:GessWurker
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 3
  • 2
13 Comments
 
LVL 16

Expert Comment

by:anoyes
ID: 20286378
How will you be validating the password?  Are you willing to hard-code it in the ASP code, or will it be looked up in a database, etc.?  If you're fine with hard-coding it, this should do the trick for a simple page.  It's set up so that it's saved as password.asp:

<%@LANGUAGE="VBSCRIPT" CODEPAGE="65001"%>
<%
      If Request.Cookies("PasswordIsValidated") = "true" Then
            Response.Redirect(Request.QueryString("target"))
      End If
      
      If Request.QueryString("action")="login" Then
            dim pwd
            pwd = "1234"

            
            If pwd = Trim(Request.Form("txtPassword"))
                  Response.Cookies("PasswordIsValidated") = "true"
                  Response.Redirect(Request.QueryString("target"))
            Else
                  Response.Redirect("password.asp?result=loginfailed")
            End If
      End If
%>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Login</title>
</head>

<body>
    <form action="password.asp?action=login" method="post">
            <% If Request.QueryString("result")="loginfailed" Then %>
                <p>Login Failed - please check that you have entered the correct username and password</p>
            <% End If %>
            <h2>Login</h2>
            <p>Password: <input type="password" id="txtPassword" name="txtPassword" /></p>
            <p><input type="submit" id="btnLogin" name="btnLogin" value="Login" onclick="return ValidateLogin();" /></p>
    </form>
</body>
</html>


Let me know if you have questions / this doesn't work.
-Adam
0
 

Author Comment

by:GessWurker
ID: 20286642
I'll be hardcoding the password for the moment. Although it might be nice if it could reside in a text file somewhere. Anyway, I'll give your suggestion a shot tomorrow. Time to go to sleep now.
0
 

Author Comment

by:GessWurker
ID: 20289079
anoyes: The asp page doesn't like my target url. I guess we need to escape it? Here's a sample target page:

http://ww2.domain.com:8080/dbtw-wpd/exec/dbtwpub.dll?TN=Catalog&QF0=ID&QI0=17/10&BU=http%3A//ww2.domain.com%3A8080/AIMVA/simple-search.htm&MR=&RF=infocart&RL=0&DF=FullCite%20Web&DL=0&NP=&XM=0&XE=0&AC=QBE_QUERY

As usual, it's the ampersands that mess things up. After processing, I end up on this page:

http://ww2.timothyemerson.com:8080/dbtw-wpd/exec/dbtwpub.dll?TN=Catalog

Should we escape the target url?
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 16

Expert Comment

by:ThinkPaper
ID: 20290675
would server.urlencode work perhaps?
0
 

Author Comment

by:GessWurker
ID: 20290729
I think I might need to encode and decode, no? I tried just encode and it failed. Another option might be to temporarily replace the ampersands and then put them back. I need help with the syntax though.
0
 
LVL 16

Expert Comment

by:ThinkPaper
ID: 20291351
what errors do you get? can you show us a snippet of your code?
0
 

Author Comment

by:GessWurker
ID: 20291467
I tried changing line 15 to this:

            Response.Redirect(server.URLEncode(Request.QueryString("target")))

But then I ended up with a page not found error (after entering the password) because this page didn't exist:

http://ww2.domain.com:8080/aimva/http%253A%252F%252Fww2%252Edomain%252Ecom%253A8080%252Fdbtw%252Dwpd%252Fexec%252Fdbtwpub%252Edll%253FTN%253DCatalog

But even the string above has been truncated. Here (again) is the full url:
http://ww2.domain.com:8080/dbtw-wpd/exec/dbtwpub.dll?TN=Catalog&QF0=ID&QI0=56/1/4/50&BU=http%3A//ww2.domain.com%3A8080/AIMVA/simple-search.htm&MR=&RF=infocart&RL=0&DF=FullCite%20Web&DL=0&NP=&XM=0&XE=0&AC=QBE_QUERY

As soon as we get to the ampersand after Catalog, it's curtains!
0
 

Author Comment

by:GessWurker
ID: 20291520
Note: I'm passing the target url via javascript. I can replace ampersands before they're passed. But what's the syntax for replacing them in the asp page?
0
 

Author Comment

by:GessWurker
ID: 20291567
This almost works. I'm replacing all ampersands in the query string with gggAmPggg and then on the asp side I'm putting things back. Problem is: the first time I log in, I get an error saying there's no url in line 16 of the asp script. However, the cookie is set, so the next time I click the password link, I go all the way to the target page (so there IS a url in line 16).
      If Request.Cookies("PasswordIsValidated") = "true" Then
            Response.Redirect(Replace(Request.QueryString("target"),"gggAmPggg","&"))
      End If
     
      If Request.QueryString("action")="login" Then
            dim pwd
            pwd = "1234"

           
            If pwd = Trim(Request.Form("txtPassword")) Then
                  Response.Cookies("PasswordIsValidated") = "true"
                  Response.Redirect(Replace(Request.QueryString("target"),"gggAmPggg","&"))
            Else
                  Response.Redirect("password.asp?result=loginfailed")
            End If
      End If
0
 
LVL 16

Expert Comment

by:anoyes
ID: 20291595
How about URLEncoding using the javascript before you move on to the login page.  I believe you just have to put escape() around the string.
0
 

Author Comment

by:GessWurker
ID: 20291744
It's not the encoding or decoding. It seems that when I click the login button, the target url is wiped out. I debugged by replacing Response.Redirect(Replace(Request.QueryString("target"),"gggAmPggg","&"))with Response.Write.(Replace(Request.QueryString("target"),"gggAmPggg","&")). Once I arrived at the login page, I saw my target url and it was perfect. Once I clicked the login button, the target url disappeared. If we can get it to stick around, everything will work fine.
0
 
LVL 16

Accepted Solution

by:
anoyes earned 500 total points
ID: 20292139
Ah, ok.  Let's give this a try.  Where you have <form action=password.asp?action=login>, try changing it to password.asp?action=login&target=<%=Request.QueryString("target"))%>
0
 

Author Comment

by:GessWurker
ID: 20292647
anoyes: That did the trick! Thanks. Have some points!!
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Article by: DanRollins
This article describes a JavaScript program that creates a maze made of hexagonal cells.  In Part 2 (http://www.experts-exchange.com/Programming/Languages/Scripting/JavaScript/A_7850-Hex-Maze-Part-2.html), we'll extend the program by adding a depth-…
The task A number given should be formatted for easy reading by separating digits into triads. Format must be made inline via JavaScript, i.e., frameworks / functions are not welcome. So let’s take a number like this “12345678.91¿ and format i…
The viewer will learn the basics of jQuery, including how to invoke it on a web page. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery.: (CODE)
The viewer will learn the basics of jQuery including how to code hide show and toggles. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery…

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question