Solved

simple asp (or aspx) password page

Posted on 2007-11-14
13
1,446 Views
Last Modified: 2009-07-29
I'm looking for a very simple asp (or perhaps aspx) password page with a redirect to the target page if the password input is correct. I'd be working with a url & query string like this:

http://www.domain.com/password.asp?target=http://www.domain.com:8080/dzkp-wzo/oror/library.dll?TN=Catalog&QF0=ID&QI0=17/10&BU=http%3A//www.domain.com%3A8080/here/simple-search.htm&MR=&RF=infot&RL=0&DF=FullCite%20Web&DL=0&NP=&XM=0&XE=0&AC=QBE_QUERY

Sorry about the target page, but that's what i gotta work with. All the password page would contain is a single field for the password input and a submit button (no user name). Ideally, a successful submit would set a cookie for the current browser session so that successive attempts to access the page would not require password input again. So I need a cookie check built in as well. Problem is: I don't know the last thing about coding in asp and my exposure to .net is very limited and long ago. Who can help?
0
Comment
Question by:GessWurker
  • 8
  • 3
  • 2
13 Comments
 
LVL 16

Expert Comment

by:anoyes
ID: 20286378
How will you be validating the password?  Are you willing to hard-code it in the ASP code, or will it be looked up in a database, etc.?  If you're fine with hard-coding it, this should do the trick for a simple page.  It's set up so that it's saved as password.asp:

<%@LANGUAGE="VBSCRIPT" CODEPAGE="65001"%>
<%
      If Request.Cookies("PasswordIsValidated") = "true" Then
            Response.Redirect(Request.QueryString("target"))
      End If
      
      If Request.QueryString("action")="login" Then
            dim pwd
            pwd = "1234"

            
            If pwd = Trim(Request.Form("txtPassword"))
                  Response.Cookies("PasswordIsValidated") = "true"
                  Response.Redirect(Request.QueryString("target"))
            Else
                  Response.Redirect("password.asp?result=loginfailed")
            End If
      End If
%>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Login</title>
</head>

<body>
    <form action="password.asp?action=login" method="post">
            <% If Request.QueryString("result")="loginfailed" Then %>
                <p>Login Failed - please check that you have entered the correct username and password</p>
            <% End If %>
            <h2>Login</h2>
            <p>Password: <input type="password" id="txtPassword" name="txtPassword" /></p>
            <p><input type="submit" id="btnLogin" name="btnLogin" value="Login" onclick="return ValidateLogin();" /></p>
    </form>
</body>
</html>


Let me know if you have questions / this doesn't work.
-Adam
0
 

Author Comment

by:GessWurker
ID: 20286642
I'll be hardcoding the password for the moment. Although it might be nice if it could reside in a text file somewhere. Anyway, I'll give your suggestion a shot tomorrow. Time to go to sleep now.
0
 

Author Comment

by:GessWurker
ID: 20289079
anoyes: The asp page doesn't like my target url. I guess we need to escape it? Here's a sample target page:

http://ww2.domain.com:8080/dbtw-wpd/exec/dbtwpub.dll?TN=Catalog&QF0=ID&QI0=17/10&BU=http%3A//ww2.domain.com%3A8080/AIMVA/simple-search.htm&MR=&RF=infocart&RL=0&DF=FullCite%20Web&DL=0&NP=&XM=0&XE=0&AC=QBE_QUERY

As usual, it's the ampersands that mess things up. After processing, I end up on this page:

http://ww2.timothyemerson.com:8080/dbtw-wpd/exec/dbtwpub.dll?TN=Catalog

Should we escape the target url?
0
Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

 
LVL 16

Expert Comment

by:ThinkPaper
ID: 20290675
would server.urlencode work perhaps?
0
 

Author Comment

by:GessWurker
ID: 20290729
I think I might need to encode and decode, no? I tried just encode and it failed. Another option might be to temporarily replace the ampersands and then put them back. I need help with the syntax though.
0
 
LVL 16

Expert Comment

by:ThinkPaper
ID: 20291351
what errors do you get? can you show us a snippet of your code?
0
 

Author Comment

by:GessWurker
ID: 20291467
I tried changing line 15 to this:

            Response.Redirect(server.URLEncode(Request.QueryString("target")))

But then I ended up with a page not found error (after entering the password) because this page didn't exist:

http://ww2.domain.com:8080/aimva/http%253A%252F%252Fww2%252Edomain%252Ecom%253A8080%252Fdbtw%252Dwpd%252Fexec%252Fdbtwpub%252Edll%253FTN%253DCatalog

But even the string above has been truncated. Here (again) is the full url:
http://ww2.domain.com:8080/dbtw-wpd/exec/dbtwpub.dll?TN=Catalog&QF0=ID&QI0=56/1/4/50&BU=http%3A//ww2.domain.com%3A8080/AIMVA/simple-search.htm&MR=&RF=infocart&RL=0&DF=FullCite%20Web&DL=0&NP=&XM=0&XE=0&AC=QBE_QUERY

As soon as we get to the ampersand after Catalog, it's curtains!
0
 

Author Comment

by:GessWurker
ID: 20291520
Note: I'm passing the target url via javascript. I can replace ampersands before they're passed. But what's the syntax for replacing them in the asp page?
0
 

Author Comment

by:GessWurker
ID: 20291567
This almost works. I'm replacing all ampersands in the query string with gggAmPggg and then on the asp side I'm putting things back. Problem is: the first time I log in, I get an error saying there's no url in line 16 of the asp script. However, the cookie is set, so the next time I click the password link, I go all the way to the target page (so there IS a url in line 16).
      If Request.Cookies("PasswordIsValidated") = "true" Then
            Response.Redirect(Replace(Request.QueryString("target"),"gggAmPggg","&"))
      End If
     
      If Request.QueryString("action")="login" Then
            dim pwd
            pwd = "1234"

           
            If pwd = Trim(Request.Form("txtPassword")) Then
                  Response.Cookies("PasswordIsValidated") = "true"
                  Response.Redirect(Replace(Request.QueryString("target"),"gggAmPggg","&"))
            Else
                  Response.Redirect("password.asp?result=loginfailed")
            End If
      End If
0
 
LVL 16

Expert Comment

by:anoyes
ID: 20291595
How about URLEncoding using the javascript before you move on to the login page.  I believe you just have to put escape() around the string.
0
 

Author Comment

by:GessWurker
ID: 20291744
It's not the encoding or decoding. It seems that when I click the login button, the target url is wiped out. I debugged by replacing Response.Redirect(Replace(Request.QueryString("target"),"gggAmPggg","&"))with Response.Write.(Replace(Request.QueryString("target"),"gggAmPggg","&")). Once I arrived at the login page, I saw my target url and it was perfect. Once I clicked the login button, the target url disappeared. If we can get it to stick around, everything will work fine.
0
 
LVL 16

Accepted Solution

by:
anoyes earned 500 total points
ID: 20292139
Ah, ok.  Let's give this a try.  Where you have <form action=password.asp?action=login>, try changing it to password.asp?action=login&target=<%=Request.QueryString("target"))%>
0
 

Author Comment

by:GessWurker
ID: 20292647
anoyes: That did the trick! Thanks. Have some points!!
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The task A number given should be formatted for easy reading by separating digits into triads. Format must be made inline via JavaScript, i.e., frameworks / functions are not welcome. So let’s take a number like this “12345678.91¿ and format i…
The article shows the basic steps of integrating an HTML theme template into an ASP.NET MVC project
The viewer will learn the basics of jQuery, including how to invoke it on a web page. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery.: (CODE)
The viewer will learn the basics of jQuery including how to code hide show and toggles. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question