Solved

Classic ASP authentication issue

Posted on 2009-03-31
17
977 Views
Last Modified: 2012-06-27
I have a classic ASP page which calls another asp page within it.
But for whatever reason, it just keeps asking for the Userid/password credentials, and keeps looping


Main ASP page has the following code
 

<form name="Main" action="adjustment.asp" method="post">
 

Then in a vbscript function I have 

Main.action = "adjustmentprocess.asp"

Main.submit()
 

I expect the adjustmentprocess.asp page to be invoked but it throws the windows login credentials dialog box, to enter userid/password.
 

This works fine in uat env, but does not in production

Any suggestions?

Open in new window

0
Comment
Question by:countrymeister
  • 9
  • 8
17 Comments
 
LVL 30

Expert Comment

by:Wayne Barron
Comment Utility
May I suggest a better authentication system then what you are using?
Please have a look here, it is using Cookies.
======Taken from another post that I have it on=======
http://ee.cffcs.com/Q_24252782/login.asp
username:  logincookie
password: 12345678
(Type in a bad username (or) password and it will let you know that it is bad)
Code
http://ee.cffcs.com/Q_24252782/Q_24252782.zip

This is pretty simple to understand and use.
The
IsLoggedIn.asp
This is the key, this needs to be placed in the header of all pages that you want to protect.
Use this in place of long codes    <%= strUserName %>
If you are doing a SELECT Statement or other type.
Something like this will do.

<!--#include file="IsLoggedIn.asp"-->
sql = "SELECT UserName FROM Users WHERE UserName = " & strUserName & ""

Now, you will have to make sure that the file IsLoggedIn.asp is always in the header of the
Page where you are going to use the    strUserName at.

The cookie properties can be found in   login_validate.asp
Here you can set the cookie Expire date to as long or short of a time frame that you with.
Right now it is set at a default of 30-days.
you can set it to 1 year if you desire      Expires = Now() + 365
That will give you the 1 year, but in my opinion, that is just a bit to much.
About like EE here has theres set to log me out when I turn 106yrs old... ouch...

If you have any questions, please ask away.
Good Luck and enjoy.
Carrzkiss
0
 
LVL 1

Author Comment

by:countrymeister
Comment Utility
Carrzkiss

I am typing in a valid userid/password, and thats how I get into the Main asp page - adjustment.asp, but when I try to submit some changes, it gives me the windows dialog again, instead of passing control to the adjutmentprocess.asp page.

What bothers me is this works in one env, but not in another.
Are you stating that the credentials are lost.
0
 
LVL 30

Expert Comment

by:Wayne Barron
Comment Utility
It sounds like you are sending to the same page.
You type in your information and you are sent here :  adjustment.asp
 What is this: --> adjustmentprocess.asp
What is on that page, are you sure that it is not rerouting you back to the login page?
Also.
If using Sessions, are you sure that the session is working properly?

It is really hard to tell without actually seeing it in action, and see the loop happening.
I know that I had the same thing happen, and the <body onLoad> was resending the information
Before it dawned on me that the onLoad needed to be put in another page, and not the one that I was submitting....

Let me know?
Carrzkiss
0
 
LVL 1

Author Comment

by:countrymeister
Comment Utility
I have pasted the vbscript code that calls adjustmentprocess.asp and the relevant code of the adjustment.asp page

The adjustment.asp has a submit button which when clicked invokes the vbscript sub routine subForm

The adjustmentprocess is another asp page, which has the following, it has a button Goback, which should take it back to the adjustment.asp page

<form action="adjustment.asp" method="post">
<input type="submit" value="Go Back">
<input type="hidden" name="Area" value="<%=tradingArea%>">
<input type="hidden" name="adjustmentDate" value="<%=adjustmentDate%>">
</form>
<Script Language="vbscript">

'************************************************

'* submitForm

'*

'* called when user selects the process button

'* it checks that all the necessary data entry has

'* been completed.

'***********************************************

sub submitForm()

dim intLoop

dim bComplete

Dim bHasGoodOne

Dim bInvalidAcct

Const accountPrefix = "<%=AREA%>"

Dim value
 
 

  intLoop= 0

  bComplete = True

  bHasGoodOne = False

  bInvalidAcct = False
 

	For intLoop = 0 to Document.Main.Elements.Length - 1

		If Left(Document.Main.Elements(intLoop).Name, Len(accountPrefix)) = accountPrefix Then

			value = Document.Main.Elements(intLoop).Value

			If value <> "" Then

				If Not IsNumeric(value) Then

					bInvalidAcct = True

					Exit For

				Else

					bHasGoodOne = True

				End If

			End if

		End if

	Next
 

	For intLoop = 0 to 4

		if len(Main.PositionID(intLoop).value) > 0 then

			If len(Main.ChargeType(intLoop).value) = 0 or not isnumeric(Main.ChargeAmount(intLoop).value) or not isnumeric(Main.LocalAmount(intLoop).value) or not isnumeric(Main.FXRate(intLoop).value) then

				bComplete = False

				Exit For

			Else

				bHasGoodOne = True

			end if 'other fields missing

		end if 'position complete
 

		if len(Main.ChargeType(intLoop).value)> 0 then

			If len(Main.PositionID(intLoop).value) = 0 or not isnumeric(Main.ChargeAmount(intLoop).value) or not isnumeric(Main.LocalAmount(intLoop).value) or not isnumeric(Main.FXRate(intLoop).value) then

				bComplete = False

				Exit For

			end if 'other fields missing

		end if 'ChargeType complete
 

		if isnumeric(Main.ChargeAmount(intLoop).value) then

			If len(Main.ChargeType(intLoop).value) = 0 or len(Main.PositionID(intLoop).value) = 0 or not isnumeric(Main.LocalAmount(intLoop).value) or not isnumeric(Main.FXRate(intLoop).value) then

				bComplete = False

				Exit For

			end if 'other fields missing

		end if 'ChargeAmount complete
 

		if isnumeric(Main.LocalAmount(intLoop).value) then

			If len(Main.ChargeType(intLoop).value) = 0 or len(Main.PositionID(intLoop).value) = 0 or not isnumeric(Main.ChargeAmount(intLoop).value) or not isnumeric(Main.FXRate(intLoop).value) then

				bComplete = False

				Exit For

			end if 'other fields missing

		end if 'ChargeAmount complete
 

		if isnumeric(Main.FXRate(intLoop).value) then

			If len(Main.ChargeType(intLoop).value) = 0 or len(Main.PositionID(intLoop).value) = 0 or not isnumeric(Main.ChargeAmount(intLoop).value) or not isnumeric(Main.LocalAmount(intLoop).value) then

				bComplete = False

				Exit For

			end if 'other fields missing

		end if 'ChargeAmount complete

	Next
 

  If bInvalidAcct Then

	msgbox "A non-numeric Account-based change has been entered.", vbOKOnly+vbExclamation

  ElseIf Not bComplete Then

	msgbox "There are incomplete Ticker-based changes.", vbOKOnly+vbExclamation

  ElseIf Not bHasGoodOne Then

	msgbox "No adjustments have been entered.  No action will be taken.", vbOKOnly+vbExclamation

  Else    

	document.Main.action = "adjustmentprocess.asp"

	document.Main.submit()

  End If 'bComplete
 

end sub 'submitForm
 

</HEAD>

<BODY>

<span class="pageTitle">P&L Adjustments Data Entry</span></br>

<form name="Main" action="adjustment.asp" method="post">

<table border="0" style="border: 1 solid black">

<tr>

<td colSpan="9" align="left" class="subheading"><b>Select an account and enter a date:</b></td>

</tr>

<Table border="0" width="100%">

<tr class="columnHeadings">

<td align="center">

<input type="button" id="btnSubmit" value="Submit" onclick="submitForm()" <%= fieldsEnabledDisabled %>>

</td>

</tr>

</Table>
 

</form>
 

</BODY>

</HTML>

Open in new window

0
 
LVL 30

Expert Comment

by:Wayne Barron
Comment Utility
Is that how your code actually looks?
Did you copy it straight out of your page and paste it in here?
If so, then you are missing quite a bit of stuff.

Please see code below.

Lines that are missing
Line1:        <Script Language="vbscript">
Should be  <%@Script Language="vbscript"%>
And then on line 2:
There needs to be    <%

And then above the </head> there needs to be a closing   %>

I am still not sure about what is causing the loop.
Will have to check back on it a little later.
As I am getting ready for a reinstall on my system.
Just wanted to tie up a few loose ends before I jumped into that.

Have a good one
Carrzkiss
<%@Script Language="vbscript"%>

<%

'************************************************

'* submitForm

'*

'* called when user selects the process button

'* it checks that all the necessary data entry has

'* been completed.

'***********************************************

sub submitForm()

dim intLoop

dim bComplete

Dim bHasGoodOne

Dim bInvalidAcct

Const accountPrefix = "<%=AREA%>"

Dim value

 

 

  intLoop= 0

  bComplete = True

  bHasGoodOne = False

  bInvalidAcct = False

 

	For intLoop = 0 to Document.Main.Elements.Length - 1

		If Left(Document.Main.Elements(intLoop).Name, Len(accountPrefix)) = accountPrefix Then

			value = Document.Main.Elements(intLoop).Value

			If value <> "" Then

				If Not IsNumeric(value) Then

					bInvalidAcct = True

					Exit For

				Else

					bHasGoodOne = True

				End If

			End if

		End if

	Next

 

	For intLoop = 0 to 4

		if len(Main.PositionID(intLoop).value) > 0 then

			If len(Main.ChargeType(intLoop).value) = 0 or not isnumeric(Main.ChargeAmount(intLoop).value) or not isnumeric(Main.LocalAmount(intLoop).value) or not isnumeric(Main.FXRate(intLoop).value) then

				bComplete = False

				Exit For

			Else

				bHasGoodOne = True

			end if 'other fields missing

		end if 'position complete

 

		if len(Main.ChargeType(intLoop).value)> 0 then

			If len(Main.PositionID(intLoop).value) = 0 or not isnumeric(Main.ChargeAmount(intLoop).value) or not isnumeric(Main.LocalAmount(intLoop).value) or not isnumeric(Main.FXRate(intLoop).value) then

				bComplete = False

				Exit For

			end if 'other fields missing

		end if 'ChargeType complete

 

		if isnumeric(Main.ChargeAmount(intLoop).value) then

			If len(Main.ChargeType(intLoop).value) = 0 or len(Main.PositionID(intLoop).value) = 0 or not isnumeric(Main.LocalAmount(intLoop).value) or not isnumeric(Main.FXRate(intLoop).value) then

				bComplete = False

				Exit For

			end if 'other fields missing

		end if 'ChargeAmount complete

 

		if isnumeric(Main.LocalAmount(intLoop).value) then

			If len(Main.ChargeType(intLoop).value) = 0 or len(Main.PositionID(intLoop).value) = 0 or not isnumeric(Main.ChargeAmount(intLoop).value) or not isnumeric(Main.FXRate(intLoop).value) then

				bComplete = False

				Exit For

			end if 'other fields missing

		end if 'ChargeAmount complete

 

		if isnumeric(Main.FXRate(intLoop).value) then

			If len(Main.ChargeType(intLoop).value) = 0 or len(Main.PositionID(intLoop).value) = 0 or not isnumeric(Main.ChargeAmount(intLoop).value) or not isnumeric(Main.LocalAmount(intLoop).value) then

				bComplete = False

				Exit For

			end if 'other fields missing

		end if 'ChargeAmount complete

	Next

 

  If bInvalidAcct Then

	msgbox "A non-numeric Account-based change has been entered.", vbOKOnly+vbExclamation

  ElseIf Not bComplete Then

	msgbox "There are incomplete Ticker-based changes.", vbOKOnly+vbExclamation

  ElseIf Not bHasGoodOne Then

	msgbox "No adjustments have been entered.  No action will be taken.", vbOKOnly+vbExclamation

  Else    

	document.Main.action = "adjustmentprocess.asp"

	document.Main.submit()

  End If 'bComplete

 

end sub 'submitForm

%> 

</HEAD>

<BODY>

<span class="pageTitle">P&L Adjustments Data Entry</span></br>

<form name="Main" action="adjustment.asp" method="post">

<table border="0" style="border: 1 solid black">

<tr>

<td colSpan="9" align="left" class="subheading"><b>Select an account and enter a date:</b></td>

</tr>

<Table border="0" width="100%">

<tr class="columnHeadings">

<td align="center">

<input type="button" id="btnSubmit" value="Submit" onclick="submitForm()" <%= fieldsEnabledDisabled %>>

</td>

</tr>

</Table>

 

</form>

 

</BODY>

</HTML>

Open in new window

0
 
LVL 1

Author Comment

by:countrymeister
Comment Utility
Carrzkiss
I tried adding another page instead of adjustmentprocess.asp in the flow logic
and the submit action does take me to the new page I added, so guess there is soemthing in the adjustmentprocess.asp that is causing the looping.
Also the adjustmentprocess.asp has the following for its form definition

<form action="adjustment.asp" method="post">
<input type="submit" value="Go Back">
<input type="hidden" name="Area" value="<%=Area%>">
<input type="hidden" name="adjustmentDate" value="<%=adjustmentDate%>">
</form>

Changed the foll

Main.action = "adjustmentprocess.asp"

Main.submit()
 

To flow to a some other page

Main.action = "confirm.asp"

Main.submit()
 

Definition of form in adjustmentprocess.asp, has action of adjustment.asp
 

<form action="adjustment.asp" method="post">

<input type="submit" value="Go Back">

<input type="hidden" name="Area" value="<%=Area%>">

<input type="hidden" name="adjustmentDate" value="<%=adjustmentDate%>">

</form>

Open in new window

0
 
LVL 30

Expert Comment

by:Wayne Barron
Comment Utility
What else is in the "adjustmentprocess.asp" page besides this?

<form action="adjustment.asp" method="post">
<input type="submit" value="Go Back">
<input type="hidden" name="Area" value="<%=Area%>">
<input type="hidden" name="adjustmentDate" value="<%=adjustmentDate%>">
</form>

This would not cause your loop to happen.
Then only way would be if you had something in your <body> tag that was submitted the form
(or) it was being done programicaly via javascript or vb?
0
 
LVL 1

Author Comment

by:countrymeister
Comment Utility
I have pasted below the entire code of adjustmentprocess.asp.
Let me know if you find anything strange, what stumps me is this works in uat env but not in production
<%Option Explicit

Server.ScriptTimeout = 6000

%>
 

<!--#INCLUDE Virtual="/includes/adovbs.inc"-->
 

<HTML>

<HEAD>

<TITLE>Adjustment Page</TITLE>

<link rel="stylesheet" href="/commonStylesheet.css">

</HEAD>

<BODY>

<span class="pageTitle">Adjustments Data Entry</span></br>
 

<%

STOP

Dim ConnectionString

ConnectionString = Application("PAN_DETAILS")
 

const BROKER = "ZZAccount_"
 

Dim oConn

Dim Area

Dim adjustmentDate

Dim sOutput
 

Area = Request.Form("Area")

adjustmentDate = Request.Form("adjustmentDate")
 

Set oConn = Server.CreateObject("ADODB.Connection")

oConn.ConnectionString = ConnectionString

oConn.CommandTimeout = 600

oConn.Open
 

sOutput = MakeAccountBasedChanges()

If sOutput <> "" Then

	Response.Write "<BR><BR><SPAN class=heading>Account-based changes</SPAN><BR><BR>"

	Response.Write sOutput

End If

oConn.Close

Set oConn = Nothing
 

Function MakeAccountBasedChanges()
 

	Dim changeType						'type of change(margin interest, ticket charges, etc)

	Dim changeAmount					'amount of adjustment to make to the account

	Dim item

	Dim sOutput
 

	'handle all the account-based adjustments
 

	For each item in Request.Form

		if left(item, Len(BROKER)) = BROKER and trim(Request.Form(item)) <> "" then

			changeType = mid(item, Len(BROKER)+1)

			changeAmount = Request.Form(item)
 

			sOutput = sOutput & ExecuteStoredProc(changeType, changeAmount)

		end if

	next

	

	MakeAccountBasedChanges = sOutput
 

End Function
 

Function ExecuteStoredProc(ByVal changeType, ByVal changeAmount)
 

	Dim oComm

	Dim retval

	Dim paramQuantity

	Dim paramTradeDate

	Dim paramSecurity

	Dim paramAccount

	Dim paramIPAddress

	Dim paramBroker
 

	set oComm = Server.CreateObject("ADODB.Command")

	with oComm

		.ActiveConnection = oConn

		.CommandType = adCmdStoredProc

		.CommandText = "dbo.p_AdjustmentAccount"

		.CommandTimeout = 600
 

		.Parameters("@Area").Value = Area

		.Parameters("@BusDate").Value = adjustmentDate

		.Parameters("@Type").Value = changeType

		.Parameters("@Amount").Value = changeAmount
 

		.Execute

	end with
 

	set oComm = nothing
 

	ExecuteStoredProc = "The account adjustment of " + FormatCurrency(changeAmount) + " for " + changeType + " was successfully processed."+ "<br>" + vbcrlf
 

End Function

'----------------------------end MakeAccountBasedChanges ------------------------------------
 

Function ToBoolean(value)

	ToBoolean = False
 

	If IsNull(value) Then

		Exit Function

	End If
 

	If VarType(value) = vbBoolean Then

		ToBoolean = value

		Exit Function

	End If
 

	Select Case UCase(Left(Trim(CStr(value)), 1))

		Case "T", "Y", "1"

			ToBoolean = True

	End Select			

End Function

'----------------------------end subs/functions section------------------------------------
 

%>
 

<form action="pladjustment.asp" method="post">

<input type="submit" value="Go Back">

<input type="hidden" name="Area" value="<%=Area%>">

<input type="hidden" name="adjustmentDate" value="<%=adjustmentDate%>">

</form>
 

</BODY>

</HTML>

Open in new window

0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 30

Expert Comment

by:Wayne Barron
Comment Utility
What happens if you remove this

<%Option Explicit
Server.ScriptTimeout = 6000
%>

Try that, and see what the results are please?

Carrzkiss
0
 
LVL 30

Expert Comment

by:Wayne Barron
Comment Utility
Also.
Line: 32
oConn.CommandTimeout = 600

That is 600
And your
Server.ScriptTimeout = 6000
Is 6000

I doubt that will have anything to do with anything.
But, should they be the same?
(I have not run them together, so I am not really sure)
0
 
LVL 1

Author Comment

by:countrymeister
Comment Utility
remmoved
<%Option Explicit
Server.ScriptTimeout = 6000
%>
 but that did not help, got the same looping windows dialog box asking userid/pwd crendentials
0
 
LVL 30

Expert Comment

by:Wayne Barron
Comment Utility
you stated that you made another page and that it worked fine.
Why dont you try something.
(This is what I do if something breaks)

In the new page, add in pieces of code at a time.
NOT the whole code form this page, but just pieces of code.
And run your page against it each time.
And see when the code makes the loop.

This is the only thing that I can suggest, as I am not seeing nothing visiably that would be causing this looping issue.

Carrzkiss
0
 
LVL 1

Author Comment

by:countrymeister
Comment Utility
carrzkiss:

This is even bizarre,
I took the adjustmentprocess page and made a copy of it adjustmentprocess1.asp,
The called it from the main adjustment page, as below and this worked.
Could you kow of any reason this worked.

Main.action = "adjustmentprocess1.asp"
Main.submit()
0
 
LVL 30

Accepted Solution

by:
Wayne Barron earned 500 total points
Comment Utility
Maybe.... Just Maybe... The page got corrupted.
Sound strange because you can read it, and nothing looks to be out of place.

Example:

I was working on my pet project back last year, and during the development, one of the pages stopped working properly.
I copied everything out of the page, and deleted the original page.
Then I created a new blank page, and added in everything from the other page.
And wa-la
Worked like a charm.

I asked one of my ee pals here if they had ever come across it, and then stated that they had.
And they did the same thing as I did.

So. maybe, your page become corrupted.

Try something for me.
Try coping everything out of the page.
And then deleting the original page.
Then create a new page and paste it back in, and try it.
See if it does the same thing, or if it works properly?

Carrzkiss
0
 
LVL 1

Author Comment

by:countrymeister
Comment Utility
I  took a new file copied the contents and deleted the old, then renamed the new file as adjustmentprocess.asp

Also took the new file and made a copy of it as adjustment2.asp

The new file named adjustmentprocess.asp did not work, but when I modified the code to point to adjustment2.asp it worked.

Next I brought down the IIS server, stopped and restarted it, did the same exercise above of creating a brand new file and copying the contents and then deleting the old  and renaming the new as adjustment process.asp and this time adjustmentprocess.asp worked.

Thanks for your help, spent quite some time on this
0
 
LVL 1

Author Closing Comment

by:countrymeister
Comment Utility
thanks a bunch for your help
0
 
LVL 30

Expert Comment

by:Wayne Barron
Comment Utility
IIS can be a pain I tell you.
Glad that it worked for you.

What most likely happened in IIS that caused it to where you had to restart IIS.
Is it did not let loose of the original file in cache.

Have a good one.
Carrzkiss
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Over the years I have built up my own little library of code snippets that I refer to when programming or writing a script.  Many of these have come from the web or adaptations from snippets I find on the Web.  Periodically I add to them when I come…
Deploying a Microsoft Access application in a Citrix environment is not difficult but takes a few steps. However, Citrix system people are often of little help, as they typically know next to nothing about Access. The script provided here will take …
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now