Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Classic ASP authentication issue

Posted on 2009-03-31
17
986 Views
Last Modified: 2012-06-27
I have a classic ASP page which calls another asp page within it.
But for whatever reason, it just keeps asking for the Userid/password credentials, and keeps looping


Main ASP page has the following code
 
<form name="Main" action="adjustment.asp" method="post">
 
Then in a vbscript function I have 
Main.action = "adjustmentprocess.asp"
Main.submit()
 
I expect the adjustmentprocess.asp page to be invoked but it throws the windows login credentials dialog box, to enter userid/password.
 
This works fine in uat env, but does not in production
Any suggestions?

Open in new window

0
Comment
Question by:countrymeister
  • 9
  • 8
17 Comments
 
LVL 30

Expert Comment

by:Wayne Barron
ID: 24032121
May I suggest a better authentication system then what you are using?
Please have a look here, it is using Cookies.
======Taken from another post that I have it on=======
http://ee.cffcs.com/Q_24252782/login.asp
username:  logincookie
password: 12345678
(Type in a bad username (or) password and it will let you know that it is bad)
Code
http://ee.cffcs.com/Q_24252782/Q_24252782.zip

This is pretty simple to understand and use.
The
IsLoggedIn.asp
This is the key, this needs to be placed in the header of all pages that you want to protect.
Use this in place of long codes    <%= strUserName %>
If you are doing a SELECT Statement or other type.
Something like this will do.

<!--#include file="IsLoggedIn.asp"-->
sql = "SELECT UserName FROM Users WHERE UserName = " & strUserName & ""

Now, you will have to make sure that the file IsLoggedIn.asp is always in the header of the
Page where you are going to use the    strUserName at.

The cookie properties can be found in   login_validate.asp
Here you can set the cookie Expire date to as long or short of a time frame that you with.
Right now it is set at a default of 30-days.
you can set it to 1 year if you desire      Expires = Now() + 365
That will give you the 1 year, but in my opinion, that is just a bit to much.
About like EE here has theres set to log me out when I turn 106yrs old... ouch...

If you have any questions, please ask away.
Good Luck and enjoy.
Carrzkiss
0
 
LVL 1

Author Comment

by:countrymeister
ID: 24032688
Carrzkiss

I am typing in a valid userid/password, and thats how I get into the Main asp page - adjustment.asp, but when I try to submit some changes, it gives me the windows dialog again, instead of passing control to the adjutmentprocess.asp page.

What bothers me is this works in one env, but not in another.
Are you stating that the credentials are lost.
0
 
LVL 30

Expert Comment

by:Wayne Barron
ID: 24032844
It sounds like you are sending to the same page.
You type in your information and you are sent here :  adjustment.asp
 What is this: --> adjustmentprocess.asp
What is on that page, are you sure that it is not rerouting you back to the login page?
Also.
If using Sessions, are you sure that the session is working properly?

It is really hard to tell without actually seeing it in action, and see the loop happening.
I know that I had the same thing happen, and the <body onLoad> was resending the information
Before it dawned on me that the onLoad needed to be put in another page, and not the one that I was submitting....

Let me know?
Carrzkiss
0
Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

 
LVL 1

Author Comment

by:countrymeister
ID: 24034067
I have pasted the vbscript code that calls adjustmentprocess.asp and the relevant code of the adjustment.asp page

The adjustment.asp has a submit button which when clicked invokes the vbscript sub routine subForm

The adjustmentprocess is another asp page, which has the following, it has a button Goback, which should take it back to the adjustment.asp page

<form action="adjustment.asp" method="post">
<input type="submit" value="Go Back">
<input type="hidden" name="Area" value="<%=tradingArea%>">
<input type="hidden" name="adjustmentDate" value="<%=adjustmentDate%>">
</form>
<Script Language="vbscript">
'************************************************
'* submitForm
'*
'* called when user selects the process button
'* it checks that all the necessary data entry has
'* been completed.
'***********************************************
sub submitForm()
dim intLoop
dim bComplete
Dim bHasGoodOne
Dim bInvalidAcct
Const accountPrefix = "<%=AREA%>"
Dim value
 
 
  intLoop= 0
  bComplete = True
  bHasGoodOne = False
  bInvalidAcct = False
 
	For intLoop = 0 to Document.Main.Elements.Length - 1
		If Left(Document.Main.Elements(intLoop).Name, Len(accountPrefix)) = accountPrefix Then
			value = Document.Main.Elements(intLoop).Value
			If value <> "" Then
				If Not IsNumeric(value) Then
					bInvalidAcct = True
					Exit For
				Else
					bHasGoodOne = True
				End If
			End if
		End if
	Next
 
	For intLoop = 0 to 4
		if len(Main.PositionID(intLoop).value) > 0 then
			If len(Main.ChargeType(intLoop).value) = 0 or not isnumeric(Main.ChargeAmount(intLoop).value) or not isnumeric(Main.LocalAmount(intLoop).value) or not isnumeric(Main.FXRate(intLoop).value) then
				bComplete = False
				Exit For
			Else
				bHasGoodOne = True
			end if 'other fields missing
		end if 'position complete
 
		if len(Main.ChargeType(intLoop).value)> 0 then
			If len(Main.PositionID(intLoop).value) = 0 or not isnumeric(Main.ChargeAmount(intLoop).value) or not isnumeric(Main.LocalAmount(intLoop).value) or not isnumeric(Main.FXRate(intLoop).value) then
				bComplete = False
				Exit For
			end if 'other fields missing
		end if 'ChargeType complete
 
		if isnumeric(Main.ChargeAmount(intLoop).value) then
			If len(Main.ChargeType(intLoop).value) = 0 or len(Main.PositionID(intLoop).value) = 0 or not isnumeric(Main.LocalAmount(intLoop).value) or not isnumeric(Main.FXRate(intLoop).value) then
				bComplete = False
				Exit For
			end if 'other fields missing
		end if 'ChargeAmount complete
 
		if isnumeric(Main.LocalAmount(intLoop).value) then
			If len(Main.ChargeType(intLoop).value) = 0 or len(Main.PositionID(intLoop).value) = 0 or not isnumeric(Main.ChargeAmount(intLoop).value) or not isnumeric(Main.FXRate(intLoop).value) then
				bComplete = False
				Exit For
			end if 'other fields missing
		end if 'ChargeAmount complete
 
		if isnumeric(Main.FXRate(intLoop).value) then
			If len(Main.ChargeType(intLoop).value) = 0 or len(Main.PositionID(intLoop).value) = 0 or not isnumeric(Main.ChargeAmount(intLoop).value) or not isnumeric(Main.LocalAmount(intLoop).value) then
				bComplete = False
				Exit For
			end if 'other fields missing
		end if 'ChargeAmount complete
	Next
 
  If bInvalidAcct Then
	msgbox "A non-numeric Account-based change has been entered.", vbOKOnly+vbExclamation
  ElseIf Not bComplete Then
	msgbox "There are incomplete Ticker-based changes.", vbOKOnly+vbExclamation
  ElseIf Not bHasGoodOne Then
	msgbox "No adjustments have been entered.  No action will be taken.", vbOKOnly+vbExclamation
  Else    
	document.Main.action = "adjustmentprocess.asp"
	document.Main.submit()
  End If 'bComplete
 
end sub 'submitForm
 
</HEAD>
<BODY>
<span class="pageTitle">P&L Adjustments Data Entry</span></br>
<form name="Main" action="adjustment.asp" method="post">
<table border="0" style="border: 1 solid black">
<tr>
<td colSpan="9" align="left" class="subheading"><b>Select an account and enter a date:</b></td>
</tr>
<Table border="0" width="100%">
<tr class="columnHeadings">
<td align="center">
<input type="button" id="btnSubmit" value="Submit" onclick="submitForm()" <%= fieldsEnabledDisabled %>>
</td>
</tr>
</Table>
 
</form>
 
</BODY>
</HTML>

Open in new window

0
 
LVL 30

Expert Comment

by:Wayne Barron
ID: 24036581
Is that how your code actually looks?
Did you copy it straight out of your page and paste it in here?
If so, then you are missing quite a bit of stuff.

Please see code below.

Lines that are missing
Line1:        <Script Language="vbscript">
Should be  <%@Script Language="vbscript"%>
And then on line 2:
There needs to be    <%

And then above the </head> there needs to be a closing   %>

I am still not sure about what is causing the loop.
Will have to check back on it a little later.
As I am getting ready for a reinstall on my system.
Just wanted to tie up a few loose ends before I jumped into that.

Have a good one
Carrzkiss
<%@Script Language="vbscript"%>
<%
'************************************************
'* submitForm
'*
'* called when user selects the process button
'* it checks that all the necessary data entry has
'* been completed.
'***********************************************
sub submitForm()
dim intLoop
dim bComplete
Dim bHasGoodOne
Dim bInvalidAcct
Const accountPrefix = "<%=AREA%>"
Dim value
 
 
  intLoop= 0
  bComplete = True
  bHasGoodOne = False
  bInvalidAcct = False
 
	For intLoop = 0 to Document.Main.Elements.Length - 1
		If Left(Document.Main.Elements(intLoop).Name, Len(accountPrefix)) = accountPrefix Then
			value = Document.Main.Elements(intLoop).Value
			If value <> "" Then
				If Not IsNumeric(value) Then
					bInvalidAcct = True
					Exit For
				Else
					bHasGoodOne = True
				End If
			End if
		End if
	Next
 
	For intLoop = 0 to 4
		if len(Main.PositionID(intLoop).value) > 0 then
			If len(Main.ChargeType(intLoop).value) = 0 or not isnumeric(Main.ChargeAmount(intLoop).value) or not isnumeric(Main.LocalAmount(intLoop).value) or not isnumeric(Main.FXRate(intLoop).value) then
				bComplete = False
				Exit For
			Else
				bHasGoodOne = True
			end if 'other fields missing
		end if 'position complete
 
		if len(Main.ChargeType(intLoop).value)> 0 then
			If len(Main.PositionID(intLoop).value) = 0 or not isnumeric(Main.ChargeAmount(intLoop).value) or not isnumeric(Main.LocalAmount(intLoop).value) or not isnumeric(Main.FXRate(intLoop).value) then
				bComplete = False
				Exit For
			end if 'other fields missing
		end if 'ChargeType complete
 
		if isnumeric(Main.ChargeAmount(intLoop).value) then
			If len(Main.ChargeType(intLoop).value) = 0 or len(Main.PositionID(intLoop).value) = 0 or not isnumeric(Main.LocalAmount(intLoop).value) or not isnumeric(Main.FXRate(intLoop).value) then
				bComplete = False
				Exit For
			end if 'other fields missing
		end if 'ChargeAmount complete
 
		if isnumeric(Main.LocalAmount(intLoop).value) then
			If len(Main.ChargeType(intLoop).value) = 0 or len(Main.PositionID(intLoop).value) = 0 or not isnumeric(Main.ChargeAmount(intLoop).value) or not isnumeric(Main.FXRate(intLoop).value) then
				bComplete = False
				Exit For
			end if 'other fields missing
		end if 'ChargeAmount complete
 
		if isnumeric(Main.FXRate(intLoop).value) then
			If len(Main.ChargeType(intLoop).value) = 0 or len(Main.PositionID(intLoop).value) = 0 or not isnumeric(Main.ChargeAmount(intLoop).value) or not isnumeric(Main.LocalAmount(intLoop).value) then
				bComplete = False
				Exit For
			end if 'other fields missing
		end if 'ChargeAmount complete
	Next
 
  If bInvalidAcct Then
	msgbox "A non-numeric Account-based change has been entered.", vbOKOnly+vbExclamation
  ElseIf Not bComplete Then
	msgbox "There are incomplete Ticker-based changes.", vbOKOnly+vbExclamation
  ElseIf Not bHasGoodOne Then
	msgbox "No adjustments have been entered.  No action will be taken.", vbOKOnly+vbExclamation
  Else    
	document.Main.action = "adjustmentprocess.asp"
	document.Main.submit()
  End If 'bComplete
 
end sub 'submitForm
%> 
</HEAD>
<BODY>
<span class="pageTitle">P&L Adjustments Data Entry</span></br>
<form name="Main" action="adjustment.asp" method="post">
<table border="0" style="border: 1 solid black">
<tr>
<td colSpan="9" align="left" class="subheading"><b>Select an account and enter a date:</b></td>
</tr>
<Table border="0" width="100%">
<tr class="columnHeadings">
<td align="center">
<input type="button" id="btnSubmit" value="Submit" onclick="submitForm()" <%= fieldsEnabledDisabled %>>
</td>
</tr>
</Table>
 
</form>
 
</BODY>
</HTML>

Open in new window

0
 
LVL 1

Author Comment

by:countrymeister
ID: 24051735
Carrzkiss
I tried adding another page instead of adjustmentprocess.asp in the flow logic
and the submit action does take me to the new page I added, so guess there is soemthing in the adjustmentprocess.asp that is causing the looping.
Also the adjustmentprocess.asp has the following for its form definition

<form action="adjustment.asp" method="post">
<input type="submit" value="Go Back">
<input type="hidden" name="Area" value="<%=Area%>">
<input type="hidden" name="adjustmentDate" value="<%=adjustmentDate%>">
</form>

Changed the foll
Main.action = "adjustmentprocess.asp"
Main.submit()
 
To flow to a some other page
Main.action = "confirm.asp"
Main.submit()
 
Definition of form in adjustmentprocess.asp, has action of adjustment.asp
 
<form action="adjustment.asp" method="post">
<input type="submit" value="Go Back">
<input type="hidden" name="Area" value="<%=Area%>">
<input type="hidden" name="adjustmentDate" value="<%=adjustmentDate%>">
</form>

Open in new window

0
 
LVL 30

Expert Comment

by:Wayne Barron
ID: 24053085
What else is in the "adjustmentprocess.asp" page besides this?

<form action="adjustment.asp" method="post">
<input type="submit" value="Go Back">
<input type="hidden" name="Area" value="<%=Area%>">
<input type="hidden" name="adjustmentDate" value="<%=adjustmentDate%>">
</form>

This would not cause your loop to happen.
Then only way would be if you had something in your <body> tag that was submitted the form
(or) it was being done programicaly via javascript or vb?
0
 
LVL 1

Author Comment

by:countrymeister
ID: 24053639
I have pasted below the entire code of adjustmentprocess.asp.
Let me know if you find anything strange, what stumps me is this works in uat env but not in production
<%Option Explicit
Server.ScriptTimeout = 6000
%>
 
<!--#INCLUDE Virtual="/includes/adovbs.inc"-->
 
<HTML>
<HEAD>
<TITLE>Adjustment Page</TITLE>
<link rel="stylesheet" href="/commonStylesheet.css">
</HEAD>
<BODY>
<span class="pageTitle">Adjustments Data Entry</span></br>
 
<%
STOP
Dim ConnectionString
ConnectionString = Application("PAN_DETAILS")
 
const BROKER = "ZZAccount_"
 
Dim oConn
Dim Area
Dim adjustmentDate
Dim sOutput
 
Area = Request.Form("Area")
adjustmentDate = Request.Form("adjustmentDate")
 
Set oConn = Server.CreateObject("ADODB.Connection")
oConn.ConnectionString = ConnectionString
oConn.CommandTimeout = 600
oConn.Open
 
sOutput = MakeAccountBasedChanges()
If sOutput <> "" Then
	Response.Write "<BR><BR><SPAN class=heading>Account-based changes</SPAN><BR><BR>"
	Response.Write sOutput
End If
oConn.Close
Set oConn = Nothing
 
Function MakeAccountBasedChanges()
 
	Dim changeType						'type of change(margin interest, ticket charges, etc)
	Dim changeAmount					'amount of adjustment to make to the account
	Dim item
	Dim sOutput
 
	'handle all the account-based adjustments
 
	For each item in Request.Form
		if left(item, Len(BROKER)) = BROKER and trim(Request.Form(item)) <> "" then
			changeType = mid(item, Len(BROKER)+1)
			changeAmount = Request.Form(item)
 
			sOutput = sOutput & ExecuteStoredProc(changeType, changeAmount)
		end if
	next
	
	MakeAccountBasedChanges = sOutput
 
End Function
 
Function ExecuteStoredProc(ByVal changeType, ByVal changeAmount)
 
	Dim oComm
	Dim retval
	Dim paramQuantity
	Dim paramTradeDate
	Dim paramSecurity
	Dim paramAccount
	Dim paramIPAddress
	Dim paramBroker
 
	set oComm = Server.CreateObject("ADODB.Command")
	with oComm
		.ActiveConnection = oConn
		.CommandType = adCmdStoredProc
		.CommandText = "dbo.p_AdjustmentAccount"
		.CommandTimeout = 600
 
		.Parameters("@Area").Value = Area
		.Parameters("@BusDate").Value = adjustmentDate
		.Parameters("@Type").Value = changeType
		.Parameters("@Amount").Value = changeAmount
 
		.Execute
	end with
 
	set oComm = nothing
 
	ExecuteStoredProc = "The account adjustment of " + FormatCurrency(changeAmount) + " for " + changeType + " was successfully processed."+ "<br>" + vbcrlf
 
End Function
'----------------------------end MakeAccountBasedChanges ------------------------------------
 
Function ToBoolean(value)
	ToBoolean = False
 
	If IsNull(value) Then
		Exit Function
	End If
 
	If VarType(value) = vbBoolean Then
		ToBoolean = value
		Exit Function
	End If
 
	Select Case UCase(Left(Trim(CStr(value)), 1))
		Case "T", "Y", "1"
			ToBoolean = True
	End Select			
End Function
'----------------------------end subs/functions section------------------------------------
 
%>
 
<form action="pladjustment.asp" method="post">
<input type="submit" value="Go Back">
<input type="hidden" name="Area" value="<%=Area%>">
<input type="hidden" name="adjustmentDate" value="<%=adjustmentDate%>">
</form>
 
</BODY>
</HTML>

Open in new window

0
 
LVL 30

Expert Comment

by:Wayne Barron
ID: 24053894
What happens if you remove this

<%Option Explicit
Server.ScriptTimeout = 6000
%>

Try that, and see what the results are please?

Carrzkiss
0
 
LVL 30

Expert Comment

by:Wayne Barron
ID: 24053921
Also.
Line: 32
oConn.CommandTimeout = 600

That is 600
And your
Server.ScriptTimeout = 6000
Is 6000

I doubt that will have anything to do with anything.
But, should they be the same?
(I have not run them together, so I am not really sure)
0
 
LVL 1

Author Comment

by:countrymeister
ID: 24054255
remmoved
<%Option Explicit
Server.ScriptTimeout = 6000
%>
 but that did not help, got the same looping windows dialog box asking userid/pwd crendentials
0
 
LVL 30

Expert Comment

by:Wayne Barron
ID: 24054412
you stated that you made another page and that it worked fine.
Why dont you try something.
(This is what I do if something breaks)

In the new page, add in pieces of code at a time.
NOT the whole code form this page, but just pieces of code.
And run your page against it each time.
And see when the code makes the loop.

This is the only thing that I can suggest, as I am not seeing nothing visiably that would be causing this looping issue.

Carrzkiss
0
 
LVL 1

Author Comment

by:countrymeister
ID: 24054501
carrzkiss:

This is even bizarre,
I took the adjustmentprocess page and made a copy of it adjustmentprocess1.asp,
The called it from the main adjustment page, as below and this worked.
Could you kow of any reason this worked.

Main.action = "adjustmentprocess1.asp"
Main.submit()
0
 
LVL 30

Accepted Solution

by:
Wayne Barron earned 500 total points
ID: 24054710
Maybe.... Just Maybe... The page got corrupted.
Sound strange because you can read it, and nothing looks to be out of place.

Example:

I was working on my pet project back last year, and during the development, one of the pages stopped working properly.
I copied everything out of the page, and deleted the original page.
Then I created a new blank page, and added in everything from the other page.
And wa-la
Worked like a charm.

I asked one of my ee pals here if they had ever come across it, and then stated that they had.
And they did the same thing as I did.

So. maybe, your page become corrupted.

Try something for me.
Try coping everything out of the page.
And then deleting the original page.
Then create a new page and paste it back in, and try it.
See if it does the same thing, or if it works properly?

Carrzkiss
0
 
LVL 1

Author Comment

by:countrymeister
ID: 24055002
I  took a new file copied the contents and deleted the old, then renamed the new file as adjustmentprocess.asp

Also took the new file and made a copy of it as adjustment2.asp

The new file named adjustmentprocess.asp did not work, but when I modified the code to point to adjustment2.asp it worked.

Next I brought down the IIS server, stopped and restarted it, did the same exercise above of creating a brand new file and copying the contents and then deleting the old  and renaming the new as adjustment process.asp and this time adjustmentprocess.asp worked.

Thanks for your help, spent quite some time on this
0
 
LVL 1

Author Closing Comment

by:countrymeister
ID: 31564957
thanks a bunch for your help
0
 
LVL 30

Expert Comment

by:Wayne Barron
ID: 24055045
IIS can be a pain I tell you.
Glad that it worked for you.

What most likely happened in IIS that caused it to where you had to restart IIS.
Is it did not let loose of the original file in cache.

Have a good one.
Carrzkiss
0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
ASP/VB email question 4 46
Select case on click 3 21
remove computer from using logon script 17 38
VBScript on Html 15 47
When it comes to writing scripts for a Client/Server computing environment it is essential to consider some way of enabling the authentication functionality within a script. This sort of consideration mainly comes into the picture when we are dealin…
I was asked about the differences between classic ASP and ASP.NET, so let me put them down here, for reference: Let's make the introductions... Classic ASP was launched by Microsoft in 1998 and dynamically generate web pages upon user interact…
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question