ASP URL

Greeting,

I have an login.asp which doing LDAP authentication before redirect the users to an form. Now I want to add an exception. that is if the user was on a paticulaer URL then go to the login.asp if will bypass the LDAP authentication.

Please provide sample code.

Thanks.
mrongAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Big MontyWeb Ninja at largeCommented:
What is the url you want to check?
mrongAuthor Commented:
sample URL like  http://www.yahoo.com/user/file/mypath
the 'mypath' part could be different.

Thanks.
Big MontyWeb Ninja at largeCommented:
You can try something like this:

If InStr(Request.ServerVariables("URL"), "mypath)  > 0 then
      '-- condition met, proceed
OWASP: Avoiding Hacker Tricks

Learn to build secure applications from the mindset of the hacker and avoid being exploited.

Big MontyWeb Ninja at largeCommented:
Missing a quote

If InStr(Request.ServerVariables("URL"), "mypath" )  > 0 then
      '-- condition met, proceed
mrongAuthor Commented:
what should I put for "mypath" ? it could be different.
Thanks.
Big MontyWeb Ninja at largeCommented:
What do you want it to equal in order for authentication to occur?
mrongAuthor Commented:
if the beginning of previous URL is  http://www.yahoo.com/user/file
then redirect
Big MontyWeb Ninja at largeCommented:
Then try using this code

If Request.ServerVariables("SERVER_NAME") = "www.yahoo.com/user/file" then
       Do redirect
mrongAuthor Commented:
Below is what I am using. will the Session variables being carried after redirected?

  If InStr(Request.ServerVariables("URL"), "http://www.yahoo.com/user/file " )  > 0 then
    Session("username") = "UsersRedirected"
   Response.Redirect "http://mysite/form.asp"
  End if
Big MontyWeb Ninja at largeCommented:
your session variable will be carried over. try this for code:

 If Right( Request.ServerVariables("URL"), 9 ) = "user/file" then
    Session("username") = "UsersRedirected"
   Response.Redirect "http://mysite/form.asp"
  End if

Open in new window

mrongAuthor Commented:
Big_Monty,

Both
If InStr(Request.ServerVariables("URL"), "mypath" )  > 0 then
and
 If Right( Request.ServerVariables("URL"), 9 ) = "user/file" then
not working right.

Thanks.
Big MontyWeb Ninja at largeCommented:
ok i mis-read your question originally, you want to get where the user was coming from, not the current page. to do that, you have to do something like:

dim page
page = Request.ServerVariables("http_referer")
page = Mid( page, InStr( page, "/" ), Len( page ) )    '-- removes domain name from page name

 If page = "/user/file" then
      '-- no additional folder names in path
else
      '-- came from /user/file/myPath
end if

Open in new window


if the statement

If page = "/user/file" then

doesn't work, try doing a response.write of the page variable to see what it displays

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Scott Fell, EE MVEDeveloper & EE ModeratorCommented:
The referring page can be spoofed.   I would add on to what Big Monty has shown you by adding an encrypted cookie or session variable to the page you want to test for.

On your /user/file page, towards the bottom of any asp code, add something like
session("lastpage")="/user/file"

Open in new window

Then on the page you want to test for, at the top of the page
IF session("lastpage")="/user/file" THEN
     'flag something good
     ELSE
     'flag something bad
END IF
session("lastpage")="myNewPage"

Open in new window


There are many options here.  The only downside to this method is if you have high traffic and your worker process resets (rare, but happens), you loose your session.  The other option is setting an encrypted cookie.  You can simply use response.cookies("lastpage") = "something" http://www.w3schools.com/asp/asp_cookies.asp but that is about as handy as using a querystring.  You would want to encrypt "something".   Using the session is going to be easier.

I use a similar function and use an include file on every page for the code to set the named page name.

Good luck!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
ASP

From novice to tech pro — start learning today.