Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 195
  • Last Modified:

ASP URL

Greeting,

I have an login.asp which doing LDAP authentication before redirect the users to an form. Now I want to add an exception. that is if the user was on a paticulaer URL then go to the login.asp if will bypass the LDAP authentication.

Please provide sample code.

Thanks.
0
mrong
Asked:
mrong
  • 7
  • 5
1 Solution
 
Big MontySenior Web Developer / CEO of ExchangeTree.org Commented:
What is the url you want to check?
0
 
mrongAuthor Commented:
sample URL like  http://www.yahoo.com/user/file/mypath
the 'mypath' part could be different.

Thanks.
0
 
Big MontySenior Web Developer / CEO of ExchangeTree.org Commented:
You can try something like this:

If InStr(Request.ServerVariables("URL"), "mypath)  > 0 then
      '-- condition met, proceed
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
Big MontySenior Web Developer / CEO of ExchangeTree.org Commented:
Missing a quote

If InStr(Request.ServerVariables("URL"), "mypath" )  > 0 then
      '-- condition met, proceed
0
 
mrongAuthor Commented:
what should I put for "mypath" ? it could be different.
Thanks.
0
 
Big MontySenior Web Developer / CEO of ExchangeTree.org Commented:
What do you want it to equal in order for authentication to occur?
0
 
mrongAuthor Commented:
if the beginning of previous URL is  http://www.yahoo.com/user/file
then redirect
0
 
Big MontySenior Web Developer / CEO of ExchangeTree.org Commented:
Then try using this code

If Request.ServerVariables("SERVER_NAME") = "www.yahoo.com/user/file" then
       Do redirect
0
 
mrongAuthor Commented:
Below is what I am using. will the Session variables being carried after redirected?

  If InStr(Request.ServerVariables("URL"), "http://www.yahoo.com/user/file " )  > 0 then
    Session("username") = "UsersRedirected"
   Response.Redirect "http://mysite/form.asp"
  End if
0
 
Big MontySenior Web Developer / CEO of ExchangeTree.org Commented:
your session variable will be carried over. try this for code:

 If Right( Request.ServerVariables("URL"), 9 ) = "user/file" then
    Session("username") = "UsersRedirected"
   Response.Redirect "http://mysite/form.asp"
  End if

Open in new window

0
 
mrongAuthor Commented:
Big_Monty,

Both
If InStr(Request.ServerVariables("URL"), "mypath" )  > 0 then
and
 If Right( Request.ServerVariables("URL"), 9 ) = "user/file" then
not working right.

Thanks.
0
 
Big MontySenior Web Developer / CEO of ExchangeTree.org Commented:
ok i mis-read your question originally, you want to get where the user was coming from, not the current page. to do that, you have to do something like:

dim page
page = Request.ServerVariables("http_referer")
page = Mid( page, InStr( page, "/" ), Len( page ) )    '-- removes domain name from page name

 If page = "/user/file" then
      '-- no additional folder names in path
else
      '-- came from /user/file/myPath
end if

Open in new window


if the statement

If page = "/user/file" then

doesn't work, try doing a response.write of the page variable to see what it displays
0
 
Scott Fell, EE MVEDeveloperCommented:
The referring page can be spoofed.   I would add on to what Big Monty has shown you by adding an encrypted cookie or session variable to the page you want to test for.

On your /user/file page, towards the bottom of any asp code, add something like
session("lastpage")="/user/file"

Open in new window

Then on the page you want to test for, at the top of the page
IF session("lastpage")="/user/file" THEN
     'flag something good
     ELSE
     'flag something bad
END IF
session("lastpage")="myNewPage"

Open in new window


There are many options here.  The only downside to this method is if you have high traffic and your worker process resets (rare, but happens), you loose your session.  The other option is setting an encrypted cookie.  You can simply use response.cookies("lastpage") = "something" http://www.w3schools.com/asp/asp_cookies.asp but that is about as handy as using a querystring.  You would want to encrypt "something".   Using the session is going to be easier.

I use a similar function and use an include file on every page for the code to set the named page name.

Good luck!
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 7
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now