User Authentication with Classic ASP

Hi Experts,
I'm using the attached code for user authentication.
Users have two different options to log in.
When they log in with their EMP_ID the logon format is someting like USA\U123456, or EUROPE\U 123456, or ASIA\U123456
The EMP_ID part from the logon is 123456. This is what I capture, and it's working fine.
The problem is when they log in with their ALT_ID
In this case the logon format is something like USA\ABC12, or EUROPE\RTX24T, or ASIA\G678PFGH
This is when I can't capture their EMP_ID, LAST_NAME, or FIRST_NAME.
How can the code below be changed to be able to capture their identity with any of their logon options.
Thank you for your help.
<%
set rs = Server.CreateObject("ADODB.recordset")
Dim UserID
UserID = Request.ServerVariables("LOGON_USER")

UserID = Replace(UCase(UserID), "\U", "\")
UserID = Mid(UserID,instr(UserID,"\")+1)

rs.Open "exec sp_Authentication'" & UserID & "'", Conn

do until rs.EOF
EMP_ID = rs("EMP_ID")
ALT_ID = rs("ALT_ID")
FIRST_NAME = rs("FIRST_NAME")
LAST_NAME = rs("LAST_NAME")

rs.MoveNext
loop
rs.Close
Set rs = Nothing
%>

<%=First_Name%>&nbsp;<%=Last_Name%>
<br />
<%=Request.ServerVariables("Logon_User")%>

Open in new window

romsomAsked:
Who is Participating?
 
Big MontySenior Web Developer / CEO of ExchangeTree.org Commented:
this code should get you what you want for both types if IDs:

<%
UserID = "ABC\U123456"
UserID = Mid( UserID, InStrRev( UserID, "\", -1, 1 ) + 1, Len( userID ) )
if InStr( UserID, "U" ) >= 0 then
    UserID = Replace( UserID, "U", "" )
end if
Response.Write UserID

%>

Open in new window

0
 
Big MontySenior Web Developer / CEO of ExchangeTree.org Commented:
so instead of a search and replace, you're better off just stripping everything to the left of the final "\" character, including the slash. so instead of having these two lines:

UserID = Replace(UCase(UserID), "\U", "\")
UserID = Mid(UserID,instr(UserID,"\")+1)

replace them with

UserID = Right( UserID, InStrRev( UserID, "\" ) + 1 )

some info on the InStrRev() function - http://www.w3schools.com/vbscript/func_instrrev.asp
0
 
romsomAuthor Commented:
This didn't work because when they are logged in with their EMP_ID the format is always ABC\U123456
So, there is always a small u or capital U after the ABC\
Their EMP_ID is what follows the U.
When they log in with their ALT_ID, the characters after the \ is their EMP_ID
I'd like to capture the EMP_ID no matter how they are logged in.
0
Cloud Class® Course: Amazon Web Services - Basic

Are you thinking about creating an Amazon Web Services account for your business? Not sure where to start? In this course you’ll get an overview of the history of AWS and take a tour of their user interface.

 
Big MontySenior Web Developer / CEO of ExchangeTree.org Commented:
shouldn't matter, since a slash can't be upper case or lower case, and that's where you're getting the starting index to parse out the UserID.

I ran the code below and I got 1234 as an output:

<%
userID = "US\1234"
UserID = Right( UserID, InStrRev( UserID, "\" ) + 1 )
Response.Write userID    
%>

Open in new window

0
 
Big MontySenior Web Developer / CEO of ExchangeTree.org Commented:
even if I add a 'u' char ("US\U1234") in the variable, I still get the same result

you could also try a text based search, instead of a binary one:

Response.Write InStrRev( UserID, "\", -1, 1 )

the last parameter indicates a textual search (0 is the default for binary
0
 
romsomAuthor Commented:
Yes, this method works, but only when they are logged in whit their ALT_ID
I did this to verify:

set rs = Server.CreateObject("ADODB.recordset")
Dim UserID
UserID = Request.ServerVariables("LOGON_USER")

UserID = Right( UserID, InStrRev( UserID, "\" ) + 1 )
Response.Write userID

When they are logged in with their EMP_ID, they cannot be authenticated, because the U is displayed as part of their employee numbers.

ABC\U is not part of the employee number, just the 123456
0
 
Big MontySenior Web Developer / CEO of ExchangeTree.org Commented:
gotcha, then modify that line of code to:

UserID = Right( UserID, InStrRev( UserID, "\", -1, 1 )
0
 
romsomAuthor Commented:
I've modified it, but now when they are logged in with their ALT_ID, the first character of their EMP_IS missing.
0
 
romsomAuthor Commented:
This is the code now:

Dim UserID
UserID = Request.ServerVariables("LOGON_USER")
UserID = Right( UserID, InStrRev( UserID, "\", -1, 1 ))
Response.Write userID

When they are logged in with their EMP_ID the userID is u123456
The u shouldn't be there.

When they are logged in with their ALT_ID the first character is of their userID is missing
0
 
Big MontySenior Web Developer / CEO of ExchangeTree.org Commented:
you may be better off using a regular expression, I found this online and think it would great for you:

<%
  Function stripNonNumeric(inputString)
    Set regEx = New RegExp
     regEx.Global = True
     regEx.Pattern = "\D"
     stripNonNumeric = regEx.Replace(inputString,"")
  End Function
 
Dim UserID

UserID = Request.ServerVariables("LOGON_USER")
UserID = stripNonNumeric( Right( UserID, InStrRev( UserID, "\", -1, 1 ) + 1 ) )

Response.Write UserID 
%>

Open in new window

0
 
romsomAuthor Commented:
Now this is working fine, but only when they are logged in with their EMP_ID
When they are logged in with their ALT_ID the first character is missing.
0
 
Big MontySenior Web Developer / CEO of ExchangeTree.org Commented:
really weird, because when I do:

UserID = stripNonNumeric( Right( UserID, InStrRev( UserID, "\", -1, 1 ) + 1 ) )

it gives me the expected result, but on your end, you're off one character. so see if this does what you want:

UserID = stripNonNumeric( Right( UserID, InStrRev( UserID, "\", -1, 1 )  )  )
0
 
romsomAuthor Commented:
The only way I could make it work is with the code below. Can these two options be combined?

<%
set rs = Server.CreateObject("ADODB.recordset")

Dim UserID
UserID = Request.ServerVariables("LOGON_USER")

UserID = Replace(UCase(UserID), "\U", "\")
UserID = Mid(UserID,instr(UserID,"\")+1)

rs.Open "select * from Authentication where EMP_ID = '" & UserID & "'", Conn

do until rs.EOF
EMP_ID = rs("EMP_ID")
ALT_ID = rs("ALT_ID")
FIRST_NAME = rs("FIRST_NAME")
LAST_NAME = rs("LAST_NAME")

rs.MoveNext
loop
rs.Close
Set rs = Nothing
%>


<%
set rs = Server.CreateObject("ADODB.recordset")

Dim LoginID
LoginID = Request.ServerVariables("LOGON_USER")

LoginID = Replace(UCase(LoginID), "\U", "\")
LoginID = Mid(LoginID,instr(LoginID,"\")+1)

rs.Open "select * from Authentication where ALT_ID = '" & LoginID & "'", Conn

do until rs.EOF
EMP_ID = rs("EMP_ID")
ALT_ID = rs("ALT_ID")
FIRST_NAME = rs("FIRST_NAME")
LAST_NAME = rs("LAST_NAME")

rs.MoveNext
loop
rs.Close
Set rs = Nothing
%>

Open in new window

0
 
Big MontySenior Web Developer / CEO of ExchangeTree.org Commented:
what did you get for results when you ran my latest code?
0
 
romsomAuthor Commented:
This didn't work either:
UserID = stripNonNumeric( Right( UserID, InStrRev( UserID, "\", -1, 1 )  )  )

I'm logged in to two different computers.
To the first one I'm logged in as ABCD\U123456
My EMP_ID is 123456 and my ALT_ID is SSS22

At the other computer I'm logged in as ABC\SSS22

How can I make this code recognize me no matter how I'm logged in. In the database I have both the EMP_ID and the ALT_ID columns.
<%
set rs = Server.CreateObject("ADODB.recordset")

Dim UserID
UserID = Request.ServerVariables("LOGON_USER")

UserID = Replace(UCase(UserID), "\U", "\")
UserID = Mid(UserID,instr(UserID,"\")+1)

rs.Open "select * from Authentication where EMP_ID = '" & UserID & "'", Conn

do until rs.EOF
EMP_ID = rs("EMP_ID")
ALT_ID = rs("ALT_ID")
FIRST_NAME = rs("FIRST_NAME")
LAST_NAME = rs("LAST_NAME")

rs.MoveNext
loop
rs.Close
Set rs = Nothing
%>


<%
set rs = Server.CreateObject("ADODB.recordset")

Dim LoginID
LoginID = Request.ServerVariables("LOGON_USER")

LoginID = Replace(UCase(LoginID), "\U", "\")
LoginID = Mid(LoginID,instr(LoginID,"\")+1)

rs.Open "select * from Authentication where ALT_ID = '" & LoginID & "'", Conn

do until rs.EOF
EMP_ID = rs("EMP_ID")
ALT_ID = rs("ALT_ID")
FIRST_NAME = rs("FIRST_NAME")
LAST_NAME = rs("LAST_NAME")

rs.MoveNext
loop
rs.Close
Set rs = Nothing
%>

Open in new window

0
 
romsomAuthor Commented:
The latest code:
UserID = stripNonNumeric( Right( UserID, InStrRev( UserID, "\", -1, 1 )  )  )

recognized me when I was logged in with my EMP_ID as ABCD\U123456

But when I was logged in as ABC\SSS22 it only displayed SS22
The first character after the \ was missing
<%
set rs = Server.CreateObject("ADODB.recordset")

Dim UserID
UserID = Request.ServerVariables("LOGON_USER")

UserID = Replace(UCase(UserID), "\U", "\")
UserID = Mid(UserID,instr(UserID,"\")+1)

rs.Open "select * from Authentication where EMP_ID = '" & UserID & "'", Conn

do until rs.EOF
EMP_ID = rs("EMP_ID")
ALT_ID = rs("ALT_ID")
FIRST_NAME = rs("FIRST_NAME")
LAST_NAME = rs("LAST_NAME")

rs.MoveNext
loop
rs.Close
Set rs = Nothing
%>


<%
set rs = Server.CreateObject("ADODB.recordset")

Dim LoginID
LoginID = Request.ServerVariables("LOGON_USER")

LoginID = Replace(UCase(LoginID), "\U", "\")
LoginID = Mid(LoginID,instr(LoginID,"\")+1)

rs.Open "select * from Authentication where ALT_ID = '" & LoginID & "'", Conn

do until rs.EOF
EMP_ID = rs("EMP_ID")
ALT_ID = rs("ALT_ID")
FIRST_NAME = rs("FIRST_NAME")
LAST_NAME = rs("LAST_NAME")

rs.MoveNext
loop
rs.Close
Set rs = Nothing
%>

Open in new window

0
 
romsomAuthor Commented:
I didn't mean to paste in the last code snipplet
0
 
romsomAuthor Commented:
This is almost perfect. The only problem is that when the u is not in capital letter the UserID is displayed as u123456 instead of 123456.
0
 
Big MontySenior Web Developer / CEO of ExchangeTree.org Commented:
change this line

UserID = Request.ServerVariables("LOGON_USER")

to

UserID = UCase( Request.ServerVariables("LOGON_USER") )
0
 
romsomAuthor Commented:
I'm so sorry for being such a pain, but I have one more question. How is it going to recognize me when I'm logged in with my ALT_ID ?
Now the UserID is trimmed nicely and it's displayed like 123456 or SSS22, depending how I'm logged in.
But when the UserID is SSS22 how is it going to find the correct employee number?
Is this the way I should write my query?

select * from Authentication where EMP_ID = '" & UserID & "' or ALT_ID='" & UserID & "'

Thank you so much for your hard work on this.
0
 
romsomAuthor Commented:
If I want to call a stored procedure how am I going to let it know to find my EMP_ID by the way I'm logged in

rs.Open "exec GetEmployees'" & UserID & "'", Conn
0
 
Big MontySenior Web Developer / CEO of ExchangeTree.org Commented:
no worries, glad I can help :)

if the 2 scenarios you have accounted for (the employee ID and the alternate ID) both rely on your database fields called EMP_ID and ALT_ID respectively, then yes, the query you have is correct.
0
 
Big MontySenior Web Developer / CEO of ExchangeTree.org Commented:
If I want to call a stored procedure how am I going to let it know to find my EMP_ID by the way I'm logged in

rs.Open "exec GetEmployees'" & UserID & "'", Conn

easiest way would be to add a 3rd parameter called, for example, mode, and based off of that parameter, you would use the appropriate field. You could also pass the value into the SP with no 3rd parameter, and just convert the logic we did here to sql
0
 
romsomAuthor Commented:
I'm really grateful, like always when you help me out.
Thank you very much.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.