Login.asp Code for the Supplier Solution Site
Following is the code for the Login.asp for the Supplier Solution Site. If you choose to use AuthFilter for the Supplier site, you must use this code for your site Login.asp. For more information, see Enabling AuthFilter for the Supplier Solution Site.
<!-- #INCLUDE FILE="../include/header.asp" -->
<!-- #INCLUDE FILE="../include/const.asp" -->
<!-- #INCLUDE FILE="../include/html_lib.asp" -->
<!-- #INCLUDE FILE="../include/form_lib.asp" -->
<!-- #INCLUDE FILE="../include/std_access_lib.asp" -->
<!-- #INCLUDE FILE="../include/std_profile_lib.asp" -->
<!-- #INCLUDE FILE="../include/std_cookie_lib.asp" -->
<!-- #INCLUDE FILE="../include/std_url_lib.asp" -->
<!-- #INCLUDE FILE="../include/std_util_lib.asp" -->
<!-- #INCLUDE FILE="../include/setupenv.asp" -->
<!-- #INCLUDE FILE="../template/no_menu.asp" -->
<%
REM sample file for using with AuthFilter
REM This file handles Login for user
%>
<%
Sub Main()
End Sub
Dim strSelect, strUserName, strPassword, strPasswordTest, strPWD, strRetAsp, sAuthUser
dim objAuth, objMSCSProfileObj
Dim strAuthErr, strSiteName, sUserID
' AuthManager : Create & Initialize
set objAuth = Server.CreateObject("Commerce.AuthManager")
strSiteName = CStr(Application("MSCSCommerceSiteName")) ' Get SiteName
objAuth.Initialize(strSiteName)
'Get the hidden variable to determine if this is the first run of the page
strSelect = Request.Querystring("realSubmit")
'If users pressed the submit button
if strSelect = "fromButton" then
'authenticate the user
strUserName = Request.Querystring("txtUsername")
strPassword = Request.Querystring("txtPassword")
if (strUserName = "") or (strPassword = "") then
Response.Redirect "Login.asp"
end If
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
' $PROXY-ACCOUNT: start
' To get Proxy-Account
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
' For Proxy-Account usage: you may need to update 'strUserName' && 'strPassword', which you may get from Profile
' Or some other similar way ...
' if password-available: if (objMSCSProfileObj.Fields("GeneralInfo.user_security_password").Value = strPassword) then
' sUserID = objMSCSProfileObj.Fields(GetQualifiedName(GENERAL_INFO_GROUP, FIELD_USER_ID)).Value
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
' $PROXY-ACCOUNT: end
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
' $PASSWORD: start
' To get Clear-Text-Password:
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
sAuthUser = LoginName(strUserName) ' as per profile-schema we need to filter DomainName here. 'strUserName' is in format: Domain\UserLoginID
Set objMSCSProfileObj = GetUserProfileByLoginName(sAuthUser)
if (objMSCSProfileObj is nothing) then
Response.Redirect "Login.asp"
end if
' if password-available: in clear-text for Proxy-Account
' strPasswordTest = objMSCSProfileObj.Fields.Item("GeneralInfo").Value.Item("user_security_password") ' objMSCSProfileObj.Fields("GeneralInfo.user_security_password").Value
Set objMSCSProfileObj = Nothing
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
' End Of getting Clear-Text password
' $PASSWORD: End
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
' for Custom/NT Auth
' if password-available: in clear-text for Proxy-Account
' if (strPasswordTest = strPassword) then
objAuth.SetAuthTicket strUserName, 1, 90
' Else
' Response.Redirect "Login.asp"
' EndIF
' Go to the Original requested ASP which is stored in cookie "MSCSFirstRequestedURL" & the following is required for a POST in Login instead of GET(by default)
strRetAsp = Request.Cookies("MSCSFirstRequestedURL") 'retAsp = "..\default.asp" ' (or) use: Request.Cookies("MSCSFirstRequestedURL") & First requested URL (even if there is no QueryString this URL ciontains '?' at the end
strRetAsp = strRetAsp + "&proxyuser=" ' make sure the QS-separator '?' is added by filter
strRetAsp = strRetAsp + strUserName
strRetAsp = strRetAsp + "&proxypwd=" ' Password
strRetAsp = strRetAsp + strPassword
if (strRetAsp = "" Or IsNUll(strRetAsp)) then
strRetAsp = objAuth.GetURL("default.asp", True, False, Array("proxyuser", "proxypwd"), Array(strUserName, strPassword))
end if
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
' Distributed-Denial-Of-Service Attack (DDoS)
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
' this is to avoid DDos Attacks with known User login ID
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
' Set objGenID = Server.CreateObject("Commerce.GenID") '$PERF: store one in Application scope in GLOBAL.ASA, Application("MSCSAuthGenID")
' strGUID = objGenID.GenGUIDString
'
' objAuth.SetProperty 2, "guid", strGUID ' after setting Ticket
' strRetAsp = strRetAsp + "&guid="
' strRetAsp = strRetAsp + strGUID
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Response.Redirect strRetAsp
else
if objAuth.IsAuthenticated(30) Then ' for Web-Farm scenario <valid-Auth-Ticket Exist, but not cached in Filter>
strUserName = objAuth.GetUserID(2) ' Get LoginID <only in case of AD-Site>
if (strUserName = "") or (IsNull(strUserName)) then
Response.Redirect "Login.asp"
end If
sAuthUser = LoginName(strUserName) ' as per profile-schema we need to filter DomainName here. 'strUserName' is in format: Domain\UserLoginID
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
' $PROXY-ACCOUNT: start
' To get Proxy-Account
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
' For Proxy-Account usage: you may need to update 'strUserName' && 'strPassword', which you may get from Profile
' Or some other similar way ...
' if password-available: if (objMSCSProfileObj.Fields("GeneralInfo.user_security_password").Value = strPassword) then
' sUserID = objMSCSProfileObj.Fields(GetQualifiedName(GENERAL_INFO_GROUP, FIELD_USER_ID)).Value
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
' $PROXY-ACCOUNT: end
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
' $PASSWORD: start
' To get Clear-Text-Password:
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Set objMSCSProfileObj = GetUserProfileByLoginName(sAuthUser) ' Helper method from SupplierAD solution-site
if (objMSCSProfileObj is nothing) then
Response.Redirect "Login.asp"
end if
' if password-available: in clear-text <same for proxy-account-scenario>
strPassword = objMSCSProfileObj.Fields.Item("GeneralInfo").Value.Item("user_security_password") ' objMSCSProfileObj.Fields("GeneralInfo.user_security_password").Value
'strPassword = "password" ' if PWD not avalable & for test purposes only
Set objMSCSProfileObj = Nothing
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
' End Of getting Clear-Text password
' $PASSWORD: End
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
strRetAsp = Request.Cookies("MSCSFirstRequestedURL") ' (or) use: "../default.asp"
strRetAsp = strRetAsp + "&proxyuser=" ' make sure the QS-separator '?' is added by filter
strRetAsp = strRetAsp + strUserName
strRetAsp = strRetAsp + "&proxypwd=" ' Password
strRetAsp = strRetAsp + strPassword
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
' Distributed-Denial-Of-Service Attack (DDoS)
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
' this is to avoid DDos Attacks with known User login ID
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
' strGUID = objAuth.GetProperty(2, "guid") ' if this exists, you need to pass this also on Query string
'
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
' If Not IsNull(strGUID) Then
' strRetAsp = strRetAsp + "&guid="
' strRetAsp = strRetAsp + strGUID
' End If
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Response.Redirect strRetAsp
Else
PrintLogin
End If
End if
Set objAuth = Nothing
%>
<%Sub PrintLogin() %>
<HTML>
<HEAD>
<TITLE>Login</TITLE>
</HEAD>
<BODY>
<FORM NAME="frmLogin" ACTION="Login.asp" METHOD="GET">
<br>
<br>
<br>
<H2 ID=L_LoginForm_HTMLText>CS2K-LoginForm</H2><ID Id=L_EnterCredential_ErrorMessage>
To access authenticated content, please enter your UserID & Password</ID>
<br>
<br>
<br>
<H3 ID=L_UserName_HTMLText>Username:<INPUT TYPE="text" NAME="txtUsername" SIZE=32 MAXLENGTH=32><br><ID ID=L_UserPassword_HTMLText>
Password :</ID><INPUT TYPE="password" NAME="txtPassword" SIZE=32 MAXLENGTH=32></H3><br>
<br>
<INPUT type=HIDDEN name="realSubmit" value="fromButton">
<p align="left">
<input type="submit" name="action" id=L_Submit_Button value="Submit">
<input type="reset" name="action" id=L_Reset_Button value="Reset">
</p>
</FORM>
<H2>
<br>
<br>
<A HRef="register.asp" ID=L_RegisterIf_HTMLText>Register if you are a new user (need to add this registration file)</A>
<br>
</H2>
</BODY>
</HTML>
<%end sub%>
See Also
Working with Site Security and Filters