Export (0) Print
Expand All

Login.asp Code for the Supplier Solution Site

Commerce Server 2002

Following is the code for the Login.asp page for the Supplier Solution Site. This modified Login.asp is only required if the domain controller is separate from the Commerce Server installation. You do not need to use this code in other scenarios. If you put this Login.asp on a single computer configuration, it causes the login prompt to appear twice, requiring the user to logon twice.

For more information, see Enabling AuthFilter for the Supplier Solution Site.

<!-- #INCLUDE Virtual="supplierad/include/header.asp" -->
<!-- #INCLUDE Virtual="supplierad/include/const.asp" -->
<!-- #INCLUDE Virtual="supplierad/include/html_lib.asp" -->
<!-- #INCLUDE Virtual="supplierad/include/form_lib.asp" -->
<!-- #INCLUDE Virtual="supplierad/include/std_access_lib.asp" -->
<!-- #INCLUDE Virtual="supplierad/include/std_profile_lib.asp" -->
<!-- #INCLUDE Virtual="supplierad/include/std_cookie_lib.asp" -->
<!-- #INCLUDE Virtual="supplierad/include/std_url_lib.asp" -->
<!-- #INCLUDE Virtual="supplierad/include/std_util_lib.asp" -->
<!-- #INCLUDE Virtual="supplierad/include/setupenv.asp" -->
<!-- #INCLUDE Virtual="supplierad/template/no_menu.asp" -->
<%
REM sample file for using with AuthFilter
REM This file handles Login for user
%>

<%

   Sub Main()
   End Sub
   
   Dim strSelect, strUserName, strPassword, strPasswordTest, strPWD, strRetAsp, sAuthUser
   dim objAuth, objMSCSProfileObj
   Dim strAuthErr, strSiteName, sUserID
   
   ' AuthManager : Create & Initialize
   set objAuth = Server.CreateObject("Commerce.AuthManager")
   strSiteName = CStr(Application("MSCSCommerceSiteName"))  ' Get SiteName
   objAuth.Initialize(strSiteName)
   
   'Get the hidden variable to determine if this is the first run of the page
   strSelect = Request.Querystring("realSubmit")

   'If users pressed the submit button
   if strSelect = "fromButton" then

      'authenticate the user
      strUserName = Request.Querystring("txtUsername")
      strPassword = Request.Querystring("txtPassword")

         if (strUserName = "") or (strPassword = "") then
            Response.Redirect "Login.asp"
         end If

''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
         ' $PROXY-ACCOUNT: start 
         '   To get Proxy-Account
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
         ' For Proxy-Account usage: you may need to update 'strUserName' && 'strPassword', which you may get from Profile
         '   Or some other similar way ...
         ' if password-available:   if (objMSCSProfileObj.Fields("GeneralInfo.user_security_password").Value = strPassword) then
         ' sUserID = objMSCSProfileObj.Fields(GetQualifiedName(GENERAL_INFO_GROUP, FIELD_USER_ID)).Value
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
         ' $PROXY-ACCOUNT: end
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''

''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
         ' $PASSWORD: start 
         '   To get Clear-Text-Password:
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
         sAuthUser = LoginName(strUserName)   ' as per profile-schema we need to filter DomainName here. 'strUserName' is in format: Domain\UserLoginID
         Set objMSCSProfileObj = GetUserProfileByLoginName(sAuthUser)
         if (objMSCSProfileObj is nothing) then
            Response.Redirect "Login.asp"
         end if
         ' if password-available: in clear-text for Proxy-Account
         ' strPasswordTest = objMSCSProfileObj.Fields.Item("GeneralInfo").Value.Item("user_security_password") ' objMSCSProfileObj.Fields("GeneralInfo.user_security_password").Value
         Set objMSCSProfileObj = Nothing

''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
         ' End Of getting Clear-Text password
         ' $PASSWORD: End
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
            ' for Custom/NT Auth
            ' if password-available: in clear-text for Proxy-Account
            ' if (strPasswordTest = strPassword) then
            objAuth.SetAuthTicket strUserName, 1, 90
            ' Else
            '   Response.Redirect "Login.asp"
            ' EndIF

            ' Go to the Original requested ASP which is stored in cookie "MSCSFirstRequestedURL" & the following is required for a POST in Login instead of GET(by default)
            strRetAsp = Request.Cookies("MSCSFirstRequestedURL")   'retAsp = "..\default.asp"    '  (or) use: Request.Cookies("MSCSFirstRequestedURL") &  First requested URL (even if there is no QueryString this URL ciontains '?' at the end
            strRetAsp = strRetAsp + "&proxyuser="               ' make sure the QS-separator '?' is added by filter
            strRetAsp = strRetAsp + strUserName
            strRetAsp = strRetAsp + "&proxypwd="            ' Password
            strRetAsp = strRetAsp + strPassword

            if (strRetAsp = "" Or IsNUll(strRetAsp)) then
               strRetAsp = objAuth.GetURL("default.asp", True, False, Array("proxyuser", "proxypwd"), Array(strUserName, strPassword))
            end if
         
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
            ' Distributed-Denial-Of-Service Attack (DDoS)
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
            ' this is to avoid DDos Attacks with known User login ID
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
            ' Set objGenID =  Server.CreateObject("Commerce.GenID") '$PERF: store one in Application scope in GLOBAL.ASA, Application("MSCSAuthGenID")
            ' strGUID = objGenID.GenGUIDString
            ' 
            ' objAuth.SetProperty 2, "guid", strGUID ' after setting Ticket
            ' strRetAsp = strRetAsp + "&guid="
            ' strRetAsp = strRetAsp + strGUID
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''

            Response.Redirect strRetAsp
   else
      if objAuth.IsAuthenticated(30) Then      ' for Web-Farm scenario <valid-Auth-Ticket Exist, but not cached in Filter>
         strUserName = objAuth.GetUserID(2)   ' Get LoginID <only in case of AD-Site>
         if (strUserName = "") or (IsNull(strUserName)) then
            Response.Redirect "Login.asp"
         end If
         sAuthUser = LoginName(strUserName)   ' as per profile-schema we need to filter DomainName here. 'strUserName' is in format: Domain\UserLoginID

''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
         ' $PROXY-ACCOUNT: start 
         '   To get Proxy-Account
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
         ' For Proxy-Account usage: you may need to update 'strUserName' && 'strPassword', which you may get from Profile
         '   Or some other similar way ...
         ' if password-available:   if (objMSCSProfileObj.Fields("GeneralInfo.user_security_password").Value = strPassword) then
         ' sUserID = objMSCSProfileObj.Fields(GetQualifiedName(GENERAL_INFO_GROUP, FIELD_USER_ID)).Value
 ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
         ' $PROXY-ACCOUNT: end
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
         
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
         ' $PASSWORD: start 
         '   To get Clear-Text-Password:
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
         Set objMSCSProfileObj = GetUserProfileByLoginName(sAuthUser)   ' Helper method from SupplierAD solution-site
         if (objMSCSProfileObj is nothing) then
            Response.Redirect "Login.asp"
         end if
         ' if password-available: in clear-text <same for proxy-account-scenario>
         strPassword = objMSCSProfileObj.Fields.Item("GeneralInfo").Value.Item("user_security_password") ' objMSCSProfileObj.Fields("GeneralInfo.user_security_password").Value
         'strPassword = "password"   ' if PWD not avalable & for test purposes only
         Set objMSCSProfileObj = Nothing
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
         ' End Of getting Clear-Text password
         ' $PASSWORD: End
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''

         strRetAsp = Request.Cookies("MSCSFirstRequestedURL") '  (or) use: "../default.asp" 
         strRetAsp = strRetAsp + "&proxyuser="               ' make sure the QS-separator '?' is added by filter
         strRetAsp = strRetAsp + strUserName
         strRetAsp = strRetAsp + "&proxypwd="               ' Password
         strRetAsp = strRetAsp + strPassword
         
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
            ' Distributed-Denial-Of-Service Attack (DDoS)
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
            ' this is to avoid DDoS Attacks with known User login ID
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
            ' strGUID = objAuth.GetProperty(2, "guid")   ' if this exists, you need to pass this also on Query string
            ' 
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
            ' If Not IsNull(strGUID) Then
            '    strRetAsp = strRetAsp + "&guid="
            '    strRetAsp = strRetAsp + strGUID
            ' End If
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''

         Response.Redirect strRetAsp
      Else
         PrintLogin
      End If   
   End if
   
   Set objAuth = Nothing
%>

<%Sub PrintLogin() %>
<HTML>
<HEAD>
<TITLE>Login</TITLE>
</HEAD>
<BODY>
<FORM NAME="frmLogin" ACTION="Login.asp" METHOD="GET">
<br>
<br>
<br>
<H2 ID=L_LoginForm_HTMLText>CS2K-LoginForm</H2><ID Id=L_EnterCredential_ErrorMessage>
To access authenticated content, please enter your UserID & Password</ID>
<br>
<br>
<br>

<H3 ID=L_UserName_HTMLText>Username:<INPUT TYPE="text" NAME="txtUsername" SIZE=32 MAXLENGTH=32><br><ID ID=L_UserPassword_HTMLText>
Password :</ID><INPUT TYPE="password" NAME="txtPassword" SIZE=32 MAXLENGTH=32></H3><br>
<br>

<INPUT type=HIDDEN name="realSubmit" value="fromButton">
<p align="left">
   <input type="submit" name="action" id=L_Submit_Button value="Submit">
   <input type="reset" name="action" id=L_Reset_Button value="Reset"> 
</p>
</FORM>

<H2>
<br>
<br>
<A HRef="register.asp" ID=L_RegisterIf_HTMLText>Register if you are a new user (need to add this registration file)</A>
<br>
</H2>

</BODY>
</HTML>
<%end sub%>

See Also

Enabling AuthFilter for the Supplier Solution Site

Copyright © 2005 Microsoft Corporation.
All rights reserved.
Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft