Configuring Login.asp to use a GUID
You may want to update your Login.asp page to add a custom property named guid, which holds a globally unique identifier (GUID) string on the ticket of a user to protect your site from Distributed Denial of Service (DDoS) attacks.
To place a GUID on the ticket of a user, you must update your login page, the Login.asp page for Solution Sites. Once a GUID is placed in the ticket, AuthFilter uses the GUID to lookup the password of the user in the AuthFilter password cache. The GUID is placed on the ticket of the user as a custom property by using the SetProperty method of the AuthManager object. Additionally, the property is appended to the query string for the redirected URL.
Once set, AuthFilter uses the GUID property to access the password cache instead of the user ID. When a user logs on with the same user ID but with a different password, AuthFilter identifies this as a different user and a new entry is made in the password cache instead of overwriting the original password. AuthFilter then follows the same steps as for a new user. For a code example showing this process, see Code to Set a Custom Property on a Ticket.
To view a sample Login.asp page, that has been updated to avoid this (DDoS) attack scenario, see Login.asp Code for the Supplier Solution Site.
In the example below, the code with the arrow next to it indicates the changes you need to make to the Login.asp file.
' after setting AuthTicket
objAuth.SetAuthTicket strUserID, True, 90
objAuth.SetProperty 2, "guid", strGUID change this line
' at the redirect in both the FirstTime and WebFarm paths:
strRetAsp = Request.Cookies("MSCSFirstRequestedURL")
strRetAsp = strRetAsp + "proxyuser="
strRetAsp = strRetAsp + "MyDomain\User1"
strRetAsp = strRetAsp + "&proxypwd="
strRetAsp = strRetAsp + "password"
strRetAsp = strRetAsp + "&guid=" change this line
strRetAsp = strRetAsp + strGUID change this line
The strGUID variable is a GUID/UniqueID generated, for example, by the GUIDGen object. Note that the GUID must be a unique identifier.
See Also
Login.asp Code for the Supplier Solution Site
Code to Set a Custom Property on a Ticket
Using Proxy Accounts in a Web Farm
Adding a New Property to a Profile Definition
Copyright © 2005 Microsoft Corporation.
All rights reserved.