Code to Retrieve Login Credentials Using the Post Method and Set an MSCSAuth Ticket

This example shows how to retrieve the user ID and password submitted on a HTML form using the Post method, retrieve the profile corresponding to the user ID by using the Commerce Server Profiles resource, set the user ID in an MSCSAuth ticket, and redirect the user to the originally requested URL. Assume the user entered a user ID and password and clicked the Submit button on an HTML form. For more information about using the Profiles resource, see Example Code for Profile Objects.

1. Make sure the request is a form submission, then retrieve the user ID and password.

   Dim sUserID, sPassword
   If Request.Form("realSubmit") = "fromButton" Then
       sUserID = Request.Form("txtUserName")
       sPassword = Request.Form("txtPassword")
   End If
   

2. Create and initialize the ProfileService object. The sBDSConnect parameter is the connection string to the Profile store where the profile definitions are saved.

   Dim oProfileService
   Set oProfileService = Server.CreateObject("Commerce.ProfileService")
   oProfileService.Initialize sBDSConnect, "Profile Definitions"
   

3. Retrieve the profile associated with the submitted user ID. If the profile does not exist, redirect the user to the login page.

   Dim oProfileObject
   Set oProfileObject = oProfileService.GetProfile(sUserID, "UserObject")
   If (oProfileObject Is Nothing) Then
       Response.Redirect "Login.asp"
   End If
   

4. Retrieve the password associated with the profile.

   Dim sProfilePassword
   sProfilePassword = oProfileObject.user_security_password
   

5. If the submitted password matches the profile password, set the authentication ticket to use the AuthManager object, oAuthManager, created and initialized in Code to Create and Initialize AuthManager. If the passwords do not match, redirect the user to the login page.

   If sPassword = sProfilePassword Then
       oAuthManager.SetAuthTicket sUserID, True, 45
   Else
       Response.Redirect "Login.asp"
   End If
   

6. Append the user ID and password to the URL string as custom properties. This step is provided for sites using the AuthFilter ISAPI filter in Windows Authentication mode and, in general, is not required. For more information about this mode and specific to this step, see Post Method.

   Dim sReturn
   sReturn = Request.Cookies("MSCSFirstRequestedURL")
   sReturn = sReturn & "&proxyuser=" & sUserID & "&proxypwd=" & sPassword
   

7. Redirect the user to the original requested URL.

   Response.Redirect sReturn
   

8. Release the objects.

   Set oProfileService = Nothing
   Set oProfileObject = Nothing
   Set oAuthManager = Nothing
   

Copyright © 2005 Microsoft Corporation.
All rights reserved.