Login.asp Code for the Supplier Solution Site
Following is the code for the Login.asp page for the Supplier Solution Site. This modified Login.asp is only required if the domain controller is separate from the Commerce Server installation. You do not need to use this code in other scenarios. If you put this Login.asp on a single computer configuration, it causes the login prompt to appear twice, requiring the user to logon twice.
For more information, see Enabling AuthFilter for the Supplier Solution Site.
<!-- #INCLUDE Virtual="supplierad/include/header.asp" -->
<!-- #INCLUDE Virtual="supplierad/include/const.asp" -->
<!-- #INCLUDE Virtual="supplierad/include/html_lib.asp" -->
<!-- #INCLUDE Virtual="supplierad/include/form_lib.asp" -->
<!-- #INCLUDE Virtual="supplierad/include/std_access_lib.asp" -->
<!-- #INCLUDE Virtual="supplierad/include/std_profile_lib.asp" -->
<!-- #INCLUDE Virtual="supplierad/include/std_cookie_lib.asp" -->
<!-- #INCLUDE Virtual="supplierad/include/std_url_lib.asp" -->
<!-- #INCLUDE Virtual="supplierad/include/std_util_lib.asp" -->
<!-- #INCLUDE Virtual="supplierad/include/setupenv.asp" -->
<!-- #INCLUDE Virtual="supplierad/template/no_menu.asp" -->
<%
REM sample file for using with AuthFilter
REM This file handles Login for user
%>
<%
Sub Main()
End Sub
Dim strSelect, strUserName, strPassword, strPasswordTest, strPWD, strRetAsp, sAuthUser
dim objAuth, objMSCSProfileObj
Dim strAuthErr, strSiteName, sUserID
' AuthManager : Create & Initialize
set objAuth = Server.CreateObject("Commerce.AuthManager")
strSiteName = CStr(Application("MSCSCommerceSiteName")) ' Get SiteName
objAuth.Initialize(strSiteName)
'Get the hidden variable to determine if this is the first run of the page
strSelect = Request.Querystring("realSubmit")
'If users pressed the submit button
if strSelect = "fromButton" then
'authenticate the user
strUserName = Request.Querystring("txtUsername")
strPassword = Request.Querystring("txtPassword")
if (strUserName = "") or (strPassword = "") then
Response.Redirect "Login.asp"
end If
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
' $PROXY-ACCOUNT: start
' To get Proxy-Account
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
' For Proxy-Account usage: you may need to update 'strUserName' && 'strPassword', which you may get from Profile
' Or some other similar way ...
' if password-available: if (objMSCSProfileObj.Fields("GeneralInfo.user_security_password").Value = strPassword) then
' sUserID = objMSCSProfileObj.Fields(GetQualifiedName(GENERAL_INFO_GROUP, FIELD_USER_ID)).Value
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
' $PROXY-ACCOUNT: end
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
' $PASSWORD: start
' To get Clear-Text-Password:
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
sAuthUser = LoginName(strUserName) ' as per profile-schema we need to filter DomainName here. 'strUserName' is in format: Domain\UserLoginID
Set objMSCSProfileObj = GetUserProfileByLoginName(sAuthUser)
if (objMSCSProfileObj is nothing) then
Response.Redirect "Login.asp"
end if
' if password-available: in clear-text for Proxy-Account
' strPasswordTest = objMSCSProfileObj.Fields.Item("GeneralInfo").Value.Item("user_security_password") ' objMSCSProfileObj.Fields("GeneralInfo.user_security_password").Value
Set objMSCSProfileObj = Nothing
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
' End Of getting Clear-Text password
' $PASSWORD: End
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
' for Custom/NT Auth
' if password-available: in clear-text for Proxy-Account
' if (strPasswordTest = strPassword) then
objAuth.SetAuthTicket strUserName, 1, 90
' Else
' Response.Redirect "Login.asp"
' EndIF
' Go to the Original requested ASP which is stored in cookie "MSCSFirstRequestedURL" & the following is required for a POST in Login instead of GET(by default)
strRetAsp = Request.Cookies("MSCSFirstRequestedURL") 'retAsp = "..\default.asp" ' (or) use: Request.Cookies("MSCSFirstRequestedURL") & First requested URL (even if there is no QueryString this URL ciontains '?' at the end
strRetAsp = strRetAsp + "&proxyuser=" ' make sure the QS-separator '?' is added by filter
strRetAsp = strRetAsp + strUserName
strRetAsp = strRetAsp + "&proxypwd=" ' Password
strRetAsp = strRetAsp + strPassword
if (strRetAsp = "" Or IsNUll(strRetAsp)) then
strRetAsp = objAuth.GetURL("default.asp", True, False, Array("proxyuser", "proxypwd"), Array(strUserName, strPassword))
end if
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
' Distributed-Denial-Of-Service Attack (DDoS)
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
' this is to avoid DDos Attacks with known User login ID
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
' Set objGenID = Server.CreateObject("Commerce.GenID") '$PERF: store one in Application scope in GLOBAL.ASA, Application("MSCSAuthGenID")
' strGUID = objGenID.GenGUIDString
'
' objAuth.SetProperty 2, "guid", strGUID ' after setting Ticket
' strRetAsp = strRetAsp + "&guid="
' strRetAsp = strRetAsp + strGUID
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Response.Redirect strRetAsp
else
if objAuth.IsAuthenticated(30) Then ' for Web-Farm scenario <valid-Auth-Ticket Exist, but not cached in Filter>
strUserName = objAuth.GetUserID(2) ' Get LoginID <only in case of AD-Site>
if (strUserName = "") or (IsNull(strUserName)) then
Response.Redirect "Login.asp"
end If
sAuthUser = LoginName(strUserName) ' as per profile-schema we need to filter DomainName here. 'strUserName' is in format: Domain\UserLoginID
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
' $PROXY-ACCOUNT: start
' To get Proxy-Account
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
' For Proxy-Account usage: you may need to update 'strUserName' && 'strPassword', which you may get from Profile
' Or some other similar way ...
' if password-available: if (objMSCSProfileObj.Fields("GeneralInfo.user_security_password").Value = strPassword) then
' sUserID = objMSCSProfileObj.Fields(GetQualifiedName(GENERAL_INFO_GROUP, FIELD_USER_ID)).Value
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
' $PROXY-ACCOUNT: end
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
' $PASSWORD: start
' To get Clear-Text-Password:
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Set objMSCSProfileObj = GetUserProfileByLoginName(sAuthUser) ' Helper method from SupplierAD solution-site
if (objMSCSProfileObj is nothing) then
Response.Redirect "Login.asp"
end if
' if password-available: in clear-text <same for proxy-account-scenario>
strPassword = objMSCSProfileObj.Fields.Item("GeneralInfo").Value.Item("user_security_password") ' objMSCSProfileObj.Fields("GeneralInfo.user_security_password").Value
'strPassword = "password" ' if PWD not avalable & for test purposes only
Set objMSCSProfileObj = Nothing
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
' End Of getting Clear-Text password
' $PASSWORD: End
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
strRetAsp = Request.Cookies("MSCSFirstRequestedURL") ' (or) use: "../default.asp"
strRetAsp = strRetAsp + "&proxyuser=" ' make sure the QS-separator '?' is added by filter
strRetAsp = strRetAsp + strUserName
strRetAsp = strRetAsp + "&proxypwd=" ' Password
strRetAsp = strRetAsp + strPassword
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
' Distributed-Denial-Of-Service Attack (DDoS)
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
' this is to avoid DDoS Attacks with known User login ID
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
' strGUID = objAuth.GetProperty(2, "guid") ' if this exists, you need to pass this also on Query string
'
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
' If Not IsNull(strGUID) Then
' strRetAsp = strRetAsp + "&guid="
' strRetAsp = strRetAsp + strGUID
' End If
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Response.Redirect strRetAsp
Else
PrintLogin
End If
End if
Set objAuth = Nothing
%>
<%Sub PrintLogin() %>
<HTML>
<HEAD>
<TITLE>Login</TITLE>
</HEAD>
<BODY>
<FORM NAME="frmLogin" ACTION="Login.asp" METHOD="GET">
<br>
<br>
<br>
<H2 ID=L_LoginForm_HTMLText>CS2K-LoginForm</H2><ID Id=L_EnterCredential_ErrorMessage>
To access authenticated content, please enter your UserID & Password</ID>
<br>
<br>
<br>
<H3 ID=L_UserName_HTMLText>Username:<INPUT TYPE="text" NAME="txtUsername" SIZE=32 MAXLENGTH=32><br><ID ID=L_UserPassword_HTMLText>
Password :</ID><INPUT TYPE="password" NAME="txtPassword" SIZE=32 MAXLENGTH=32></H3><br>
<br>
<INPUT type=HIDDEN name="realSubmit" value="fromButton">
<p align="left">
<input type="submit" name="action" id=L_Submit_Button value="Submit">
<input type="reset" name="action" id=L_Reset_Button value="Reset">
</p>
</FORM>
<H2>
<br>
<br>
<A HRef="register.asp" ID=L_RegisterIf_HTMLText>Register if you are a new user (need to add this registration file)</A>
<br>
</H2>
</BODY>
</HTML>
<%end sub%>
See Also
Enabling AuthFilter for the Supplier Solution Site
Copyright © 2005 Microsoft Corporation.
All rights reserved.