Robert Massey
|
| Posted: 01/27/2004, 10:55 AM |
|
Is there an easy way to include NT Authentication for loging into a CSS generated app? I have custom code for this. I thought it would be cool if CCS included this in it's login pages... :)
Thanks...
|
|
|
 |
Robert Massey
|
| Posted: 01/27/2004, 11:04 AM |
|
In addition some after thoughts, it would be cool to have CCS create a roles lookup for just a username whom is NT Authenticated. Is this possible. I would like to use this versus maintaining user tables. You could have a
Roles Table
pkRoleID
UserName
Role
Then lookup the NT authenticated name against this table to be able to see certain data or tables...
This may need to be put on a wish list if it currently doesn't support that. If there is no way currently what would be the best approach in locking the data to a role. I could setup the table and I built the NT Auth code already. Thanks again...
|
|
|
|
peterr
Posts: 5971
|
| Posted: 01/27/2004, 1:23 PM |
|
Since you already have the code for NT Authentication then all you need to do is the same that the function "CCLoginUser" in Common.asp is doing. The key is to create 3 Sessionvariables: UserID, UserLogin and GroupID. The corresponding code in Common.asp is:
Session("UserID") = RecordSet("user_id")
Session("UserLogin") = Login
Session("GroupID") = RecordSet("group_id")
There are several places where you could use this code. For example at the end of Common.asp you could add some code that checks if Session("UserID") exists and if not then use your code and create UserID automatically, or if fails kick the user to another page that displays "Access Denied".
Otherwise you can also create a blank page (with or without CCS) that runs your code, creates those 3 sessions and then redirect users to the main page where you want them to be.
In any case, the fact of a user being "logged in" is indicated only by the presence of those 3 session variables (actually only "UserID" and "GroupID" should be sufficient). If they don't exist then create them and the user will be logged in.
_________________
Peter R.
YesSoftware Forums Moderator
For product support please visit http://support.yessoftware.com |
 |
|
BlinkyBill
Posts: 86
|
| Posted: 01/27/2004, 2:03 PM |
|
Quote peterr:
Since you already have the code for NT Authentication then all you need to do is the same that the function "CCLoginUser" in Common.asp is doing. The key is to create 3 Sessionvariables: UserID, UserLogin and GroupID. The corresponding code in Common.asp is:
Session("UserID") = RecordSet("user_id")
Session("UserLogin") = Login
Session("GroupID") = RecordSet("group_id")
Peter,
Robert raises a great point, ROLES ! This is a major limitation of CCS. It would nice if it handles roles out of the box, instead assigned a user a mutually exclusive group id or a group id that inherits lower numbered group id's it would realy nice to say :
user1 = group id 1,2,5,7
user2 = group id 2,4,6,9
While I have hacked up the common.asp functions to do this for me, I'm now looking the dot net generated code and it looks like it take some modiying.
|
|
|
|
BlinkyBill
Posts: 86
|
| Posted: 01/27/2004, 2:06 PM |
|
Quote Robert Massey:
Is there an easy way to include NT Authentication for loging into a CSS generated app? I have custom code for this. I thought it would be cool if CCS included this in it's login pages... :)
Thanks...
Robert,
Are you using ADSI code or the WinAPI code to achieve this (ADVAPI32.DLL). I attempted this a while back but couldn't figure out how to authentication people across untrusted domains. Trusted domains were fine. We have around 500 domains here !
|
|
|
|
peterr
Posts: 5971
|
| Posted: 01/27/2004, 2:51 PM |
|
Bill,
Yes, you can easly modify the security function(s) used by CCS. We've seen users implemeting role-based security even in CodeCharge (not Studio). Though I haven't tried this with .NET - will check into that.
_________________
Peter R.
YesSoftware Forums Moderator
For product support please visit http://support.yessoftware.com |
|
|
|
BlinkyBill
Posts: 86
|
| Posted: 01/27/2004, 4:01 PM |
|
Quote peterr:
Bill,
Yes, you can easly modify the security function(s) used by CCS. We've seen users implemeting role-based security even in CodeCharge (not Studio). Though I haven't tried this with .NET - will check into that.
The ASP generated code is quite nice to modify as only the Functions you modify turn "white", whereas as soon as you do this to the dot net generated code the whole file turns white, meaning it now up to me to maintain that file. to make matters worse when you change setting in the UI they no longer flow thru to that file as it has been modified. I submitted this as a support case hopefully the dot net generated code will be MUCH improved in the next version. What isrequied and I whole lot more stubs for the generated code. While your at it these "stubs" are also required in things like web.config etc so we can modify web.config (and oter files) yet have it generate correctly using CCS.
Regards
|
|
|
|
Robert Massey
|
| Posted: 01/28/2004, 8:51 AM |
|
That is what I figured I would have to do. Thanks for the insight. Bill I am using ADSI. I have not tested it across multiple domains but I suppose you could if you asked for the domain from the user. You could then plug it into the domain variable and pass it through. Here is the code incase any one is interested in how I did it. It is pure ASP only. I am working on an ASP.NET and PHP version.
Here is my Login.asp page which gets the form fields form the login.htm page.
//////START OF LOGIN.ASP
<%
on error resume next
strUserName=Request.Form("username")
strPassword=Request.Form("password")
stay=Request.Form("stay")
Dim strDomain
strDomain = "OURDOMAINNAME"
Dim strADsPath
strADsPath = strDomain
'Flags 1 = Secure authentication flag 0 = unsecure
Dim iFlags
iFlags = 1
if (not strADsPath= "") then
' bind to the ADSI object. If user has supplied a username, then
' authenticate too
strADsPath = "WinNT://" & strADsPath
Dim oADsObject
Dim tempstr
tempstr = strDomain & "\" & strUserName
Set oADsObject = GetObject(strADsPath)
'response.write "Authenticating<br>"
Dim strADsNamespace
Dim oADsNamespace
strADsNamespace = left(strADsPath, instr(strADsPath, ":"))
set oADsNamespace = GetObject(strADsNamespace)
Set oADsObject = oADsNamespace.OpenDSObject(strADsPath, tempstr, strPassword, 0)
' we've only managed to bind if err.number = 0
if not (Err.number = 0) then
Notloggedin2 = "There was an error logging in! Check your login name and password.<br>" _
& "The login name and password is the same as your NT Account or email.<br>" _
& "Try again. <A href=login.htm>Click Here</a>"
response.write fontstuff
response.write "<center><BR>"
response.write Notloggedin2
else
'Get user full name from our HR system all users have an NT account so should be in our HR system.
Conn_Str = "dsn=HRMS;uid=ID;pwd=PWD"
' Open Connection to the database
set conn = Server.CreateObject("ADODB.Connection")
conn.Open Conn_Str
set rs = Server.CreateObject("ADODB.Recordset")
set RS =Conn.Execute("SELECT FirstName, LastName FROM [vPERSONS_ESS] WHERE username = '" & strUserName & "'")
if not RS.eof then
RS.movefirst
Do
UserFullName = TRIM(RS("FirstName")) & " " & TRIM(RS("LastName"))
RS.movenext
Loop until RS.eof
RS.movefirst
End if
rs.Close
Set rs = Nothing
Conn.Close
Set Conn = Nothing
if stay="" then
Response.Cookies("USERNAME") = strUserName
Response.Cookies("USERFULLNAME") = UserFullName
response.redirect "index.asp"
end if
if UCASE(stay) ="ON" then
Response.Cookies("USERNAME") = strUserName
Response.Cookies("USERNAME").Expires=#May 10,2010#
Response.Cookies("USERFULLNAME") = UserFullName
Response.Cookies("USERFULLNAME").Expires=#May 10,2010#
response.redirect "index.asp"
end if
end if
end if
%>
Enjoy!!!
-Robert
|
|
|
|
rhostager
|
| Posted: 01/28/2004, 10:25 AM |
|
I would be very interested in the PHP version when you finish it. Would you please post it here as well?
Thanks,
- Rob
|
|
|
|
Robert Massey
|
| Posted: 01/28/2004, 12:20 PM |
|
No problem... I wish I could work on it today but my time is limited these days. It's funny how what you love to do turns into work. Although I still love this kind of work. Its always challenging. I will post it ASAP...
|
|
|
|
Robert Massey
|
| Posted: 01/28/2004, 4:17 PM |
|
Well I couldn't leave well enough alone. I found this article that may help you out on NT authentication with PHP.
http://www.php.net/com
Scroll down a little and you will find some info on this subject. I plan on using this as a guide. Hope this helps...
-Robert
|
|
|
|
peterr
Posts: 5971
|
| Posted: 01/28/2004, 8:25 PM |
|
Bill,
Looks like modifying that section (DBUtility) in .NET files shouldn't cause any problems as Common files are mostly static. This file is also static, except for the security parameters, but modifying the authentication mechanism (CheckUser method) should not lead to problems in other areas.
To implement role-based security or NT authentication you may need to change the FormSupportedOperations class in the Security file.
_________________
Peter R.
YesSoftware Forums Moderator
For product support please visit http://support.yessoftware.com |
|
|
|
|
