Integrating new naming standard for logon id's

[Kaytu]

Salutations,
My capacity for problem solving has been exhausted and I need your help! I work on a company intranet website that is used to track how many hours we teach and our certifications. This has been in place for about 3.5 years now and has been fine. NOW, the network has undergone a serious change...specifically our logon id's. We used to use lastnameFM (ex: smithja for John A Smith). Now, our logon id's are first.last (ex john.smith for John Smith). For some reason, now noone can access the site. The site currently resides on Windows NT Server (yikes) and uses Oracle 9i as our database. I have created test id's using the new naming standard and they still do not work. Here is part of the code for access purposes:

set objRec = objConn.execute
(" SELECT p.fname, p.lname, p.logon_id, p.section, p.rank AS ""rank"", p.security_level, mai "& _
" FROM dco.personnel p, dco.lk_martial_arts_levels lk " & _
" WHERE p.logon_id = (SELECT SUBSTR(UPPER('" & strUserLogon & "'),9)AS ""logon_id"" FROM dual) " & _
" AND p.ma_qual = lk.qual(+)")

IF objRec.EOF THEN
Response.Redirect("unauthorized.html")
ELSE
strUserSection = TRIM(objRec("section"))
strUserSecurity = objRec("security_level")
strUserName = objRec("lname")
strUserRank = TRIM(objRec("rank"))
strMAI = TRIM(objRec("mai"))
Session("index") = "true"
END IF

For some reason, it ALWAYS goes to EOF and redirects to the unauthorized page. I believe it has something to do with the '.' in the logon id's, but I admit, I am not that experienced with ASP enough to know that. Can ANYONE confirm that and assist me with this? Thanks!

Semper Fidelis,
Kaytu

 

[theniteowl]

Where does the value for strUserLogon get set?
Is it the result of a server side variable for the logon ID?
Have you tried using response.write to check that the value returned works as expected?

When you say you created a test ID are you refering to a domain login ID or an ID in the database?

What happened to the old domain logon IDs? Did they create all new accounts for people or did they rename the old accounts? I believe that renamed accounts can have problems where newly created accounts do not.

Are there any group permissions applied to your web folders that might need updating for the IIS folders?

Did the method of authentication change with the other changes? The IIS server settings might have to change to match any changes in authentication in the new environment.

If you have a test domain ID I would suggest creating a simple test app that just grabs Request.ServerVariables("LOGON_USER") and displays it.
This shows you that 1. The test ID is able to access and execute scripts in that folder. 2. That the logon ID is passing correctly into your ASP code.

If you are so inclined, you could create a test database with a table that contains nothing but the logon ID you want to test against and use the simplest querystring to compare against it just to verify if the match is working as expected.

There are so many things that have to happen prior to your web app trying to validate the logon ID and you are going to have to perform tests to narrow down where the actual failure is occuring. If the logon ID is not validating correctly or has unusual restrictions then your web app will fail but that does not mean the app is at fault.


Paranoid? ME?? WHO WANTS TO KNOW????

 

[Kaytu]

theniteowl,

Thanks for the info. Lots of questions to answer, which I will research, however, let me see if I can clarify a few things first.

What has basically happened at my organization is that we have transitioned into a new domain. This new domain uses logon id's that are first.last for authentication. This is NOT a problem. Authentication IS occuring. The problem occurs when the index page queries the Oracle database to see if this authenticated user has an account. For whatever reason, the ASP code cannot see the accounts in the database, though they do exist. I can use SQL*Plus and see the accounts are there. My suspiction is that ASP can't handle a '.' in a variable. In this case, if the domain validates an account (ex john.smith), then the index page queries to see if this account exists for the intranet site. It always goes to EOF and redirects to the unauthorized page.

Does ASP have difficulties with the '.'?

 

[theniteowl]

I just created a test table in Access and queried it from ASP. I made the ID field First.Last and it pulled and displayed properly with Response.Write.

Try creating a test script that does nothing more than pull and display a specific ID.

I know nothing about Oracle but this should be close:

strUserLogon = "first.last"
set objRec = objConn.execute
(" SELECT p.logon_id FROM dco.personnel WHERE p.logon_id = '" & strUserLogon & "')"
 IF objRec.EOF THEN
   Response.Write "ID not found"
 ELSE
   Response.Write "Found username " & TRIM(objRec("logon_id"))
 END IF

Of course you have to add the bits to open and close the connection to your database. This is about as simple a test as you can get to return the logon ID. If it fails, switch to a different field without a period in it but I do not think that is the source of the problem.


Paranoid? ME?? WHO WANTS TO KNOW????