Stuck on 1st page of Legacy ASP site on new server (User ID now blank)

[mbrayc]

Hi,

First, let me extend my thanks in advance to anyone who can provide insight into this matter.

I've run up against a problem I can't solve after lengthy research. I have a legacy ASP site (used for filing warranty claims) on a Server 2003 machine that I'm moving to a Server 2008 R2 machine due to Server 2003 EOL. The site prompts users for their credentials, authenticates them with AuthentiX against an MS Access database (connected via ODBC DSN), then upon successful authentication takes said user to the first ASP page. As the site is supposed to work (and does on the old server), the User ID (Dealer Account) is shown on the page, along with two fields for entering an email address and a serial number. When the user clicks "Continue", the page verifies the Dealer ID and serial number against a SQL database (and the dealer ID again against our ERP database on a separate SQL server). The site proceeds to the next page for additional info if successfully verified (warnings are shown if either entry is not verified). However, I can't even get that far. When I click "Continue" after entering a valid serial number (and my own email address), I get a warning that a required field isn't filled out correctly, which happens to be the User ID/Dealer Account (screenshot is attached). I suspect there's a connection issue with one of the databases, but haven't been able to pin it down because I'm getting no other errors. The Access DB for initial Authentication is in MDB format, and the SQL database on the new server is now SQL 2008R2 (migrated from SQL 2005). I'm including a code sample below:

' Find the Current User
usingAuthentiXStandard = true
if (usingAuthentiXStandard) then
	Set AuthX = Server.CreateObject("AUTHXOCX.AuthXOCXCtrl.1") 
else
	Set AuthX = Server.CreateObject("AUTHXISP.AuthXOCXCtrl.1") 
	protectedDomain = Request.ServerVariables("LOCAL_ADDR")
	AuthX.SetVirtualDomain protectedDomain, Request.ServerVariables("SCRIPT_NAME")
	AuthX.SetVirtualDomainPassword("")
end if
currentUser = left(UCASE(AuthX.CurrentUserName(Request.ServerVariables("LOCAL_ADDR"), Request.ServerVariables("SCRIPT_NAME"), Request.ServerVariables("HTTP_AUTHORIZATION"))),6) 

Dim	errormessage
strError = ""

if Request.Form("flag") = "1" Then

	Dim rsSerialNumber, connection
	Dim rowcount, SQL, sConnString
	Set Connection=Server.CreateObject("ADODB.Connection")
	Set rsSerialNumber=Server.CreateObject("ADODB.Recordset")
	
	sConnString="DSN=xxxxxxxxreg"
	Connection.Open(sConnString)

	SQL = "SELECT UDFREF_28, [DATE PURCH] FROM [MAIN W REG DATA] WHERE UDFREF_28='"& Request.Form("txtSerialNumber")&"'"
	rsSerialNumber.Open SQL,connection,3,3
	
	rowcount=rsSerialNumber.recordcount
	'response.write "The number of records is " & rowcount
	if (rowcount > 0) then
		if trim(rsSerialNumber.Fields("DATE PURCH").Value) <> "" then
			strNextPage = 1
		else
			if Request("regflag") = 1 then
				strNextPage = 1
			else
				if Request("regflag") = 2 then
					strNextPage = 2
				end if
			end if
		strRegError = 1	
		end if
	else
		strError = "<span class=""error"">Serial Number not found.</span>"
		strNextPage = 0
	end if
	' Close our recordset and connection and dispose of the objects
	rsSerialNumber.Close
	Set rsSerialNumber = Nothing
	
	Connection.Close
	'Set Connection = Nothing
	'Check Dealer Number
	
	Set rsDealerAccount=Server.CreateObject("ADODB.Recordset") 
	sConnString="DSN=XXXX5;UID=id;PWD=passwd"
	Connection.Open(sConnString)
	
	'Check Dealer Account
	'SQL = "SELECT CUSTID_23 FROM [Customer Master] WHERE CUSTID_23='"& Request("txtDealerAccount")&"'"
	SQL = "SELECT CUSTID_23 FROM " & chr(34) & "Customer_Master" & chr(34) & "WHERE CUSTID_23='"& Request("txtDealerAccount")&"'"
	rsDealerAccount.Open SQL,connection,3,3
	
	if strNextPage = 1 then
		Server.Transfer("step2.asp")
		Response.end()
	end if

Code snippet showing how page is displayed:

<!-- Start Body Of The Page -->
	<form onsubmit="return validate(this,'')" action="xxxx.asp" method="post" name="STEP1">
	<table width="99%" cellpadding="5">
		<tr>
			<td class="Title">Enter Serial Number</td>
		</tr>
	</table>
	<table>
		<tr>
			<td width="125"><span id="rfvtxtDealerAccount">Dealer Account:</span></td>
			<td width="274"><input type="hidden" name="txtDealerAccount" value="<%=currentUser%>"><%=currentUser%></td>
		</tr>
		<tr>
			<td><span id="rfvtxtEmail">Email:</span></td>
			<td><input onblur="validate(this,regexEmail)" type="text" name="txtEmail" size="25" value="<%=Request.Form("txtEmail")%>"></td>
		</tr>
		<tr>
			<td><span id="rfvtxtSerialNumber">Serial Number:</span></td>
			<td><input onblur="validate(this,'')" type="text" name="txtSerialNumber" size="25" value="<%=Request.Form("txtSerialNumber")%>"><%=strError%>&nbsp;<a href="#" class="info" ONMOUSEOVER="popup('Enter the serial number of the machine. You can find the serial number on your original invoice.','white')"; ONMOUSEOUT="kill()">what's this?</a></td>
		</tr>
		<%

I have yet to figure out exactly what the problem might be, even though I've been trying to teach myself ASP since I started this migration. Thanks again for any suggestions or advice.

MB

 

[ElEye]

The first place I'd look is user permissions, which you allude to.

With an Access DB the user permissions are on a Windows level: you need both read and write user permission on the folder containing your MDB/ACCDB file. With SQL Server the user permissions are in the security settings for that server.

The reason you need read/write with Access, even if you're not writing to the DB, is so that Access can create a temp file. (Open an Access file and a temp file is created in the same folder as the original file. This is true even with IIS opening your file.)

In SQL Server check that the applicable specific users are given proper permissions. This might be users specific to your DBs and/or those in IIS, like IUSR and 'ANONYMOUS LOGIN.'

These are generalities. Reply with your progress.

Dave
[

http://flashspot.com

]

 

[mbrayc]

Hi Dave,

Thanks for replying to my post. I checked all the permissions as you suggested. First, I found there was no access listed for the server's IUSR account, which I have corrected. Otherwise, all folder permissions for the Access DB match between the servers.

I also had to add a login for IUSR in SQL server and added the proper DB mappings and permissions. There are some differences, though the user is listed on the old server as "Servername\IUSR_Servername", whereas the new server has "NT AUTHORITY\IUSR". Also, there was a SQL user on the old server called "warramtysql" that has a SQL authentication login mapped to the SQL DB with the serial number info. However, I don't know the password for this user, and my boss is the only other person I can think of who might know what this is (this setup was created by people long before me and I don't know how involved my boss was). I'll check with him on Monday to see if they know since they're on vacation. That could be the sticking point.

The only other potential issue I can see immediately is between AuthentiX and the rest of the site code. While I can log in, it took some doing to get this to work (AuthentiX wasn't originally designed for 64-bit systems, though I found a workaround online).

Thanks again for your help, Dave.

 

[ElEye]

On the SQL Server user thing: you may have to remove the users that have the wrong server name (OLDSERVER\IUSR) from the users section of the security settings for the database. (DATABASE->SECURITY->USERS) Then make sure the correct user(s) (e.g. NEWSERVER\IUSR) are given appropriate rights in user mapping for the DB server (SERVER->SECURITY->LOGINS.) You may already know this: sometimes old users persist within a database that are not found in the SQL Server's logins, especially if a DB is restored or attached from one SQL Server to another. If this has anything to do with your user issues (if indeed that has anything to do with your ASP issues) you may have to deselect roles for a user you want to remove in that database's security before SQL Server will let you remove it.

I apologize if this is all just meandering or doesn't solve your issue. I've had plenty of experience with users/logins being related to issues when moving websites and/or databases to a new server. So, if this doesn't resolve your immediate issue perhaps it will help on a future occasion.

Dave
[

http://flashspot.com

]

 

[mbrayc]

I double-checked the users for the database, and I did find an entry referring to the old server. I removed it per your suggestion, but it doesn't seem to have made any difference. Therefore I think the user/ASP issues may be somewhere else - I just have to figure out where that somewhere else is .

 

[guitarzan]

You didn't post the code related to the error message in your screenshot. Start there. What generated the error message "You have not filled in the required fields ..." ? What was missing or what did the code expect? Work backwards from there.

 

[mbrayc]

Thanks for the advice, guitarzan.

I found the code referencing the popup in a Javascript page elsewhere in the site directory.

var aryvalidate = new Array;
var regexZipCode = '^[0-9]{5}([- /]?[0-9]{4})?$';
var regexEmail = '^([0-9a-zA-Z]([-.\w]*[0-9a-zA-Z])*@(([0-9a-zA-Z])+([-\w]*[0-9a-zA-Z])*\.)+[a-zA-Z]{2,9})$';
var regexPhone = '^[\\(]{0,1}([0-9]){3}[\\)]{0,1}[ ||-]?([^0-1]){1}([0-9]){2}[ ]?[-]?[ ]?([0-9]){4}[ ]*((x){0,1}([0-9]){1,5}){0,1}$';
var regexNumeric = '^([0-9]+\.[0-9]*)$';
var regexHours = "^([0-9]*)$";
function validate(elem,regex) {
	/*
	Regular Expression parameters for various fields
	Zip Code:  ^[0-9]{5}([- /]?[0-9]{4})?$
	Email: ^([0-9a-zA-Z]([-.\w]*[0-9a-zA-Z])*@(([0-9a-zA-Z])+([-\w]*[0-9a-zA-Z])*\.)+[a-zA-Z]{2,9})$
	Phone: ^[\\(]{0,1}([0-9]){3}[\\)]{0,1}[ ||-]?([^0-1]){1}([0-9]){2}[ ]?[-]?[ ]?([0-9]){4}[ ]*((x){0,1}([0-9]){1,5}){0,1}$
	Anything not starting with a special charachter (default) : ^[0-9a-zA-Z]
	*/
	
	bReturnValue=true;
	defaultregex="^[0-9a-zA-Z.]";
			
	if (regex=="") {
		regex=defaultregex;
	}
	var re = new RegExp(regex);
	if (elem.type==undefined) { //Entire Form Validation
		var elemfocus=-1;
		var elemmissed=0
		for (var i=0;i<elem.length;i++) {  //Whole Form
			var strrfv = "rfv"+elem.elements[i].name; //.substr(3);
			if (aryvalidate[elem.elements[i].name]) {
				var re = new RegExp(aryvalidate[elem.elements[i].name]);
			}
			else {
				var re = new RegExp(regex);
			}
			if ((!elem.elements[i].value.match(re)) && document.getElementById(strrfv)) {
				rfv = document.getElementById(strrfv);
				rfv.style.color = "#ff0000";
				bReturnValue=false;
				elemmissed++;
				if (elemfocus==-1) {
					elemfocus=i;
				}
			}
		}
		[highlight #FCE94F]if (!bReturnValue && i>0) {
			alert("You have not filled in "+elemmissed+" of the required fields correctly. \n Please correct RED colored items.");
			elem.elements[elemfocus].focus();
			return false;[/highlight]
		}
	}
	else { //Form Element Validation
		if (elem.type=="text" || elem.type=="select-one") {
			var strrfv = "rfv"+elem.name; //.substr(3);
			if (regex!=defaultregex) {
				aryvalidate[elem.name]=regex;
			}
			if ((!elem.value.match(re)) && document.getElementById(strrfv)) {
				rfv = document.getElementById(strrfv);
				rfv.style.color = "#ff0000";
				bReturnValue=false;
			}
			else {
				rfv = document.getElementById(strrfv);
				rfv.style.color = "#000000";
				bReturnValue=true;
			}
		}
	}
	return bReturnValue;

}

It's looking like the error message is being generated simply because the Dealer Account information isn't being copied over, at least that's my theory. Like I said, it took some effort to get the old authentication program to work on this 64-bit server at all (I can't access that directly but through a browser-based interface-unlike the old server). I'll continue looking to see if there's another solution or workaround to get this to work.

Thanks again for your help.