Use NT Login to Allow/Block Access to Certain page

[DarkKodiak]

Hi,

I have a page that only certain users should view. Currently, I am able to get the NT login of the user trying to view the page:

Dim login ' user's NT login

login = Request.ServerVariables("LOGON_USER&quot
login = Right(login, (Len(login) - Trim(InStr(1,login, "\" , vbTextCompare))))

My plan is to have a static text file containing authorized users and get my code to compare the login against the text file. However, I am not having much luck.

Currently, I can not even get this to work:

If login = "john" then
Response.Redirect="unauthorized.html"
End If

So if I login with an NT account of john and try to hit the page a login prompt pops up asking for my login creditals for the web server...if I enter the correct login, I am able to see the page...why is it doing this...

Any Help will be Appreciated....

 

[ToddWW]

Use the FileSystemObject to read and write to the text file.

Troubleshoot your problem this way by displaying the variable before your IF / END IF action.


Response.Write &quot;--- &quot; & login & &quot; ---<br>&quot;

If login = &quot;john&quot; then
Response.Redirect=&quot;unauthorized.html&quot;
End If

I use the --- just in case the variable is blank, then I will just see

--- ---

Otherwise you should see --- john --- or my guess is some variation of that.

ToddWW

 

[ToddWW]

Oh, just as I submitted I noticed a problem with your redirect statement. I think you want to remove the = sign.

Should just be..

Response.Redirect &quot;somepage.asp&quot;

ToddWW

 

[DarkKodiak]

Hey Tood, Great Catch! Thank you for the help. It works now, but now I want to compare the user's login against a text file.

The text file will look like this:

john
anthony
mark

I know how to read from a text file (line by line), but how can I check if the user's login exists in the text file? If this was unix it would be a simple:

grep user_login authorized.txt

Any suggestions?

 

[AdmanOK]

The script below should work for you... it will read through the text file line by line and if it finds that matching username will redirect to the unauhorized.html

---

login = Request.ServerVariables(&quot;LOGON_USER&quot
login = Right(login, (Len(login) - Trim(InStr(1,login, &quot;\&quot; , vbTextCompare))))

authfile = server.mappath(&quot;authorized.txt&quot
Set fs = CreateObject(&quot;Scripting.FileSystemObject&quot
Set thisfile = fs.OpenTextFile(authfile, 1, False)
counter = 0

Do While Not thisfile.AtEndOfStream
authname = thisfile.readline
if login = authname then
Response.Redirect &quot;unauthorized.html&quot;
end if
loop

thisfile.Close
Set thisfile = Nothing
Set fs = Nothing

 

[DarkKodiak]

Hey Adam,

I came up with something similar before reading your post: (Mine is not as elegant as yours)

%
Const ForReading = 1
Const Create = False
Dim objFSO ' FileSystemObject
Dim TS ' TextStreamObject
Dim strLine ' local variable to store Line
Dim login_id ' user's NT login
Dim strFileName ' local variable to store fileName
Dim check ' auth check

check=0
login_id = Request.ServerVariables(&quot;LOGON_USER&quot
login_id = Right(login_id, (Len(login_id) - Trim(InStr(1, login_id, &quot;\&quot;, vbTextCompare))))

strFileName = Server.MapPath(&quot;auth.txt&quot

' Instantiate the FileSystemObject
Set objFSO = Server.CreateObject(&quot;Scripting.FileSystemObject&quot

' use Opentextfile Method to Open the text File
Set TS = objFSO.OpenTextFile(strFileName, ForReading, Create)

If Not TS.AtEndOfStream Then

Do While Not TS.AtendOfStream
strLine = TS.ReadLine
If login_id = strLine Then
check=1
End if
Loop

End If

If check<>1 then
Response.Redirect &quot;not_auth.html&quot;
End If