How to modify the Commerce Server 2002 Login.aspx Web page to no longer require that you specify a domain when you enter your credentials (889574)
The information in this article applies to:
- Microsoft Commerce Server 2002
INTRODUCTIONThis article describes how to modify the Microsoft Commerce
Server 2002 Login.aspx Web page to no longer require that you specify a domain
name when you enter your credentials.MORE INFORMATIONThe Commerce Server 2002 authentication mechanism is built
on top of Microsoft Internet Information Services (IIS) methods. Commerce
Server installs an Internet Server API (ISAPI) filter that is named CSAuthFilter on the
Web site where your Commerce Server application is hosted. After you unpack the
VB Commerce Server Web site,
you may use CSAuthFilter to authenticate users against an Active
Directory directory service domain. When those users try to log on to the Commerce Server Web site, those users must specify their domain on
the Login.aspx Web page. To let users log on to Commerce Server without having to specify a domain, modify the Login.aspx Web page so that it appears similar to the following. Note By default, this file is located in the AuthFiles folder of the
Vbsite Web application Microsoft provides programming examples for illustration only, without warranty either expressed or implied. This includes, but is not limited to, the implied warranties of merchantability or fitness for a particular purpose. This article assumes that you are familiar with the programming language that is being demonstrated and with the tools that are used to create and to debug procedures. Microsoft support engineers can help explain the functionality of a particular procedure, but they will not modify these examples to provide added functionality or construct procedures to meet your specific requirements. <%@ Page language="vb" %>
<%@ Import Namespace="Microsoft.CommerceServer.Runtime" %>
<%@ Import Namespace="Microsoft.CommerceServer.Runtime.Profiles" %>
<script language="vb" runat="server">
Private Sub Page_Load(ByVal sender As System.Object, ByVal e As System.EventArgs)
Handles MyBase.Load
If Not (CommerceContext.Current Is Nothing) Then
If Not (CommerceContext.Current.AuthenticationInfo Is Nothing) Then
Dim url As String
If (CommerceContext.Current.AuthenticationInfo.IsAuthenticated())
Then
' In a Web farm scenario, retrieve the userid from the profile service.
Dim userpassword As String =
getPassword(CommerceContext.Current.AuthenticationInfo.AuthTicket.UserID)
' For custom authentication, examine the validity of the password.
' if you are using Windows authentication, you do no have to verify the password.
' Therefore, let access control lists (ACLs) handle permissions.
' Add in VerifyPassword for custom authentication if you have to.
' If (VerifyPassword(UserID.Text, userpassword)) Then
If (Request.Cookies("MSCSFirstRequestedURL") Is Nothing) Then
url =
CommerceContext.Current.QueryStringBuilder.BuildUrl("default.aspx", False)
Else
url =
Server.UrlDecode(Request.Cookies("MSCSFirstRequestedURL").Value)
End If
' For Windows authentication:
'url = constructUrl(url,
CommerceContext.Current.AuthenticationInfo.AuthTicket.UserID, userpassword)
'Changed to pull the password from the password box instead of the authticket.
url = constructUrl(url,
CommerceContext.Current.AuthenticationInfo.AuthTicket.UserID, password.Text)
'Response.Redirect(url, False)
Response.Redirect(url)
'Else
' Label5.Text = "Logon failed for user: " +
CommerceContext.Current.AuthenticationInfo.AuthTicket.UserID
'End If
Else
If (UserID.Text.Length > 0) Then
' For custom authentication, examine the validity of the password.
' If you are using Windows authentication, you do not have to verify the password.
' Therefore, let ACLs handle permissions.
' Add in VerifyPassword if you have to.
'If (VerifyPassword(UserID.Text, Password.Text)) Then
' Set the authticket.
' Added so the authticket matches the logged-on user.
dim domainuserid as string = "pts0\" & UserID.Text
CommerceContext.Current.AuthenticationInfo.SetAuthTicket(domainuserid, True, 90)
' The credentials have been submitted. Use this code to pass the credentials
' to the filter for custom authentication.
If (Request.Cookies("MSCSFirstRequestedURL") Is Nothing)
Then
url =
CommerceContext.Current.QueryStringBuilder.BuildUrl("default.aspx", False)
Else
url =
Server.UrlDecode(Request.Cookies("MSCSFirstRequestedURL").Value)
End If
' For Windows authentication:
url = constructUrl(url, UserID.Text, password.Text)
' Redirect to the originally requested page.
'Response.Redirect(url, False) This does not work.
Response.Redirect(url)
'Else
' Label5.Text = "Logon failed for user: " +
UserID.Text
'End If
End If
UserID.Text = ""
Password.Text = ""
End If
' Else display the page to let user enter credentials.
Else
Response.Redirect("error.aspx", False)
End If
Else
Response.Redirect("error.aspx", False)
End If
End Sub
Private Function constructUrl(ByVal url As String, ByVal userid As String,
ByVal password As String) As String
' Construct the URL to return to the requested page and then pass
' the credentials to the filter.
Dim urlRet(5) As String
urlRet(0) = url
'urlRet(1) = "&proxyuser="
' Note: <DomainName> is a placeholder of the domain name.
urlRet(1) = "proxyuser=<DomainName>\"
urlRet(2) = userid
urlRet(3) = "&proxypwd="
urlRet(4) = password
constructUrl = String.Concat(urlRet)
End Function
Private Function getPassword(ByVal userid As String) As String
' Retrieve the password from the profile service.
Dim password As String
password = ""
Dim userProfile As Profile
userProfile =
CommerceContext.Current.ProfileSystem.GetProfile("logon_name", userid,
"UserObject")
If Not (userProfile Is Nothing) Then
password =
userProfile("GeneralInfo.user_security_password").Value.ToString()
End If
getPassword = password
End Function
Private Function VerifyPassword(ByVal userid As String, ByVal password As
String) As Boolean
' Retrieve the password from the profile service.
Dim userPassword As String
Dim returnVal As Boolean
returnVal = False
userPassword = ""
Dim userProfile As Profile
userProfile =
CommerceContext.Current.ProfileSystem.GetProfile("logon_name", userid,
"UserObject")
If Not (userProfile Is Nothing) Then
userPassword =
userProfile("GeneralInfo.user_security_password").Value.ToString()
If (String.Compare(userPassword, password) = 0) Then
returnVal = True
End If
End If
VerifyPassword = returnVal
End Function
</script>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML>
<HEAD>
<title ID=L_Login_HTMLTitle>Login</title>
<meta name="GENERATOR" content="Microsoft Visual Studio.NET 7.0">
<meta name="CODE_LANGUAGE" content="Visual Basic 7.0">
<meta name="vs_defaultClientScript" content="JavaScript">
<meta name="vs_targetSchema"
content="http://schemas.microsoft.com/intellisense/ie5">
</HEAD>
<body MS_POSITIONING="GridLayout">
<form id="login" method="post" runat="server">
<TABLE>
<TR>
<TD>
<asp:Label id="L_LoginFormLabel_Text" runat="server" Font-Bold="True"
Font-Size="XX-Large" Font-Italic="True">CS2002 Login Form</asp:Label>
</TD>
</TR>
<TR>
<TD>
<asp:Label id="L_UserIDLabel_Text" runat="server" Font-Bold="True"
Font-Size="Larger">UserID</asp:Label>
</TD>
<TD>
<asp:TextBox id="UserID" runat="server"></asp:TextBox>
</TD>
</TR>
<TR>
<TD>
<asp:Label id="L_PasswordLabel_Text" runat="server" Font-Bold="True"
Font-Size="Larger">Password</asp:Label>
</TD>
<TD>
<asp:TextBox id="Password" runat="server"
TextMode="Password"></asp:TextBox>
</TD>
</TR>
<TR>
<TD>
<asp:Button id="Submit" runat="server" Text="Submit"></asp:Button>
</TD>
</TR>
<TR>
<TD>
<asp:Label id="L_LoginPrompt_Text" runat="server" Font-Bold="True">To access
authenticated content, enter your UserID and Password</asp:Label>
</TD>
</TR>
<TR>
<TD>
<asp:Label id="Label5" runat="server" Font-Bold="True"
Font-Italic="True"></asp:Label>
</TD>
</TR>
</TABLE>
</form>
</body>
</HTML>
| Modification Type: | Major | Last Reviewed: | 7/5/2005 |
|---|
| Keywords: | kbcode kbhowto kbinfo KB889574 kbAudDeveloper kbAudITPRO |
|---|
|