How to modify the Commerce Server 2002 Login.aspx Web page to no longer require that you specify a domain when you enter your credentials (889574)



The information in this article applies to:

  • Microsoft Commerce Server 2002

INTRODUCTION

This article describes how to modify the Microsoft Commerce Server 2002 Login.aspx Web page to no longer require that you specify a domain name when you enter your credentials.

MORE INFORMATION

The Commerce Server 2002 authentication mechanism is built on top of Microsoft Internet Information Services (IIS) methods. Commerce Server installs an Internet Server API (ISAPI) filter that is named CSAuthFilter on the Web site where your Commerce Server application is hosted. After you unpack the VB Commerce Server Web site, you may use CSAuthFilter to authenticate users against an Active Directory directory service domain. When those users try to log on to the Commerce Server Web site, those users must specify their domain on the Login.aspx Web page.

To let users log on to Commerce Server without having to specify a domain, modify the Login.aspx Web page so that it appears similar to the following.

Note By default, this file is located in the AuthFiles folder of the Vbsite Web application

Microsoft provides programming examples for illustration only, without warranty either expressed or implied. This includes, but is not limited to, the implied warranties of merchantability or fitness for a particular purpose. This article assumes that you are familiar with the programming language that is being demonstrated and with the tools that are used to create and to debug procedures. Microsoft support engineers can help explain the functionality of a particular procedure, but they will not modify these examples to provide added functionality or construct procedures to meet your specific requirements.
<%@ Page language="vb" %>
<%@ Import Namespace="Microsoft.CommerceServer.Runtime" %>
<%@ Import Namespace="Microsoft.CommerceServer.Runtime.Profiles" %>
<script language="vb" runat="server">
	Private Sub Page_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) 
Handles MyBase.Load
        If Not (CommerceContext.Current Is Nothing) Then
            If Not (CommerceContext.Current.AuthenticationInfo Is Nothing) Then
                Dim url As String

                If (CommerceContext.Current.AuthenticationInfo.IsAuthenticated()) 
Then
                    ' In a Web farm scenario, retrieve the userid from the profile service.
                    Dim userpassword As String = 
getPassword(CommerceContext.Current.AuthenticationInfo.AuthTicket.UserID)

                    ' For custom authentication, examine the validity of the password.
                    ' if you are using Windows authentication, you do no have to verify the password.
                    ' Therefore, let access control lists (ACLs) handle permissions.
                    ' Add in VerifyPassword for custom authentication if you have to.
                    ' If (VerifyPassword(UserID.Text, userpassword)) Then
                    If (Request.Cookies("MSCSFirstRequestedURL") Is Nothing) Then
                        url = 
CommerceContext.Current.QueryStringBuilder.BuildUrl("default.aspx", False)
                    Else
                        url = 
Server.UrlDecode(Request.Cookies("MSCSFirstRequestedURL").Value)
                    End If

                    ' For Windows authentication:
                     'url = constructUrl(url, 
CommerceContext.Current.AuthenticationInfo.AuthTicket.UserID, userpassword)
                     'Changed to pull the password from the password box instead of the authticket.
                     url = constructUrl(url, 
CommerceContext.Current.AuthenticationInfo.AuthTicket.UserID, password.Text)

                    'Response.Redirect(url, False)
                    Response.Redirect(url)
                    'Else
                    '    Label5.Text = "Logon failed for user:  " + 
CommerceContext.Current.AuthenticationInfo.AuthTicket.UserID
                    'End If

                Else
                    If (UserID.Text.Length > 0) Then
                        ' For custom authentication, examine the validity of the password.
                        ' If you are using Windows authentication, you do not have to verify the password.
                        ' Therefore, let ACLs handle permissions.
                        ' Add in VerifyPassword if you have to.
                        'If (VerifyPassword(UserID.Text, Password.Text)) Then
                        ' Set the authticket.
                        ' Added so the authticket matches the logged-on user.
                        dim domainuserid as string = "pts0\" & UserID.Text
                        
CommerceContext.Current.AuthenticationInfo.SetAuthTicket(domainuserid, True, 90)

                        ' The credentials have been submitted. Use this code to pass the credentials
                        ' to the filter for custom authentication.
                        If (Request.Cookies("MSCSFirstRequestedURL") Is Nothing) 
Then
                            url = 
CommerceContext.Current.QueryStringBuilder.BuildUrl("default.aspx", False)
                        Else
                            url = 
Server.UrlDecode(Request.Cookies("MSCSFirstRequestedURL").Value)
                        End If
                        ' For Windows authentication:
                        url = constructUrl(url, UserID.Text, password.Text)

                        ' Redirect to the originally requested page.
                        'Response.Redirect(url, False)  This does not work.  
                        Response.Redirect(url)
                        'Else
                        '    Label5.Text = "Logon failed for user:  " + 
UserID.Text
                        'End If
                    End If

                    UserID.Text = ""
                    Password.Text = ""
                End If
                ' Else display the page to let user enter credentials.
            Else
                Response.Redirect("error.aspx", False)
            End If
        Else
            Response.Redirect("error.aspx", False)
        End If
    End Sub

    Private Function constructUrl(ByVal url As String, ByVal userid As String, 
ByVal password As String) As String
        ' Construct the URL to return to the requested page and then pass
        ' the credentials to the filter.
        Dim urlRet(5) As String

        urlRet(0) = url
        'urlRet(1) = "&proxyuser="
								' Note: <DomainName> is a placeholder of the domain name.
        urlRet(1) = "proxyuser=<DomainName>\" 
        urlRet(2) = userid
        urlRet(3) = "&proxypwd="
        urlRet(4) = password

        constructUrl = String.Concat(urlRet)
    End Function

    Private Function getPassword(ByVal userid As String) As String
        ' Retrieve the password from the profile service.
        Dim password As String
        password = ""
        Dim userProfile As Profile
        userProfile = 
CommerceContext.Current.ProfileSystem.GetProfile("logon_name", userid, 
"UserObject")

        If Not (userProfile Is Nothing) Then
            password = 
userProfile("GeneralInfo.user_security_password").Value.ToString()
        End If

        getPassword = password
    End Function

    Private Function VerifyPassword(ByVal userid As String, ByVal password As 
String) As Boolean
        ' Retrieve the password from the profile service.
        Dim userPassword As String
        Dim returnVal As Boolean
        returnVal = False
        userPassword = ""
        Dim userProfile As Profile
        userProfile = 
CommerceContext.Current.ProfileSystem.GetProfile("logon_name", userid, 
"UserObject")

        If Not (userProfile Is Nothing) Then
            userPassword = 
userProfile("GeneralInfo.user_security_password").Value.ToString()
            If (String.Compare(userPassword, password) = 0) Then
                returnVal = True
            End If
        End If

        VerifyPassword = returnVal
    End Function
</script>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML>
	<HEAD>
		<title ID=L_Login_HTMLTitle>Login</title>
		<meta name="GENERATOR" content="Microsoft Visual Studio.NET 7.0">
		<meta name="CODE_LANGUAGE" content="Visual Basic 7.0">
		<meta name="vs_defaultClientScript" content="JavaScript">
		<meta name="vs_targetSchema" 
content="http://schemas.microsoft.com/intellisense/ie5">
	</HEAD>
	<body MS_POSITIONING="GridLayout">
		<form id="login" method="post" runat="server">
			<TABLE>
				<TR>
					<TD>
					<asp:Label id="L_LoginFormLabel_Text"  runat="server" Font-Bold="True" 
Font-Size="XX-Large" Font-Italic="True">CS2002 Login Form</asp:Label>
					</TD>
				</TR>
				<TR>
					<TD>
					<asp:Label id="L_UserIDLabel_Text"  runat="server" Font-Bold="True" 
Font-Size="Larger">UserID</asp:Label>
					</TD>
					<TD>
					<asp:TextBox id="UserID"  runat="server"></asp:TextBox>
					</TD>
				</TR>
				<TR>
					<TD>
					<asp:Label id="L_PasswordLabel_Text"  runat="server" Font-Bold="True" 
Font-Size="Larger">Password</asp:Label>
					</TD>
					<TD>
					<asp:TextBox id="Password"  runat="server" 
TextMode="Password"></asp:TextBox>
					</TD>
				</TR>
				<TR>
					<TD>
					<asp:Button id="Submit"  runat="server" Text="Submit"></asp:Button>
					</TD>
				</TR>
				<TR>
					<TD>
					<asp:Label id="L_LoginPrompt_Text"  runat="server" Font-Bold="True">To access 
authenticated content, enter your UserID and Password</asp:Label>
					</TD>
				</TR>
				<TR>
					<TD>
					<asp:Label id="Label5"  runat="server" Font-Bold="True" 
Font-Italic="True"></asp:Label>
					</TD>
				</TR>
			</TABLE>
		</form>
	</body>
</HTML>

Modification Type:MajorLast Reviewed:7/5/2005
Keywords:kbcode kbhowto kbinfo KB889574 kbAudDeveloper kbAudITPRO