Security

This topic is locked

Security	12/21/2006 6:12:18 PM
ASPRunnerPro General questions
skemp author Hi, Is it possible for asprunner to use active directory account for a certain group. I would like to make it so that when users login to their domain, they may access the asprunner application without having to login again. I was told in a previous email to use the following.. SESSION("UserID") = "username" SESSION("AccessLevel") = ACCESS_LEVEL_USER SESSION("GroupID") = "usergroup However when I place this text at the top of the table_list.asp page (as directed) I still get prompted for a username and password. Where I get confused is when setting up security using asprunner, it asks for either a hard-coded username and password or one derived from a table. So then how will it use the active directory account if it is trying to use info from a table that contains a username and password.? Please help. Sheryl

Mark as Solved Mark as not solved

10 replies


	Sergey Kornilov admin 12/21/2006
	Sheryl, could you post first 20-30 lines of your list file here?


	skemp author 12/23/2006
	Sheryl, could you post first 20-30 lines of your list file here? <%@ Language=VBScript %> <% If Session("UserID")="" then Session("MyURL")=request.ServerVariables("SCRIPT_NAME") & "?" & request.ServerVariables("QUERY_STRING") Response.Redirect "login.asp?message=expired" End If if CheckSecurity("", "Add")<>True and CheckSecurity("", "Search")<>True Then Response.Write "<p>" & "You don't have permissions to access this table" & "<a href=""login.asp"">" & "Back to login page" & "</a></p>" Response.End end if %> <!--#include file="include/InspectorNewCases_variables.asp"--> <!--#include file="include/InspectorNewCases_aspfunctions.asp"--> <!--#include file="include/InspectorNewCasesevents.asp"--> <!--#include file="include/jsvariables.asp"--> <% Call DefineScriptMessages set fs=Server.CreateObject("Scripting.FileSystemObject") if fs.FileExists(Server.MapPath("include/header.asp")) then Server.Execute("include/header.asp") Session(strTableName & "_ListURL")=Request.ServerVariables("SCRIPT_NAME") & "?" & Request.ServerVariables("QUERY_STRING") if InStr(Session(strTableName & "_ListURL"), "action=OrderBy&")>0 then Session(strTableName & "_ListURL") = Replace(Session(strTableName & "_ListURL"), "action=OrderBy&", "action=none&" ) end if Session.LCID = 1033 Dim rs, dbConnection, strSQL set dbConnection = server.CreateObject ("ADODB.Connection") dbConnection.ConnectionString = strConnection Thank you


	Sergey Kornilov admin 12/26/2006
	I don't see where you have added the code snippet we are talking about.


	skemp author 1/3/2007
	I don't see where you have added the code snippet we are talking about. <!--#include file="include/dbcommon.asp"--> <!--#include file="include/LetterPrintQueue_variables.asp"--> <% SESSION("UserID") = "username" SESSION("AccessLevel") = ACCESS_LEVEL_USER SESSION("GroupID") = "CityView Users" if SESSION("UserID")="" then SESSION("MyURL")=request.ServerVariables("SCRIPT_NAME")&"?"&request.ServerVariables("QUERY_STRING") response.Redirect "login.asp?message=expired" response.End end if if not CheckSecurity(SESSION("OwnerID"),"Search") and not CheckSecurity(SESSION("OwnerID"),"Add") then response.Write "<p>" & "You don't have permissions to access this table" & " <a href=""login.asp"">" & "Back to login page" & "</a></p>" response.End end if %> <!--#include file="libs/smarty.asp"--> <% Session.LCID = 1033 on error resume next dbConnection="" dbconnect() call ReportError Set rs = server.CreateObject("ADODB.Recordset") Set rss = server.CreateObject("ADODB.Recordset") ' process reqest data, fill session variables if (Request.Form="" and Request.QueryString="") then For Each key in Session.Contents if left(key, len(strTableName)+1 ) = strTableName & "" and InStr(Mid(key, len(strTableName)+2), "" )<1 then Session.Contents.Remove(key) end if Next set strTableName_asearchnot = CreateObject("Scripting.Dictionary") set strTableName_asearchopt = CreateObject("Scripting.Dictionary") set strTableName_asearchfor = CreateObject("Scripting.Dictionary") set strTableName_asearchfortype = CreateObject("Scripting.Dictionary") set strTableName_asearchfor2 = CreateObject("Scripting.Dictionary") set session(strTableName & "_asearchnot")= strTableName_asearchnot set session(strTableName & "_asearchopt") = strTableName_asearchopt set session(strTableName & "_asearchfor") = strTableName_asearchfor set session(strTableName & "_asearchfor2") = strTableName_asearchfor2 set session(strTableName & "_asearchfortype") = strTableName_asearchfortype end if


	Sergey Kornilov admin 1/3/2007
	This way it should work.


	skemp author 1/3/2007
	<!--#include file="include/dbcommon.asp"--> <!--#include file="include/LetterPrintQueue_variables.asp"--> <% SESSION("UserID") = "username" SESSION("AccessLevel") = ACCESS_LEVEL_USER SESSION("GroupID") = "CityView Users" if SESSION("UserID")="" then SESSION("MyURL")=request.ServerVariables("SCRIPT_NAME")&"?"&request.ServerVariables("QUERY_STRING") response.Redirect "login.asp?message=expired" response.End end if if not CheckSecurity(SESSION("OwnerID"),"Search") and not CheckSecurity(SESSION("OwnerID"),"Add") then response.Write "<p>" & "You don't have permissions to access this table" & " <a href=""login.asp"">" & "Back to login page" & "</a></p>" response.End end if %> <!--#include file="libs/smarty.asp"--> <% Session.LCID = 1033 on error resume next dbConnection="" dbconnect() call ReportError Set rs = server.CreateObject("ADODB.Recordset") Set rss = server.CreateObject("ADODB.Recordset") ' process reqest data, fill session variables if (Request.Form="" and Request.QueryString="") then For Each key in Session.Contents if left(key, len(strTableName)+1 ) = strTableName & "" and InStr(Mid(key, len(strTableName)+2), "" )<1 then Session.Contents.Remove(key) end if Next set strTableName_asearchnot = CreateObject("Scripting.Dictionary") set strTableName_asearchopt = CreateObject("Scripting.Dictionary") set strTableName_asearchfor = CreateObject("Scripting.Dictionary") set strTableName_asearchfortype = CreateObject("Scripting.Dictionary") set strTableName_asearchfor2 = CreateObject("Scripting.Dictionary") set session(strTableName & "_asearchnot")= strTableName_asearchnot set session(strTableName & "_asearchopt") = strTableName_asearchopt set session(strTableName & "_asearchfor") = strTableName_asearchfor set session(strTableName & "_asearchfor2") = strTableName_asearchfor2 set session(strTableName & "_asearchfortype") = strTableName_asearchfortype end if That worked Great!! Thank you. If I want to do this for other files is it the exact same code or is there one section from this that I can place in the 'before load' page?


	Sergey Kornilov admin 1/3/2007
	If you like to add this to other files paste the same three lines into the beginning of each file.


	skemp author 1/3/2007
	That worked Great!! Thank you. If I want to do this for other files is it the exact same code or is there one section from this that I can place in the 'before load' page? Wonderful! Thank you so much. As always you are a tremendous help to me!


	lefty 1/4/2007
	Wonderful! Thank you so much. As always you are a tremendous help to me! I am trying to accomplish the same thing ; but I have multiple groups . SESSION("UserID") = "username" SESSION("AccessLevel") = ACCESS_LEVEL_USER SESSION("GroupID") = "Group1" I want the user to go to list page and show only his group records ; but I have more than one group. If he belongs to another group then no records will show .


	skemp author 1/5/2007
	I am trying to accomplish the same thing ; but I have multiple groups . SESSION("UserID") = "username" SESSION("AccessLevel") = ACCESS_LEVEL_USER SESSION("GroupID") = "Group1" I want the user to go to list page and show only his group records ; but I have more than one group. If he belongs to another group then no records will show . Help please!! I used the code above "username" and it works but logs me in as that name "username" instead of my actual username. This is what our login for other apps look like charlotte\ + OfficeAdmin (officeadmin being the name of the field that holds the username) How may I use this for the authentication?

10 replies

Mark as Solved Reply