Windows Authentication

Sheryl,
where do you use this code?

You need to add this code to the Login page: Before process event.

Sheryl,

Hi,
I am using it in the login page and on the 'before processing' event. I am also using the option to use the username and password found in the employee table so that when the user logs on he only sees his own data . Is this incorrect?

If you use User can see and edit their own records only security method you need to fill some required Session variables (Session("OwnerID"), Session("_tablename_OwnerID") etc.).
Here is the list of all ASPRunner Session variables:

http://www.xlinesoft.com/asprunnerpro/docs...n_variables.htm
Here is a sample:

If Request.ServerVariables("LOGON_USER")<>"" then

If you use User can see and edit their own records only security method you need to fill some required Session variables (Session("OwnerID"), Session("_tablename_OwnerID") etc.).

Here is the code I am using. I am sure I must have a few things out of wack. Can you please take a look.
<%@ Language=VBScript %>

<!--#include file="include/dbcommon.asp"-->
<!--#include file="libs/smarty.asp"-->

<%
dbConnection = ""

db_connect()

DoEvent "BeforeProcessLogin dbConnection"

If Request.ServerVariables("LOGON_USER")<>"" then

SESSION("UserID") = Request.ServerVariables("LOGON_USER")

SESSION("AccessLevel") = ACCESS_LEVEL_USER
str = "select from UsersTable where Loginname='" & SESSION("UserID") & "'"

Set rs = server.CreateObject("ADODB.Recordset")

rs.open str,dbConnection
Session("OwnerID") = rs("OwnerIDField")

Session("_CEHCase_OwnerID") = rs("OwnerIDField")
rs.close

set rs=nothing
Response.Redirect "Menu.asp"

End if
myurl=SESSION("MyURL")

SESSION("MyURL")=""
defaulturl=""

defaulturl="menu.asp"
strMessage=""
pUsername=postvalue("username")

pPassword=postvalue("password")
if request.form("btnSubmit") <> "Login" then

if request.Cookies("username")<>"" or request.Cookies("password")<>"" then smarty.Add "checked"," checked"

end if
if request.form("btnSubmit") = "Login" then

if request.form("remember_password") = 1 then

Response.Cookies("username") = pUsername

Response.Cookies("username").Expires = DateAdd("yyyy", 1, Now())

Response.Cookies("password") = pPassword

Response.Cookies("password").Expires = DateAdd("yyyy", 1, Now())

smarty.Add "checked"," checked"

else

Response.Cookies("username") = ""

Response.Cookies("password") = ""

smarty.Add "checked",""

end if

' username and password are stored in the database

Set rs = server.CreateObject("ADODB.Recordset")
strUsername = pUsername

strPassword = pPassword
Set rsTemp = server.CreateObject("ADODB.Recordset")

rsTemp.Open "select from [dbo].[LookupEmployee] where 1=0",dbConnection,1,2
if FieldNeedQuotes(rsTemp,cUserNameField) then

strUsername="'" & db_addslashes(strUsername) & "'"

else

strUsername=my_numeric(strUsername)

end if

if FieldNeedQuotes(rsTemp,cPasswordField) then

strPassword="'" & db_addslashes(strPassword) & "'"

else

strPassword=my_numeric(strPassword)

end if

rs.close
strSQL = "select * from dbo.lookupEmployee where code='" & SESSION("UserID") & "'"

Set rs = server.CreateObject("ADODB.Recordset")

rs.open str,dbConnection
SESSION("OwnerID") = rs("OwnerIDField")

SESSION("_dbo.CEHCase_OwnerID") = rs("OwnerIDField")

SESSION("_dbo.CEHInspection_OwnerID") = rs("OwnerIDField")

SESSION("_dbo.CEHInspectionEvents_OwnerID") = rs("OwnerIDField")

SESSION("_New Cases_OwnerID") = rs("OwnerIDField")

SESSION("_Closed Cases_OwnerID") = rs("OwnerIDField")

SESSION("_dbo.HousingPastDueInitialInspections_OwnerID") = rs("OwnerIDField")

SESSION("_dbo.HousingPastDueReInspections_OwnerID") = rs("OwnerIDField")
DoEvent "AfterSuccessfulLogin pUsername,pPassword"

if myurl<>"" then

response.Redirect myurl

else

response.Redirect defaulturl

end if

response.End

else

DoEvent "AfterUnsuccessfulLogin pUsername,pPassword"

strMessage = "Invalid Login"

end if

rs.MoveNext

else

DoEvent "AfterUnsuccessfulLogin pUsername,pPassword"

strMessage = "Invalid Login"
Response.Redirect "Menu.asp"
end if

rs.close

end if
SESSION("MyURL")=myurl

if myurl<>"" then

smarty.Add "url",myurl

else

smarty.Add "url",defaulturl

end if

if request.form("username")<>"" or request.querystring("username")<>"" then

smarty.Add "value_username","value=""" & my_htmlspecialchars(pUsername) & """"

else

smarty.Add "value_username","value=""" & my_htmlspecialchars(request.Cookies("username")) & """"

end if
if request.form("password")<>"" then

smarty.Add "value_password","value=""" & my_htmlspecialchars(pPassword) & """"

else

smarty.Add "value_password","value=""" & my_htmlspecialchars(request.Cookies("password")) & """"

end if
if request.querystring("message")="expired" then strMessage = "Your session has expired. Please login again."
smarty.Add "message",strMessage
templatefile = "login.htm"

DoEvent "BeforeShowLogin smarty,templatefile"

smarty_display(templatefile)
%>

Sheryl,
You have added your code to the generated login.asp page, not to the event.

Sheryl,

I have actually tried it in both places. It will still prompt for the login. Should I remove the generated login code from each page?

Hi,
It finally worked after just adding it to the login page!! Thank you for your help.
Question: as for filtering the cases based on 'user can edit and see only their own data'. will I need to add code to each page listing?

Hi,

Currently on the _list.asp pages I am using the following code
If Request.ServerVariables("LOGON_USER")<>"" then

SESSION("UserID") = Request.ServerVariables("LOGON_USER")

SESSION("AccessLevel") = ACCESS_LEVEL_USER
str = "select from CEHCase where Inspector='" & SESSION("UserID") & "'"

Set rstmp = server.CreateObject("ADODB.Recordset")

rstmp.open str,dbConnection
Session("OwnerID") = rstmp("OwnerIDField")

Session("_CEHCase_OwnerID") = rstmp("OwnerIDField")
rstmp.close

set rstmp=nothing
Response.Redirect "Menu.asp"

End if
When using this I get the following error message:
There are no records in the recordset.
Please edit your event code in the following way:
strSQL = "select from AnyTable where AnyColumn='AnyValue'"
set rsTemp = CreateObject("ADODB.Recordset")
rsTemp.Open strSQLExists, dbConnection
and then use rsTemp("fieldname").

Hi,
use need to replace OwnerIDField with your actual field name.

Hi,

This is the code I now have in the _list.asp page, but it still isn't working. Is it possible for me to send the entire page? I am really at a loss.
If Request.ServerVariables("LOGON_USER")<>"" then

SESSION("UserID") = Request.ServerVariables("LOGON_USER")

SESSION("AccessLevel") = ACCESS_LEVEL_USER
str = "select * from CEHCase where Inspector ='" & SESSION("UserID") & "'"

Set rstmp = server.CreateObject("ADODB.Recordset")

rstmp.open str,dbConnection
Session("OwnerID") = rstmp("CEHCase")

Session("OwnerIDField") = rstmp("Inspector")
rstmp.close

set rstmp=nothing
Response.Redirect "Menu.asp"

End if

Send email with description of your problem to support@xlinesoft.com.