Microsoft Knowledge Base Email Alertz
All KB/RSS Links  |  Hot Kb!  |  New Kb!  |  Scott Cate  |  FAQ / KB  |  Web Hosting  |  Unsubscribe  

(889574) - Describes the changes that you must make to the Login.aspx Web page in Commerce Server 2002 to let users authenticate without having to specify a domain.

Search KbAlertz

Advanced Search

Receive Microsoft Knowledge Base articles by E-Mail?

Every night we scan the Microsoft Knowledge Base. If technologies you're interested in are updated, we'll send you an e-mail. You only get one e-mail a day, and only when new articles are added.
Click here to create a
FREE account
Already have an account?
[Click here to Login]











Microsoft Knowledge Base Article

This article contents is Microsoft Copyrighted material.
©2005-©2007 Microsoft Corporation. All rights reserved. Terms of Use | Trademarks
Article ID: 889574 - Last Review: July 5, 2005 - Revision: 3.2

How to modify the Commerce Server 2002 Login.aspx Web page to no longer require that you specify a domain when you enter your credentials

View products that this article applies to.

INTRODUCTION

This article describes how to modify the Microsoft Commerce Server 2002 Login.aspx Web page to no longer require that you specify a domain name when you enter your credentials.

MORE INFORMATION

The Commerce Server 2002 authentication mechanism is built on top of Microsoft Internet Information Services (IIS) methods. Commerce Server installs an Internet Server API (ISAPI) filter that is named CSAuthFilter on the Web site where your Commerce Server application is hosted. After you unpack the VB Commerce Server Web site, you may use CSAuthFilter to authenticate users against an Active Directory directory service domain. When those users try to log on to the Commerce Server Web site, those users must specify their domain on the Login.aspx Web page.

To let users log on to Commerce Server without having to specify a domain, modify the Login.aspx Web page so that it appears similar to the following.

Note By default, this file is located in the AuthFiles folder of the Vbsite Web application

Microsoft provides programming examples for illustration only, without warranty either expressed or implied. This includes, but is not limited to, the implied warranties of merchantability or fitness for a particular purpose. This article assumes that you are familiar with the programming language that is being demonstrated and with the tools that are used to create and to debug procedures. Microsoft support engineers can help explain the functionality of a particular procedure, but they will not modify these examples to provide added functionality or construct procedures to meet your specific requirements. 
<%@ Page language="vb" %>
<%@ Import Namespace="Microsoft.CommerceServer.Runtime" %>
<%@ Import Namespace="Microsoft.CommerceServer.Runtime.Profiles" %>
<script language="vb" runat="server">
	Private Sub Page_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) 
Handles MyBase.Load
        If Not (CommerceContext.Current Is Nothing) Then
            If Not (CommerceContext.Current.AuthenticationInfo Is Nothing) Then
                Dim url As String

                If (CommerceContext.Current.AuthenticationInfo.IsAuthenticated()) 
Then
                    ' In a Web farm scenario, retrieve the userid from the profile service.
                    Dim userpassword As String = 
getPassword(CommerceContext.Current.AuthenticationInfo.AuthTicket.UserID)

                    ' For custom authentication, examine the validity of the password.
                    ' if you are using Windows authentication, you do no have to verify the password.
                    ' Therefore, let access control lists (ACLs) handle permissions.
                    ' Add in VerifyPassword for custom authentication if you have to.
                    ' If (VerifyPassword(UserID.Text, userpassword)) Then
                    If (Request.Cookies("MSCSFirstRequestedURL") Is Nothing) Then
                        url = 
CommerceContext.Current.QueryStringBuilder.BuildUrl("default.aspx", False)
                    Else
                        url = 
Server.UrlDecode(Request.Cookies("MSCSFirstRequestedURL").Value)
                    End If

                    ' For Windows authentication:
                     'url = constructUrl(url, 
CommerceContext.Current.AuthenticationInfo.AuthTicket.UserID, userpassword)
                     'Changed to pull the password from the password box instead of the authticket.
                     url = constructUrl(url, 
CommerceContext.Current.AuthenticationInfo.AuthTicket.UserID, password.Text)

                    'Response.Redirect(url, False)
                    Response.Redirect(url)
                    'Else
                    '    Label5.Text = "Logon failed for user:  " + 
CommerceContext.Current.AuthenticationInfo.AuthTicket.UserID
                    'End If

                Else
                    If (UserID.Text.Length > 0) Then
                        ' For custom authentication, examine the validity of the password.
                        ' If you are using Windows authentication, you do not have to verify the password.
                        ' Therefore, let ACLs handle permissions.
                        ' Add in VerifyPassword if you have to.
                        'If (VerifyPassword(UserID.Text, Password.Text)) Then
                        ' Set the authticket.
                        ' Added so the authticket matches the logged-on user.
                        dim domainuserid as string = "pts0\" & UserID.Text
                        
CommerceContext.Current.AuthenticationInfo.SetAuthTicket(domainuserid, True, 90)

                        ' The credentials have been submitted. Use this code to pass the credentials
                        ' to the filter for custom authentication.
                        If (Request.Cookies("MSCSFirstRequestedURL") Is Nothing) 
Then
                            url = 
CommerceContext.Current.QueryStringBuilder.BuildUrl("default.aspx", False)
                        Else
                            url = 
Server.UrlDecode(Request.Cookies("MSCSFirstRequestedURL").Value)
                        End If
                        ' For Windows authentication:
                        url = constructUrl(url, UserID.Text, password.Text)

                        ' Redirect to the originally requested page.
                        'Response.Redirect(url, False)  This does not work.  
                        Response.Redirect(url)
                        'Else
                        '    Label5.Text = "Logon failed for user:  " + 
UserID.Text
                        'End If
                    End If

                    UserID.Text = ""
                    Password.Text = ""
                End If
                ' Else display the page to let user enter credentials.
            Else
                Response.Redirect("error.aspx", False)
            End If
        Else
            Response.Redirect("error.aspx", False)
        End If
    End Sub

    Private Function constructUrl(ByVal url As String, ByVal userid As String, 
ByVal password As String) As String
        ' Construct the URL to return to the requested page and then pass
        ' the credentials to the filter.
        Dim urlRet(5) As String

        urlRet(0) = url
        'urlRet(1) = "&proxyuser="
								' Note: <DomainName> is a placeholder of the domain name.
        urlRet(1) = "proxyuser=<DomainName>\" 
        urlRet(2) = userid
        urlRet(3) = "&proxypwd="
        urlRet(4) = password

        constructUrl = String.Concat(urlRet)
    End Function

    Private Function getPassword(ByVal userid As String) As String
        ' Retrieve the password from the profile service.
        Dim password As String
        password = ""
        Dim userProfile As Profile
        userProfile = 
CommerceContext.Current.ProfileSystem.GetProfile("logon_name", userid, 
"UserObject")

        If Not (userProfile Is Nothing) Then
            password = 
userProfile("GeneralInfo.user_security_password").Value.ToString()
        End If

        getPassword = password
    End Function

    Private Function VerifyPassword(ByVal userid As String, ByVal password As 
String) As Boolean
        ' Retrieve the password from the profile service.
        Dim userPassword As String
        Dim returnVal As Boolean
        returnVal = False
        userPassword = ""
        Dim userProfile As Profile
        userProfile = 
CommerceContext.Current.ProfileSystem.GetProfile("logon_name", userid, 
"UserObject")

        If Not (userProfile Is Nothing) Then
            userPassword = 
userProfile("GeneralInfo.user_security_password").Value.ToString()
            If (String.Compare(userPassword, password) = 0) Then
                returnVal = True
            End If
        End If

        VerifyPassword = returnVal
    End Function
</script>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML>
	<HEAD>
		<title ID=L_Login_HTMLTitle>Login</title>
		<meta name="GENERATOR" content="Microsoft Visual Studio.NET 7.0">
		<meta name="CODE_LANGUAGE" content="Visual Basic 7.0">
		<meta name="vs_defaultClientScript" content="JavaScript">
		<meta name="vs_targetSchema" 
content="http://schemas.microsoft.com/intellisense/ie5">
	</HEAD>
	<body MS_POSITIONING="GridLayout">
		<form id="login" method="post" runat="server">
			<TABLE>
				<TR>
					<TD>
					<asp:Label id="L_LoginFormLabel_Text"  runat="server" Font-Bold="True" 
Font-Size="XX-Large" Font-Italic="True">CS2002 Login Form</asp:Label>
					</TD>
				</TR>
				<TR>
					<TD>
					<asp:Label id="L_UserIDLabel_Text"  runat="server" Font-Bold="True" 
Font-Size="Larger">UserID</asp:Label>
					</TD>
					<TD>
					<asp:TextBox id="UserID"  runat="server"></asp:TextBox>
					</TD>
				</TR>
				<TR>
					<TD>
					<asp:Label id="L_PasswordLabel_Text"  runat="server" Font-Bold="True" 
Font-Size="Larger">Password</asp:Label>
					</TD>
					<TD>
					<asp:TextBox id="Password"  runat="server" 
TextMode="Password"></asp:TextBox>
					</TD>
				</TR>
				<TR>
					<TD>
					<asp:Button id="Submit"  runat="server" Text="Submit"></asp:Button>
					</TD>
				</TR>
				<TR>
					<TD>
					<asp:Label id="L_LoginPrompt_Text"  runat="server" Font-Bold="True">To access 
authenticated content, enter your UserID and Password</asp:Label>
					</TD>
				</TR>
				<TR>
					<TD>
					<asp:Label id="Label5"  runat="server" Font-Bold="True" 
Font-Italic="True"></asp:Label>
					</TD>
				</TR>
			</TABLE>
		</form>
	</body>
</HTML>
APPLIES TO
  • Microsoft Commerce Server 2002 Standard Edition
Back to the top
Keywords: 
kbcode kbhowto kbinfo KB889574
        

Community Feedback System

Very often, it takes hours to solve a problem. Very often, you've looked high and low, and have tried a lot of solutions. When you finally found it, chances are, it was because someone else helped you. Here's your chance to give back. Use our community feedback tool to let others know what worked for you and what didn't.

Please also understand that the community feedback system is not warranted to be correct, it's simply a system that we've built to let people try and help each other. If something in a feedback response doesn't make sense to you, or you're not comfortable making changes that the feedback talks about (like registry edits), please consult a professional.

Thank you for using kbAlertz.com Feedback System.

-- Scott Cate

Copyright © 2002-2007 KBALERTZ.COM.  All Rights Reserved. Terms / PrivacyDiscount ASP.NET Hosting