| Dart Home | PowerTCP Web Enterprise for ActiveX | Custom Development | Reply | PowerTCP Web Enterprise for ActiveX Topics | Forums |
| Author | Forum: PowerTCP Web Enterprise for ActiveX Topic: How to Logout after a Basic Authentication |
| gwachows From: Annapolis, MD USA Posts: 7 Member Since: 01/27/04 |
posted January 27, 2004 5:09 PM I recently purchased PowerTCT Web Enterprise Tools. I have a website that allows user's to login using Basic Authentication. Once they are logged in, there User Name and Password is sent to each page within the site within the header section of the page. Can I create an ASP page that deletes this header information and redirects them to the login page. Basically, I'm looking to create a "Logout" button. If you have an example that would be great. Thanks. |
Tony Priest From: Utica, NY USA Posts: 8466 Member Since: 04/11/00 |
posted January 28, 2004 9:03 AM I don't have an example of how to do that but I think it should be possible. Unfortunately you kind of have to know what needs to be done before I can tell you how to automate it with our control. |
| gwachows From: Annapolis, MD USA Posts: 7 Member Since: 01/27/04 |
posted January 28, 2004 12:24 PM In ASP when I get the server variables after I login into my site using Basic Authentication I have the following values: AUTH_TYPE = Basic AUTH_USER = MyUser AUTH_PASSWORD = MyPassword I've always assumed that this information was maintained as header information. If that is the case, could I remove it using this tool. Thanks. |
| Tony Priest From: Utica, NY USA Posts: 8466 Member Since: 04/11/00 |
posted January 28, 2004 1:09 PM I think the first request contains a header line that causes the authentication (encoded into Base 64), then once the authentication is complete the values are added to the session and are not sent every time. |
| gwachows From: Annapolis, MD USA Posts: 7 Member Since: 01/27/04 |
posted January 28, 2004 1:37 PM If this information was maintained by the session, then Session.Abandon should get rid of them, but it doesn't. Even if I stop the web service and restart it the information still exists. This information must be maintained by the browser. I did find that if the an HTTP 401.3 error occurs (Access denied), then the current user is logged out. Is there a way to force this error? |
| Tony Priest From: Utica, NY USA Posts: 8466 Member Since: 04/11/00 |
posted January 28, 2004 1:44 PM You state: "Even if I stop the web service and restart it the information still exists" My question: Exists where? What are you using to get the info? |
| gwachows From: Annapolis, MD USA Posts: 7 Member Since: 01/27/04 |
posted January 28, 2004 2:03 PM Request.ServerVariables("AUTH_TYPE") Request.ServerVariables("AUTH_USER") Request.ServerVariables("AUTH_PASSWORD") |
| Tony Priest From: Utica, NY USA Posts: 8466 Member Since: 04/11/00 |
posted January 28, 2004 2:16 PM What does Request.Header look like at that point? Does it contain a line pertaining to authorization? |
| gwachows From: Annapolis, MD USA Posts: 7 Member Since: 01/27/04 |
posted January 28, 2004 3:25 PM Using the following code: Set oHeader = Server.CreateObject("Dart.DartStrings.1") Set oHttp = Server.CreateObject("Dart.Http.1") oHttp.Url = "http://www.mysite.com" oHttp.Timeout = 20000 oHttp.Get sContent, oHeader, "MyUser", "MyPassword" Response.Write oHeader.All I get no authorization info. But, I'm not sure if this is the best/only way to get that information. There is no Request.Header in ASP. Thanks. |
| Tony Priest From: Utica, NY USA Posts: 8466 Member Since: 04/11/00 |
posted January 28, 2004 3:48 PM I notice that you are using the Web Control, I thought you were using WebASP. The Web Control uses WININET.DLL to communicate so all the authorization is handled internally by WININET.DLL. I don't know of any way to make it stop and it was not designed into the control. You may want to try using the WebASP control instead to see if you have a little more flexibility. |
| gwachows From: Annapolis, MD USA Posts: 7 Member Since: 01/27/04 |
posted January 28, 2004 4:53 PM I tried this code: set oWebASP = Server.CreateObject("Dart.WebASP.1") oWebAsp.Request.Url = "http://www.mysite.com" oWebAsp.Request.Username = "MyUser" oWebAsp.Request.Password = "MyPassword" oWebAsp.Timeout = 20000 oWebAsp.Get Response.Write oWebAsp.Response.Header.All sBody = oWebAsp.Response.Body.ReadString Response.Write sBody But, the body of the page always says: HTTP 401.1 - Unauthorized: Logon Failed I'm sure my username and password are correct. |
| Tony Priest From: Utica, NY USA Posts: 8466 Member Since: 04/11/00 |
posted January 28, 2004 5:03 PM That means the server is not using Basic Authentication. It's probably using NTLM, in which case the WebASP tool does not support it. I'm sorry that I was not able to offer any better suggestions. |
| Tony Priest From: Utica, NY USA Posts: 8466 Member Since: 04/11/00 |
posted January 28, 2004 5:11 PM I was just told that there may be an issue with the shipping WebASP component and basic authentication. I'm going to send you the latest WebASP dll so that you can test it. |
| gwachows From: Annapolis, MD USA Posts: 7 Member Since: 01/27/04 |
posted January 28, 2004 6:16 PM Thanks Tony. The new dll works with the username and password properies. However, I now get "Object Moved" if the ASP page containing the code is in a secure directory. In the meantime I think I've figured out what the problem is and I don't think that the Web Enterprise Tools will help (Maybe I should look at the WebServer Tools). When a web user browses to a secure location, the browser pops up the login screen. When the username and password are submitted the browser will either recieve a success or failure. If a failure occurs the browser will try 2 more times. If the login is successfull, then the browser maintains the infomation internally and submits it to the website each time it accesses a page within the same site. Therefore, the only way to force a logout is to make the browser think that an error has occured and the username/password is no longer valid. It is only at that point that the browser will ask for a new login. I've been able to accomplish this manually by changing a user's password while he is logged in. Based on this, can the Web Enterprise Tools or the WebServer Tools return a specific error to the browser so that the browser thinks that the username/password is invalid? Or is there another product I should look at? Thanks for all your help. |
| Tony Priest From: Utica, NY USA Posts: 8466 Member Since: 04/11/00 |
posted January 28, 2004 7:46 PM I can't say for sure. You can make the Webserver send whatever you want, but if you would not be able to server ASP pages unless you used a third party ASP interpreter. It would probably be easiest if you got the trial for the WebServer and took a look at the sample app. |
| Reply | PowerTCP Web Enterprise for ActiveX Topics | Forums |
This site is powered by
PowerTCP WebServer for ActiveX
|