Need help with user & pass to ASP

William Tasso <SpamBlocked.DeleteThis@tbdata.com> wrote in
news:Xns9540DEA8B3025WilliamTasso@130.133.1.4:

 > Marc Bissonnette wrote:
 >
  >> Hi all;
 >
 > Greetings
 >
  >> I need to send a username and password in a URL to avoid people
  >> having to remember their userid and password (Yes, I'm aware of all
  >> the problems with this, but the client has insisted)
  >>
  >> Normally, with an htaccess protected site, this is done simply with:
  >>
<font color=green>  >> <a style='text-decoration: underline;' href="http://user:pass@www.somesite.com</font" target="_blank">http://user:pass@www.somesite.com</font</a>>
  >>
  >> However, this site is using an ASP script for login (and the above
  >> doesn't work).
  >>
  >> I've tried:
  >>
<font color=green>  >> <a style='text-decoration: underline;' href="http://www.somesite.com/login.asp?user=foo&pass=bar</font" target="_blank">http://www.somesite.com/login.asp?user=foo&pass=bar</font</a>>
  >>
  >> but it simply brings me back to the login site.
  >> Assuming for a second that there isn't any referrer checking, is
  >> there something about ASP that isn't letting me do this ? Any other
  >> ideas would be much appreciated...
  >>
 >
 > I'm guessing you're using scripted password protection - as opposed to
 > integrated or basic.
 >
 > AFAIK there's no magic that will take values from the query string.
 > You will need some script in login.asp
 >
 > Does that point you in the right direction? come back if you need
 > more.

Arg, I was hoping it wasn't like that

The site it's pointing to isn't mine and I have no control over it -
With other CGI's, though, as long as you replicate the keys and values
in the URL, you can achieve the same effect, as long as you're not doing
anything like referer checking or whatnot

Out of curiosity, if you had an asp script that did something like this
(I don't know ASP at all, so bear with me)

print $in{text};

with $in{text} being the contents of a text box with a name of 'text' -
if this simple asp-type thing was called foo.asp, could you then call
this url

<a style='text-decoration: underline;' href="http://www.somesite.com/foo.asp?text=helloworld" target="_blank">http://www.somesite.com/foo.asp?text=helloworld</a>

would the simple little asp script see the key of 'text' with a value of
'helloworld' or does ASP not work that way ? ( I always assumed it did,
since it's got to pass the variables along in the query string or the
URL, just like any other CGI...)



--
Marc Bissonnette
CGI / Database / Web Management Tools: <a style='text-decoration: underline;' href="http://www.internalysis.com" target="_blank">http://www.internalysis.com</a>
Looking for a new ISP? <a style='text-decoration: underline;' href="http://www.canadianisp.com" target="_blank">http://www.canadianisp.com</a><!-- ~MESSAGE_AFTER~ -->
 >> Stay informed about: Need help with user & pass to ASP 

On Mon, 09 Aug 2004 21:07:22 GMT, Marc Bissonnette wrote:

 > William Tasso <SpamBlocked DeleteThis @tbdata.com> wrote in
 > news:Xns9540DEA8B3025WilliamTasso@130.133.1.4:
 >
  >> Marc Bissonnette wrote:
  >>
   >>> Hi all;
  >>
  >> Greetings
  >>
   >>> I need to send a username and password in a URL to avoid people
   >>> having to remember their userid and password (Yes, I'm aware of all
   >>> the problems with this, but the client has insisted)
   >>>
   >>> Normally, with an htaccess protected site, this is done simply with:
   >>>
<font color=brown>   >>> <a style='text-decoration: underline;' href="http://user:pass@www.somesite.com</font" target="_blank">http://user:pass@www.somesite.com</font</a>>
   >>>
   >>> However, this site is using an ASP script for login (and the above
   >>> doesn't work).
   >>>
   >>> I've tried:
   >>>
<font color=brown>   >>> <a style='text-decoration: underline;' href="http://www.somesite.com/login.asp?user=foo&pass=bar</font" target="_blank">http://www.somesite.com/login.asp?user=foo&pass=bar</font</a>>
   >>>
   >>> but it simply brings me back to the login site.
   >>> Assuming for a second that there isn't any referrer checking, is
   >>> there something about ASP that isn't letting me do this ? Any other
   >>> ideas would be much appreciated...
   >>>
  >>
  >> I'm guessing you're using scripted password protection - as opposed to
  >> integrated or basic.
  >>
  >> AFAIK there's no magic that will take values from the query string.
  >> You will need some script in login.asp
  >>
  >> Does that point you in the right direction? come back if you need
  >> more.
 >
 > Arg, I was hoping it wasn't like that
 >
 > The site it's pointing to isn't mine and I have no control over it -
 > With other CGI's, though, as long as you replicate the keys and values
 > in the URL, you can achieve the same effect, as long as you're not doing
 > anything like referer checking or whatnot
 >
 > Out of curiosity, if you had an asp script that did something like this
 > (I don't know ASP at all, so bear with me)
 >
 > print $in{text};
 >
 > with $in{text} being the contents of a text box with a name of 'text' -
 > if this simple asp-type thing was called foo.asp, could you then call
 > this url
 >
<font color=purple> > <a style='text-decoration: underline;' href="http://www.somesite.com/foo.asp?text=helloworld</font" target="_blank">http://www.somesite.com/foo.asp?text=helloworld</font</a>>
 >
 > would the simple little asp script see the key of 'text' with a value of
 > 'helloworld' or does ASP not work that way ? ( I always assumed it did,
 > since it's got to pass the variables along in the query string or the
 > URL, just like any other CGI...)

In foo.asp, you extract the value of text like this:
ExtractedText = Request.QueryString("text")

ExtractedText will equal helloworld.
Hopefully you can convince your customer to use SSL.


--
Karim
<a style='text-decoration: underline;' href="http://www.cheapesthosting.com" target="_blank">http://www.cheapesthosting.com</a> - Innovative Web Hosting since 1998
Online calendars with event email notification - Online Photo Album (RSS
Enabled)<!-- ~MESSAGE_AFTER~ -->
 >> Stay informed about: Need help with user & pass to ASP 

Marc Bissonnette wrote:

 > William Tasso <SpamBlocked.TakeThisOut@tbdata.com> wrote in
 > news:Xns9540DEA8B3025WilliamTasso@130.133.1.4:
 >
  >> Marc Bissonnette wrote:
  >>
   >>> Hi all;
  >>
  >> Greetings
  >>
   >>> I need to send a username and password in a URL to avoid people
   >>> having to remember their userid and password (Yes, I'm aware of all
   >>> the problems with this, but the client has insisted)
   >>>
   >>> Normally, with an htaccess protected site, this is done simply with:
   >>>
<font color=brown>   >>> <a style='text-decoration: underline;' href="http://user:pass@www.somesite.com</font" target="_blank">http://user:pass@www.somesite.com</font</a>>
   >>>
   >>> However, this site is using an ASP script for login (and the above
   >>> doesn't work).
   >>>
   >>> I've tried:
   >>>
<font color=brown>   >>> <a style='text-decoration: underline;' href="http://www.somesite.com/login.asp?user=foo&pass=bar</font" target="_blank">http://www.somesite.com/login.asp?user=foo&pass=bar</font</a>>
   >>>
   >>> but it simply brings me back to the login site.
   >>> Assuming for a second that there isn't any referrer checking, is
   >>> there something about ASP that isn't letting me do this ? Any other
   >>> ideas would be much appreciated...
   >>>
  >>
  >> I'm guessing you're using scripted password protection - as opposed to
  >> integrated or basic.
  >>
  >> AFAIK there's no magic that will take values from the query string.
  >> You will need some script in login.asp
  >>
  >> Does that point you in the right direction? come back if you need
  >> more.
 >
 > Arg, I was hoping it wasn't like that
 >
 > The site it's pointing to isn't mine and I have no control over it -
 > With other CGI's, though, as long as you replicate the keys and values
 > in the URL, you can achieve the same effect, as long as you're not doing
 > anything like referer checking or whatnot

<whisper> POST </whisper> ... see below.


 > Out of curiosity, if you had an asp script that did something like this
 > (I don't know ASP at all, so bear with me)
 >
 > print $in{text};
 >
 > with $in{text} being the contents of a text box with a name of 'text' -
 > if this simple asp-type thing was called foo.asp, could you then call
 > this url
 >
<font color=purple> > <a style='text-decoration: underline;' href="http://www.somesite.com/foo.asp?text=helloworld</font" target="_blank">http://www.somesite.com/foo.asp?text=helloworld</font</a>>
 >

assumes vbScript

response.write request.queystring("text") for variables passed using 'get'

response.write request.form("text") for variables passed using 'post'

response.write request("text") for variables passed using either - however programmers
are not encouraged to use this in production code because of processing overhead
considerations.

 > would the simple little asp script see the key of 'text' with a value of
 > 'helloworld' or does ASP not work that way ? ( I always assumed it did,
 > since it's got to pass the variables along in the query string or the
 > URL, just like any other CGI...)

If you can get access to the server you could always revert to perl - I never seen a
windows server that didn't support it.

--
William Tasso
Recommended reading ...
<a style='text-decoration: underline;' href="http://www.catb.org/~esr/faqs/smart-questions.html" target="_blank">http://www.catb.org/~esr/faqs/smart-questions.html</a>
<a style='text-decoration: underline;' href="http://www.aww-faq.org/" target="_blank">http://www.aww-faq.org/</a><!-- ~MESSAGE_AFTER~ -->
 >> Stay informed about: Need help with user & pass to ASP 

Marc Bissonnette wrote:

 > Hi all;
 >
 > I need to send a username and password in a URL to avoid people having to
 > remember their userid and password (Yes, I'm aware of all the problems with
 > this, but the client has insisted)
 >
 > Normally, with an htaccess protected site, this is done simply with:
 >
<font color=purple> > <a style='text-decoration: underline;' href="http://user:pass@www.somesite.com</font" target="_blank">http://user:pass@www.somesite.com</font</a>>
 >
 > However, this site is using an ASP script for login (and the above doesn't
 > work).
 >
 > I've tried:
 >
<font color=purple> > <a style='text-decoration: underline;' href="http://www.somesite.com/login.asp?user=foo&pass=bar</font" target="_blank">http://www.somesite.com/login.asp?user=foo&pass=bar</font</a>>
 >
 > but it simply brings me back to the login site.
 > Assuming for a second that there isn't any referrer checking, is there
 > something about ASP that isn't letting me do this ? Any other ideas would
 > be much appreciated...
 >

Refuse to do it. I would.

--


x theSpaceGirl (miranda)

# lead designer @ <a style='text-decoration: underline;' href="http://www.dhnewmedia.com" target="_blank">http://www.dhnewmedia.com</a> #
# remove NO SPAM to email, or use form on website #<!-- ~MESSAGE_AFTER~ -->
 >> Stay informed about: Need help with user & pass to ASP 

*SpaceGirl* wrote:
 > Refuse to do it. I would.

Approve perhaps. Yoda would.
--
Andrew Urquhart
- Contact me: <a style='text-decoration: underline;' href="http://andrewu.co.uk/contact/" target="_blank">http://andrewu.co.uk/contact/</a>
- This post is probably time-stamped +1 hour - blame my ISP (NTL)<!-- ~MESSAGE_AFTER~ -->
 >> Stay informed about: Need help with user & pass to ASP 

SpaceGirl <NOspaceSPAMgirl.RemoveThis@subhuman.net> wrote in
news:2nqcj9F3790tU1@uni-berlin.de:

 > Marc Bissonnette wrote:
 >
  >> Hi all;
  >>
  >> I need to send a username and password in a URL to avoid people
  >> having to remember their userid and password (Yes, I'm aware of all
  >> the problems with this, but the client has insisted)
  >>
  >> Normally, with an htaccess protected site, this is done simply with:
  >>
<font color=green>  >> <a style='text-decoration: underline;' href="http://user:pass@www.somesite.com</font" target="_blank">http://user:pass@www.somesite.com</font</a>>
  >>
  >> However, this site is using an ASP script for login (and the above
  >> doesn't work).
  >>
  >> I've tried:
  >>
<font color=green>  >> <a style='text-decoration: underline;' href="http://www.somesite.com/login.asp?user=foo&pass=bar</font" target="_blank">http://www.somesite.com/login.asp?user=foo&pass=bar</font</a>>
  >>
  >> but it simply brings me back to the login site.
  >> Assuming for a second that there isn't any referrer checking, is
  >> there something about ASP that isn't letting me do this ? Any other
  >> ideas would be much appreciated...
  >>
 >
 > Refuse to do it. I would.

Sure, but then they'd refuse to pay your invoice for other services
rendered.

They were warned about the implications of it, but the content it gives
access to is no where near 'sensitive' data or anything like that.


--
Marc Bissonnette
CGI / Database / Web Management Tools: <a style='text-decoration: underline;' href="http://www.internalysis.com" target="_blank">http://www.internalysis.com</a>
Looking for a new ISP? <a style='text-decoration: underline;' href="http://www.canadianisp.com" target="_blank">http://www.canadianisp.com</a><!-- ~MESSAGE_AFTER~ -->
 >> Stay informed about: Need help with user & pass to ASP 

William Tasso <SpamBlocked DeleteThis @tbdata.com> wrote in
news:Xns9540E6AF7B30DWilliamTasso@130.133.1.4:

 > Marc Bissonnette wrote:
 >
  >> William Tasso <SpamBlocked DeleteThis @tbdata.com> wrote in
  >> news:Xns9540DEA8B3025WilliamTasso@130.133.1.4:
  >>
   >>> Marc Bissonnette wrote:
   >>>
   >>>> Hi all;
   >>>
   >>> Greetings
   >>>
   >>>> I need to send a username and password in a URL to avoid people
   >>>> having to remember their userid and password (Yes, I'm aware of all
   >>>> the problems with this, but the client has insisted)
   >>>>
   >>>> Normally, with an htaccess protected site, this is done simply
   >>>> with:
   >>>>
<font color=brown>   >>>> <a style='text-decoration: underline;' href="http://user:pass@www.somesite.com</font" target="_blank">http://user:pass@www.somesite.com</font</a>>
   >>>>
   >>>> However, this site is using an ASP script for login (and the above
   >>>> doesn't work).
   >>>>
   >>>> I've tried:
   >>>>
<font color=brown>   >>>> <a style='text-decoration: underline;' href="http://www.somesite.com/login.asp?user=foo&pass=bar</font" target="_blank">http://www.somesite.com/login.asp?user=foo&pass=bar</font</a>>
   >>>>
   >>>> but it simply brings me back to the login site.
   >>>> Assuming for a second that there isn't any referrer checking, is
   >>>> there something about ASP that isn't letting me do this ? Any other
   >>>> ideas would be much appreciated...
   >>>>
   >>>
   >>> I'm guessing you're using scripted password protection - as opposed
   >>> to integrated or basic.
   >>>
   >>> AFAIK there's no magic that will take values from the query string.
   >>> You will need some script in login.asp
   >>>
   >>> Does that point you in the right direction? come back if you need
   >>> more.
  >>
  >> Arg, I was hoping it wasn't like that
  >>
  >> The site it's pointing to isn't mine and I have no control over it -
  >> With other CGI's, though, as long as you replicate the keys and
  >> values in the URL, you can achieve the same effect, as long as you're
  >> not doing anything like referer checking or whatnot
 >
 > <whisper> POST </whisper> ... see below.
 >
 >
  >> Out of curiosity, if you had an asp script that did something like
  >> this (I don't know ASP at all, so bear with me)
  >>
  >> print $in{text};
  >>
  >> with $in{text} being the contents of a text box with a name of 'text'
  >> - if this simple asp-type thing was called foo.asp, could you then
  >> call this url
  >>
<font color=green>  >> <a style='text-decoration: underline;' href="http://www.somesite.com/foo.asp?text=helloworld</font" target="_blank">http://www.somesite.com/foo.asp?text=helloworld</font</a>>
  >>
 >
 > assumes vbScript
 >
 > response.write request.queystring("text") for variables passed using
 > 'get'
 >
 > response.write request.form("text") for variables passed using 'post'
 >
 > response.write request("text") for variables passed using either -
 > however programmers are not encouraged to use this in production code
 > because of processing overhead considerations.
 >
  >> would the simple little asp script see the key of 'text' with a value
  >> of 'helloworld' or does ASP not work that way ? ( I always assumed it
  >> did, since it's got to pass the variables along in the query string
  >> or the URL, just like any other CGI...)
 >
 > If you can get access to the server you could always revert to perl -
 > I never seen a windows server that didn't support it.

Nah, it's a third party site that won't give us access to them, 'cuz
there's no reason for it - the password thing is really more of a
convenience thing, than anything else.

I had forgotten that the latest upgrades to MSIE were disallowing UIDs
and passwords in the URL, so that means that this solution isn't a
solution after all.

I'll try doing a simple form on the server we control and submitting from
there. If that doesn't work, then I'll simply suggest putting the
username and password right beside the link

--
Marc Bissonnette
CGI / Database / Web Management Tools: <a style='text-decoration: underline;' href="http://www.internalysis.com" target="_blank">http://www.internalysis.com</a>
Looking for a new ISP? <a style='text-decoration: underline;' href="http://www.canadianisp.com" target="_blank">http://www.canadianisp.com</a><!-- ~MESSAGE_AFTER~ -->
 >> Stay informed about: Need help with user & pass to ASP 

in post: <news:Xns9540A6CB8C829dragnetinternalysisc@207.35.177.134>
Marc Bissonnette <dragnet.DeleteThis@internalysis.com> said:

 > I need to send a username and password in a URL to avoid people having to
 > remember their userid and password (Yes, I'm aware of all the problems with
 > this, but the client has insisted)

your client needs to contact microsoft and tell them to stop
distributing a recent security upgrade that prevents user/passes in
URIs. opera has also dropped support in recent versions, dunno about
moz, i only use it for testing.

browsers already have an ability to remember user/passes if the visitor
so wishes, the client is creating an issue where none exists. have them
killed.

--
i h e a r v o i c e s<!-- ~MESSAGE_AFTER~ -->
 >> Stay informed about: Need help with user & pass to ASP 

Marc Bissonnette wrote:


  >>Refuse to do it. I would.
 >
 >
 > Sure, but then they'd refuse to pay your invoice for other services
 > rendered.
 >
 > They were warned about the implications of it, but the content it gives
 > access to is no where near 'sensitive' data or anything like that.
 >
 >

But it's so easy to do using more secure methods. Sounds like a crap
client to me :/

--


x theSpaceGirl (miranda)

# lead designer @ <a style='text-decoration: underline;' href="http://www.dhnewmedia.com" target="_blank">http://www.dhnewmedia.com</a> #
# remove NO SPAM to email, or use form on website #<!-- ~MESSAGE_AFTER~ -->
 >> Stay informed about: Need help with user & pass to ASP 

Andrew Urquhart wrote:

 > *SpaceGirl* wrote:
 >
  >>Refuse to do it. I would.
 >
 >
 > Approve perhaps. Yoda would.

LOL! Didn't mean it to sound Yoda-esque

--


x theSpaceGirl (miranda)

# lead designer @ <a style='text-decoration: underline;' href="http://www.dhnewmedia.com" target="_blank">http://www.dhnewmedia.com</a> #
# remove NO SPAM to email, or use form on website #<!-- ~MESSAGE_AFTER~ -->
 >> Stay informed about: Need help with user & pass to ASP 

*Karim* wrote:
 > In foo.asp, you extract the value of text like this:
 > ExtractedText = Request.QueryString("text")
 > ExtractedText will equal helloworld.

Only if you cast it into a string, as it current stands 'ExtractedText'
is a collection object.
--
Andrew Urquhart
- FAQ: <a style='text-decoration: underline;' href="http://www.aww-faq.org" target="_blank">www.aww-faq.org</a>
- Archive: <a style='text-decoration: underline;' href="http://www.google.com/groups?q=alt.www.webmaster" target="_blank">www.google.com/groups?q=alt.www.webmaster</a>
- Contact me: <a style='text-decoration: underline;' href="http://andrewu.co.uk/contact/" target="_blank">http://andrewu.co.uk/contact/</a>
- This post is probably time-stamped +1 hour - blame my ISP (NTL)<!-- ~MESSAGE_AFTER~ -->
 >> Stay informed about: Need help with user & pass to ASP 

On Tue, 10 Aug 2004 11:32:47 GMT, Andrew Urquhart wrote:

 > *Karim* wrote:
  >> In foo.asp, you extract the value of text like this:
  >> ExtractedText = Request.QueryString("text")
  >> ExtractedText will equal helloworld.
 >
 > Only if you cast it into a string, as it current stands 'ExtractedText'
 > is a collection object.

You don't have to. Save the below code as test.asp and call it using
<a style='text-decoration: underline;' href="http://localhost/test.asp?text=helloworld" target="_blank">http://localhost/test.asp?text=helloworld</a> and the response you'll get is
helloworld.


<%
Dim ExtractedText
ExtractedText = Request.QueryString("text")
response.write ExtractedText

%>



Karim
--
<a style='text-decoration: underline;' href="http://www.cheapesthosting.com" target="_blank">http://www.cheapesthosting.com</a> - Innovative Web Hosting since 1998
Online calendars with event email notification - Online Photo Album (RSS
Enabled)<!-- ~MESSAGE_AFTER~ -->
 >> Stay informed about: Need help with user & pass to ASP 

SpaceGirl <NOspaceSPAMgirl RemoveThis @subhuman.net> wrote in news:2nrevsF3scseU5@uni-
berlin.de:

 > Marc Bissonnette wrote:
 >
 >
   >>>Refuse to do it. I would.
  >>
  >>
  >> Sure, but then they'd refuse to pay your invoice for other services
  >> rendered.
  >>
  >> They were warned about the implications of it, but the content it gives
  >> access to is no where near 'sensitive' data or anything like that.
  >>
  >>
 >
 > But it's so easy to do using more secure methods. Sounds like a crap
 > client to me :/

Not at the money they're paying me, they're not


--
Marc Bissonnette
CGI / Database / Web Management Tools: <a style='text-decoration: underline;' href="http://www.internalysis.com" target="_blank">http://www.internalysis.com</a>
Looking for a new ISP? <a style='text-decoration: underline;' href="http://www.canadianisp.com" target="_blank">http://www.canadianisp.com</a><!-- ~MESSAGE_AFTER~ -->
 >> Stay informed about: Need help with user & pass to ASP