HTTP Authentication (Basic or Digest) in ASP Classic via IIS
I want to develop a website in ASP classic that uses HTTP Authentication against a database or password list that is under the control of the script. Ideally, the solution should involve no components or IIS settings as the script should be runnable in a hosted environment.
Any clues/code deeply appreciated.
Answer
It is possible to do HTTP Basic Authentication in pure classic ASP VBScript.
You will need something to decode base 64. Here is a pure VBScript implementation. You will also need to make sure that in your IIS config you turn off "Basic authentication" and "Integrated Windows authentication" as these will interfere with what you get back in the HTTP_AUTHORIZATION header.
Here is a sample implementation that just echoes back the user name and password.
<%@LANGUAGE="VBSCRIPT"%>
<!--#include file="decbase64.asp" -->
<%
Sub Unauth()
Call Response.AddHeader("WWW-Authenticate", "Basic realm=""SomethingGoesHere""")
Response.Status = "401 Unauthorized"
Call Response.End()
End Sub
Dim strAuth
strAuth = Request.ServerVariables("HTTP_AUTHORIZATION")
If IsNull(strAuth) Or IsEmpty(strAuth) Or strAuth = "" Then
Call Unauth
Else
%>
<html>
<body>
<%
Dim aParts, aCredentials, strType, strBase64, strPlain, strUser, strPassword
aParts = Split(strAuth, " ")
If aParts(0) <> "Basic" Then
Call Unauth
End If
strPlain = Base64Decode(aParts(1))
aCredentials = Split(strPlain, ":")
%>
<%= Server.HTMLEncode(aCredentials(0) & " - " & aCredentials(1)) %>
</body>
</html>
<%
End If
%>
Hooking the user name and password up to something meaningful is left as an exercise for the reader.