通过 IIS 在 ASP Classic 中进行 HTTP 身份验证(基本或摘要) [英] HTTP Authentication (Basic or Digest) in ASP Classic via IIS

查看:22
本文介绍了通过 IIS 在 ASP Classic 中进行 HTTP 身份验证(基本或摘要)的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我想在 ASP 经典中开发一个网站,该网站对脚本控制下的数据库或密码列表使用 HTTP 身份验证.理想情况下,该解决方案不应涉及任何组件或 IIS 设置,因为脚本应可在托管环境中运行.

I want to develop a website in ASP classic that uses HTTP Authentication against a database or password list that is under the control of the script. Ideally, the solution should involve no components or IIS settings as the script should be runnable in a hosted environment.

非常感谢任何线索/代码.

Any clues/code deeply appreciated.

推荐答案

可以在纯经典的 ASP VBScript 中进行 HTTP 基本身份验证.

It is possible to do HTTP Basic Authentication in pure classic ASP VBScript.

你需要一些东西来解码 base 64.这是一个纯 VBScript 实现.您还需要确保在 IIS 配置中关闭基本身份验证"和集成 Windows 身份验证",因为它们会干扰您在 HTTP_AUTHORIZATION 标头中返回的内容.

You will need something to decode base 64. Here is a pure VBScript implementation. You will also need to make sure that in your IIS config you turn off "Basic authentication" and "Integrated Windows authentication" as these will interfere with what you get back in the HTTP_AUTHORIZATION header.

这是一个示例实现,它只是回显用户名和密码.

Here is a sample implementation that just echoes back the user name and password.

<%@LANGUAGE="VBSCRIPT"%>

<!--#include file="decbase64.asp" -->

<%
Sub Unauth()
    Call Response.AddHeader("WWW-Authenticate", "Basic realm=""SomethingGoesHere""")
    Response.Status = "401 Unauthorized"
    Call Response.End()
End Sub

Dim strAuth
strAuth = Request.ServerVariables("HTTP_AUTHORIZATION")

If IsNull(strAuth) Or IsEmpty(strAuth) Or strAuth = "" Then
    Call Unauth
Else 
    %>
    <html>
    <body>
    <% 
        Dim aParts, aCredentials, strType, strBase64, strPlain, strUser, strPassword
        aParts = Split(strAuth, " ")
        If aParts(0) <> "Basic" Then
            Call Unauth
        End If
        strPlain = Base64Decode(aParts(1))
        aCredentials = Split(strPlain, ":")
    %>
    <%= Server.HTMLEncode(aCredentials(0) & " - " & aCredentials(1)) %>
    </body>
    </html>
    <%
End If
%>

将用户名和密码与有意义的东西联系起来留给读者作为练习.

Hooking the user name and password up to something meaningful is left as an exercise for the reader.

这篇关于通过 IIS 在 ASP Classic 中进行 HTTP 身份验证(基本或摘要)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
服务器开发最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆