| View previous topic :: View next topic |
| Author |
Message |
Isaiah
Joined: 18 Apr 2007
Posts: 6
|
 Posted: Wed Apr 18, 2007 7:55 am Post subject: Web interface Mod, User authentication |
 |
|
Ok, I have just recieved the PageGate software within the last week, and am familiarizing myself to it. We have managed to get most everything setup the way we want, but are still missing something...
We are on a secure domain, and I have setup IIS to authenticate users from our domain and log them...
Under the IIS settings for my site, the "Directory Security" tab, the "Edit" button. Then un-check "anonymous access" and check "basic auth" and put in my domain name. Also checking "Integrated Windows Auth" so that the users don't have to type in login credentials. I also enabled the NCSA logging, because the W3C for some reason was logging my times as being 6 hours off. No big deal, the NCSA gives me what I need. The users are authenticated just fine, and the logs show all activity.
Now here's where it gets hard...
On the guilist.htm template (or most templates for that matter), there is a FROM field. Our facility feels that this is insecure, and doesn't want anyone to be able to put in ANY name as a from, and possibly page important people with derogatory messages. So in order to aleviate this, I have changed the template to a .ASP file, and managed to resolve that also.
The entire FROM portion of the form can be modified to say this:
| Code: |
| <CENTER>FROM <INPUT SIZE=40 MAXLENGTH=80 READONLY="READONLY" CLASS="READONLYSTYLE" NAME="FRM" VALUE="<%= Request.ServerVariables("REMOTE_USER") %>"></TEXTAREA></CENTER> |
The READONLY attribute, and class of course are so the user cannot change the values, and I added a VALUE= where the ASP code <%= Request.ServerVariables("REMOTE_USER") %>requests the remote user's account info. This can be used to pull many details from both the server, and the client side.
My issue then becomes. Any value pulled as the remote user also includes our domain name (i.e. "DOMAIN\USERNAME"). We don't mind that it says that on the web page, but we don't want that taking up characters in our Alpha pages. This once again, part of security, we want the "From" field sent to the pagers, as long as it doesn't include that domain at the begining.
I tried creating a JScript to remove it. And then call the script as part of the FORM ACTION part onSubmit="DoRemDomain()", but I am afraid that I made the Jscript wrong, because no action is taken. I have already removed the Jscript since it doesn't work, but I need to add something to strip this out.
What I need is code that can run in my new ASP page, that can strip all characters up to the "\" or just "DOMAIN\" being stripped. Either way is fine, I just cannot get the code right myself no matter what I try.
Any help would be greatly appreciated.
Thanks,
Isaiah Pascoe
|
|
| Back to top |
|
Isaiah
Joined: 18 Apr 2007
Posts: 6
|
| Posted: Mon Apr 23, 2007 10:36 am Post subject: |
|
|
| Ok, I have tried everything I can think of. Both Javascript and VBscript with many different methods, and nothing seems to work. I know you guys are more focused on your software, and not the web programming. But I still need this accomplished, and I figured you guys know more about the entire package. I even thought if the Webgate.EXE could be modifed to strip certain things. Matter of fact, it would be nice to have a config utility that modifies what Webgate.exe accepts/sends. I know that is more in your programming level, and this may be the route we need to go. I just need to do something... Help Please :( [/code]
|
|
| Back to top |
|
Tech Support
Joined: 25 Aug 2003
Posts: 4395
|
| Posted: Mon Apr 23, 2007 4:49 pm Post subject: |
|
|
| Have you tried modifying the code in the 'DoCheckSender' function? That is where you would want to strip out text from the sender (from) field.
|
|
| Back to top |
|
Isaiah
Joined: 18 Apr 2007
Posts: 6
|
| Posted: Tue Apr 24, 2007 7:28 am Post subject: |
|
|
Yes but I have modified it, with no luck. Which portion am I to change?
| Code: |
function DoCheckSender () {
// strip out spaces in FRM field
var i;
var sender = "";
for (i = 0; i < (document.MYFORM.FRM.value.length); i++) {
if (document.MYFORM.FRM.value.charAt(i) == " ") {
sender = sender + "_";
}
else {
sender = sender + document.MYFORM.FRM.value.charAt(i);
}
}
document.MYFORM.FRM.value = sender;
}
// --> |
I have tried the 2nd line as:
| Code: |
var sender = "/DOMAIN";
|
Which didn't work, and I also tried:
| Code: |
if (document.MYFORM.FRM.value.charAt(i) == "/DOMAIN") {
|
Which also didn't work. Of course, I called the DoCheckSender at the onSubmit of the form, but still had no luck. I guess I am just unsure about how the checksender function works, but I thought it would have been one of those 2 places.
Thanks for your assistance...
|
|
| Back to top |
|
Isaiah
Joined: 18 Apr 2007
Posts: 6
|
| Posted: Mon May 07, 2007 9:59 am Post subject: |
|
|
| Anybody have any new ideas on how I should modify the "DoCheckSender" function? I am still at a loss, and my boss wants this to go online ASAP...
|
|
| Back to top |
|
Tech Support
Joined: 25 Aug 2003
Posts: 4395
|
| Posted: Mon May 07, 2007 1:52 pm Post subject: |
|
|
Here is a function that should work for you:
| Code: |
function DoCheckSender () {
// strip out spaces in FRM field
var i = 0;
var sender = "";
var foundslash = false;
for (i = 0; i < (document.MYFORM.FRM.value.length); i++) {
if (document.MYFORM.FRM.value.charAt(i) == " ") {
sender = sender + "_";
}
else {
sender = sender + document.MYFORM.FRM.value.charAt(i);
}
}
document.MYFORM.FRM.value = sender;
// strip domain off beginning of sender
sender = "";
for (i = 0; i < (document.MYFORM.FRM.value.length); i++) {
if (foundslash === true) {
sender = sender + document.MYFORM.FRM.value.charAt(i);
}
if (document.MYFORM.FRM.value.charAt(i) == "\\") {
foundslash = true;
}
}
if (foundslash === true) {
document.MYFORM.FRM.value = sender;
}
}
|
|
|
| Back to top |
|
Isaiah
Joined: 18 Apr 2007
Posts: 6
|
| Posted: Mon May 07, 2007 2:15 pm Post subject: |
|
|
| As much as I thought that would work, it didn't. I called it on the OnSubmit with no luck, and then under <BODY> in an OnLoad call, to see what it was doing, and it doesn't seem to make any change. I am not sure but I am curious about Javascript running in ASP, is there an issue with that? If so, I am not sure of what to do, besides writing a CGI to pull the values into a dB of sorts, and then strip the domain in there, before returning the page for submission.
|
|
| Back to top |
|
wiklej
Joined: 26 Mar 2007
Posts: 23
|
| Posted: Mon Jun 18, 2007 7:52 am Post subject: Here's What I Did |
|
|
I had the exact same issue as you and here's what I did to make it work for me:
Right before the </head> tag, I added this code:
<%
Dim strUser
strUser = (Request.ServerVariables("remote_user"))
UserName = Mid(strUser, 17, 30)
Session("User") = UserName
%>
The 17,30 line is what strips the domain off the username, so 17 denotes where the actual username starts - it strips off the first 16 characters, and 30 is how long the username is. You'll have to play around with those numbers to make it work exactly right.
Then, just under there, where you're declaring the "username" input I changed the input type to this:
<INPUT TYPE=HIDDEN NAME="USER" VALUE = "allusers">
<INPUT TYPE=HIDDEN NAME="SUBJECT" VALUE = "">
<INPUT TYPE=HIDDEN NAME="VALIDATE_USER" VALUE = "FALSE">
<INPUT TYPE=HIDDEN NAME="VALIDATE_SUBJ" VALUE = "TRUE">
<INPUT TYPE=HIDDEN NAME="FRM" Value=<% response.write UserName %>>
The last line is what "response.write"'s the username and now they're all hidden so the user can't change it. I wasn't really worried about them seeing the field since they know what their username is, and if they can't change it, why even show it to them?
Hope this helps.
Jeff
|
|
| Back to top |
|
Isaiah
Joined: 18 Apr 2007
Posts: 6
|
| Posted: Thu Jun 21, 2007 12:47 pm Post subject: TOPIC RESOLVED!!! |
|
|
Thanks so much Jeff for that, that fixed us up and we are rockin'
Also thanks to everyone else here on NotePage who helped work with me.
-Isaiah
|
|
| Back to top |
|
|
