Got a bit of an interesting question.
I'm in the process of learning ASP.NET using Microsoft's CTP of Visual Web Studio "Orcas". Part of my classic ASP website incorporates a login section where if someone logging in belongs to my corporate Active Directory (i.e. employees), then I use their given credentials to connect to my SQL Server database (and Exchange Web Services) to create a very nice, pretty, fully-integrated CRM solution so they can get on with their work.
If it's one of my clients (with an email address) then it picks this up and does exactly the same thing - BUT retrieves their login details from a table stored within this database, accessed using the IIS_MACHINE anonymous account.
Having looked over the asp:Login and asp:SqlDataSource, I'm a little lost (being a complete newbie to the whole .NET thing - although it looks pretty powerful from what I've seen so far). How would I go about doing this?
Example code:
Expand|Select|Wrap|Line Numbers
- <script runat="server">
- Function CheckAuthCreds(ByVal myUserName As String, ByVal myPassword As String) As Boolean
- 'Two-step login - check type of login requested (staff or client)
- 'If staff - Windows authentication and relevant features built into Exchange/SQL Server etc.
- 'If client - SQL server MD5-encrypted password check and limited Exchange
- Select Case InStr(myUserName, "@")
- Case Is > -1
- 'We know this is a client email login. Run SQL query to find details.
- myDbConn.SelectCommand = "SELECT * FROM tbl_Clients WHERE EmailAddr = '" & myUserName & "' AND UserPwd = '"
- Dim hashedDataBytes As Byte()
- Dim encoder As New UTF8Encoding()
- Dim md5Hasher As New System.Security.Cryptography.MD5CryptoServiceProvider
- hashedDataBytes = md5Hasher.ComputeHash(encoder.GetBytes(myPassword))
- Dim b As Byte
- For Each b In hashedDataBytes
- myDbConn.SelectCommand = myDbConn.SelectCommand & b
- Next b
- myDbConn.SelectCommand = myDbConn.SelectCommand & "'"
- MsgBox(myDbConn.SelectCommand) 'Just to test that I got the MD5 stuff correct
- Return True
- Case Else
- 'This is a staff login, use WinAuth to verify ID against SQL Server.
- 'THIS IS WHERE I'M STUCK!!! I can't seem to connect to the SQL Server DB using the staff username and password
- '(cause the connection string is stored in web.config file and I don't know how to alter it)
- End Select
- End Function
- Sub DoLogin(ByVal sender As Object, ByVal e As AuthenticateEventArgs)
- Dim blIsAuthed As Boolean
- blIsAuthed = CheckAuthCreds(loginbox.UserName, loginbox.Password)
- e.Authenticated = blIsAuthed
- If e.Authenticated = True Then
- Else
- MsgBox("Login failed")
- End If
- End Sub
- </script>
- <title>My website</title>
- </head>
- <body>
- <table style="width: 100%;">
- <tr>
- <td>
- <form runat="server">
- <asp:SqlDataSource runat="server" ConnectionString="<%$ ConnectionStrings:mydb %>" ID="myDbConn">
- </asp:SqlDataSource>
- <asp:Login ID="loginbox" runat="server" OnAuthenticate="DoLogin">
- </asp:Login>
- </form>
- </td>
- </tr>
- </table>
- </body>
- </html>
Many thanks in advance,
medicineworker/MPDDK-mm4