最近修改一个古老的asp程序,需要为单独几个页面进行基本身份认证。由于IIS自带的设置基本身份认证是针对文件夹的,而这几个页面又不方便挪动位置,幸好在网上找到一个asp实现WWW-Authenticate basic认证示例,简单修改封装成了一个辅助类,基本满足需要。
<!--#include file="base64Helper.asp" -->
<%
Class BasicAuthHelper
Public Sub Unauth()
'realm不要设置为中文,会乱码
Call Response.AddHeader("WWW-Authenticate", "Basic realm=""Please input username and password""")
Response.Status = "401 Unauthorized"
Call Response.End()
End Sub
Public Function Authenticate(byval uid, byval pwd)
Dim strAuth:strAuth = Request.ServerVariables("HTTP_AUTHORIZATION")
If IsNull(strAuth)=False and IsEmpty(strAuth)=False and strAuth <> "" Then
Dim aParts, aCredentials, strType, strBase64, strPlain, strUser, strPassword
aParts = Split(strAuth, " ")
If aParts(0) = "Basic" Then
dim base64 : set base64 = new Base64Helper
strPlain = base64.Decode(aParts(1))
aCredentials = Split(strPlain, ":")
'response.write "<p>strAuth=" & strAuth
'response.write "<p>aParts(1)=" & aParts(1)
'response.write "<p>strPlain=" & strPlain
'response.write "<p>UBound(aCredentials)=" & UBound(aCredentials)
if UBound(aCredentials) = 1 then
strUser = aCredentials(0)
strPassword= aCredentials(1)
'response.write "<p>strUser=" & strUser & ", strPassword=" & strPassword
'用户名和密码正确则返回True,这里也可以改为数据库验证之类的
if strUser = uid and strPassword = pwd then
Authenticate = True
Exit Function
End if
end if
End If
End if
'不正确
Authenticate=False
End Function
End Class
dim basicAuth: set basicAuth=new BasicAuthHelper
if basicAuth.Authenticate("admin","pass") then
Response.write "Authenticate OK"
else
basicAuth.Unauth()
end if
%>
PS: 虽然近日微软开始放风打算要彻底抛弃 Visual Basic了,但是从IIS一直支持 asp 这一点上看来,还是很厚道滴
来源:https://www.cnblogs.com/towerbit/p/12501500.html