Authenticating user identities in ASP applications

For simplicity, this article only discusses user authentication on the server side. The login page verifies the identity of the user by calling the Signuseron function in Aspsecurity.inc. Signuseron Check the database for records with user-entered names and passwords that match:

function Signuseron (Asignon, Apassword)
Dim dict
' User entered name
Asignon = LCase (Trim (asignon))
' user input The password
Apassword = LCase (Trim (apassword))
' Extract user record into Dictionary object
Set dict = GetUser (asignon)
' Dict object contains a The user information of the method
if IsUser (dict) then
if not dict ("Password") = Apassword then
Signuseron = False
Session ("msg") = " Bad password. "
Exit Function
End If
' update last access time
Call Updatelaston (Asignon)
' identifies user records with SessionID (or when cookies are not supported, ID)
I F not session ("Supportscookies") then the
session ("ID") = GetID ()
Dict. Add "SessionID", Session ("ID")
Else
Dict. Add "SessionID", Session.SessionID
End If
' record last active time
Dict.add ' lastactivity ', now ()
' record current user information in session Set session ("user") = dict
Add current user to access user list
Call addusertoapplication (dict)
Signuseron = True
Else
Session ("MSG") = "User name error"
Signuseron = False
End If
End Function

If the user enters a name and password that matches a record in the database, the Signuseron function returns True. At this point, the user is authorized and the session ("User") variable contains a Dictionary object that contains the field name and value of the user's database record. In addition, the Dictionary object is added to the application ("user") array for easy access to the list of users currently accessing the secure site. Signuseron used many of the subroutines in the Aspsecurity.inc. Since most sub processes are similar, only the GetUser are discussed below. The function first connects to the database, then extracts the corresponding user record, and finally converts the record to the Dictionary object and returns it, as follows:

function getUser(aSignon)
dim conn
dim R
set conn = openConnection()
set R = conn.Execute("SELECT * FROM Users WHERE Users.Signon='" &
aSignon & "'")
if err.number < > 0 then
' 输出错误信息
......
response.end
end if
if not R.EOF then
set getUser = recordToDictionary(R)
else
set getUser = nothing
end if
R.Close
set R = nothing
conn.close
set conn = nothing
end function

If the user clicks the registration button on the registration page, after the necessary checks, it can be counted

A new user record has been generated from the library. Registered successful users will automatically enter the Security page, this part of the operation and

The normal logon process is the same.

Both authentication and registration operations store the error message in the session ("MSG") variable. These false letters

The interest can be displayed in the HTML page returned to the user:

< %
if Session("msg") < > "" then
' 显示错误信息
......
Session("msg") = ""
end if
%>