This code shows your visitors the Basic Authentication dialog (or NT Login Dialog)
It also returns the password and the username
If you like it, please vote for this 16 year old programmer :o)
'**************************************
' for :Complete working Basic Authentication
'**************************************
The Base64 decryption algorithm I used came from http://www.aspcode.net. Showing the dialog is completely by me
code: Can't Copy and Paste this? Click here for a copy-and-paste friendly version of this code!
Terms of Agreement:
By using this code, you agree to the following terms...
You may use
this code in your own programs (and may compile it into a program and distribute it in compiled format for languages that allow it) freely and with no charge.
You MAY NOT redistribute this code (for example to a web site) without written permission from the original author. Failure to do so is a violation of copyright laws.
You may link to this code from another website, but ONLY if it is not wrapped in a frame.
You will abide by any additional copyright restrictions which the author may have placed in the code or code's description.
'**************************************
' Name: Complete working Basic Authentication
' Description:This code shows your visitors the Basic Authentication dialog (or NT Login Dialog)
It also returns the password and the username
If you like it, please vote for this 16 year old programmer :o)
' By: Almar Joling
'
' Inputs:In the dialog the username and password (/and domain)
'
' Returns:The password and username given by the visitors of your site
'
' Assumes:Paste it and run it. It does not verify any usernames or so.
'
' Side Effects:Protects your site :o))
'
'This code is copyrighted and has' limited warranties.Please see http://www.Planet-Source-Code.com/vb/scripts/ShowCode.asp?txtCodeId=6300&lngWId=4'for details.'**************************************
<%
Response.Buffer = True
Response.Clear
Dim Myname, MyPass
GetUser Myname, MyPass
Response.Write MyName & "->" & MyPass
if len(Myname) = 0 then
Response.Status = "401 Unauthorized"
Response.AddHeader "WWW-Authenticate","BASIC Realm=enter your realm here"
Response.End
End If
Sub GetUser(LOGON_USER, LOGON_PASSWORD)
Dim UP, Pos, Auth
Auth = Request.ServerVariables("HTTP_AUTHORIZATION")
LOGON_USER = ""
LOGON_PASSWORD = ""
If LCase(Left(Auth, 5)) = "basic" Then
UP = Base64Decode(Mid(Auth, 7))
Pos = InStr(UP, ":")
If Pos > 1 Then
LOGON_USER = Left(UP, Pos - 1)
LOGON_PASSWORD = Mid(UP, Pos + 1)
End If
End If
End Sub
' Decodes a base-64 encoded string.
Function Base64Decode(base64String)
Const Base64CodeBase = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"
Dim dataLength, Out, groupBegin
dataLength = Len(base64String)
Out = ""
If dataLength Mod 4 <> 0 Then
Err.Raise 1, "Base64Decode", "Bad Base64 string."
Exit Function
End If
' Now decode each group:
For groupBegin = 1 To dataLength Step 4
Dim numDataBytes, CharCounter, thisChar, thisData, groupData
' Each data group encodes up To 3 actual bytes.
numDataBytes = 3
groupData = 0
For CharCounter = 0 To 3
' <B>Convert</B> each character into 6 bits of data, And add it To
' an integer For temporary storage. If a character is a '=', there
' is one fewer data byte. (There can only be a maximum of 2 '=' In
' the whole string.)
thisChar = Mid(base64String, groupBegin + CharCounter, 1)
If thisChar = "=" Then
numDataBytes = numDataBytes - 1
thisData = 0
Else
thisData = InStr(Base64CodeBase, thisChar) - 1
End If
If thisData=-1 Then
Err.Raise 2, "Base64Decode", "Bad character In Base64 string."
Exit Function
End If
groupData = 64 * groupData + thisData
Next
' Convert 3-byte integer into up To 3 characters
Dim OneChar
For CharCounter = 1 To numDataBytes
Select Case CharCounter
Case 1: OneChar = groupData \ 65536
Case 2: OneChar = (groupData And 65535) \ 256
Case 3: OneChar = (groupData And 255)
End Select
Out = Out & Chr(OneChar)
Next
Next
Base64Decode = Out
End Function
%>
Have you found a way to create a username and password list for basic authentication rather then working with a predefined realm? I work with a shared server and I can not add users to the realm. (If this comment was disrespectful, please report it.)
I don't exactly know what you mean, but I think this is right: Hmm, the realm is so far I know not completely neccassary. This code gives you the username and the password. If you verify this with a userlist containing password and username everything should be ok.
If you want to change the realm you can simply but an other string (for example from a database) after the "Realm"
(If this comment was disrespectful, please report it.)
this code is not that bad but you can get through it without entering the password...Do check the code again. (If this comment was disrespectful, please report it.)
KayHan: It does not verify any password or usernames. When someone enters a username and password you must verify it before anything is returned. If the password/username is not correct it just should return "Access Unauthorised" by sending the status "401". I'll have another check on the code, and add a database system behind it ;o)
(If this comment was disrespectful, please report it.)
Well done Almar. I've been looking for a script that would display the browser's authentication dialog... and this one works great. Now all I have to do is verify against a database of users and everythign will be sweet. Thanks heaps - you got my vote for sure! (If this comment was disrespectful, please report it.)
I just wrote a comment on your other articles site saying that I think this is not only wonderfully useful code, but its simple, there are some milestones you have to get around (eg. no server side includes before adding to the header, and make sure basic and ntlm is turned off. Thanks a bundle Almar, this code is now being used on our companys private access area Cheers (If this comment was disrespectful, please report it.)
I m a beginner. Although u have provided the code , but i still dunno what to do with the code. Paste it?In where?Or use it to create a new .asp?I would like secured my page from exposing to others n the password is default but users name aren't.Would this code help me?Thanks for reply. (If this comment was disrespectful, please report it.)
hi i dont really know what to do with the code, I have only just started using ASP. I can get the login screen to come up but can someone please help me on what to do next to get it to work ?? Thank you (If this comment was disrespectful, please report it.)
Wounder full, just wounderfull, I've been looking for a script like this. But I wanted to use this with a database, but can't make that work. Could you please submit a new version of your absolute WOUNDERFULL code!? If needed this Sooooo long, and I'm nearly there. I have over 1000 visitors daily on my website, I'll give you huge credit there if you can help me??PLEASE PLEASE PLEASE help me.....and again wounderful script...Keep it ut man!
Please reply on my post.
Yours sincerely Preben Nyloekken (If this comment was disrespectful, please report it.)
It's time I made a small "faq" for this... I recently discovered *very* much replies on this code, and my other ASP code, but I never checked that email account anymore. I'm grateful sorry that I never replied to any of your messages.
(If this comment was disrespectful, please report it.)
It's pretty good that this tool is developed. It'll be useful for most of the application..thanks (If this comment was disrespectful, please report it.)
9/10/2002 6:05:59 PM:
eng. (If this comment was disrespectful, please report it.)
1/29/2003 12:44:38 AM:
I'm a beginner. Can anyone ""PLEASE"" post how to use/place this code on an htm or ASP page. I'm using ISS. Thank you in advanced! (If this comment was disrespectful, please report it.)
5/27/2003 6:07:14 PM:
I'm a beginner. Can anyone ""PLEASE"" tell me how to use/ and where to place this code on an htm or ASP page. I'm using IIS.
Thank you in advanced (If this comment was disrespectful, please report it.)
This code is not working, i receive the login screen 3 times and then nothing, i type the correct user/pass but the code can't authenticate my information (If this comment was disrespectful, please report it.)
5/31/2004 6:37:16 AM:
thanks for your greate job, my friend
all I can say is it's wonderful! (If this comment was disrespectful, please report it.)
"The Base64 decryption algorithm I used came from http://www.aspcode.net. Showing the dialog is completely by me "
I rather think it's the other way around. (If this comment was disrespectful, please report it.)
5/12/2005 10:46:17 AM:
Hi, Great Code. Can this code be integrated into my .NET Aspx page ? If can, how ?
thanks (If this comment was disrespectful, please report it.)
5/12/2005 10:47:14 AM:
Hi: Great Code. Wonder can this code be integrated into .NET aspx page ? If can, how so ?
thank you
(If this comment was disrespectful, please report it.)
Add Your Feedback
Your feedback will be posted below and an email sent to
the author. Please remember that the author was kind enough to
share this with you, so any criticisms must be stated politely, or they
will be deleted. (For feedback not related to this particular code, please
click here instead.)
By 28 Users
8/5/2000 11:10:41 AM: 
