Code to Retrieve Login Credentials Using the Post Method and Set an MSCSAuth Ticket
This example shows how to retrieve the user ID and password submitted on a HTML form using the Post method, retrieve the profile corresponding to the user ID by using the Commerce Server Profiles resource, set the user ID in an MSCSAuth ticket, and redirect the user to the originally requested URL. Assume the user entered a user ID and password and clicked the Submit button on an HTML form. For more information about using the Profiles resource, see Example Code for Profile Objects.
Make sure the request is a form submission, then retrieve the user ID and password.
Dim sUserID, sPassword If Request.Form("realSubmit") = "fromButton" Then sUserID = Request.Form("txtUserName") sPassword = Request.Form("txtPassword") End If
Create and initialize the ProfileService object. The sBDSConnect parameter is the connection string to the Profile store where the profile definitions are saved.
Dim oProfileService Set oProfileService = Server.CreateObject("Commerce.ProfileService") oProfileService.Initialize sBDSConnect, "Profile Definitions"
Retrieve the profile associated with the submitted user ID. If the profile does not exist, redirect the user to the login page.
Dim oProfileObject Set oProfileObject = oProfileService.GetProfile(sUserID, "UserObject") If (oProfileObject Is Nothing) Then Response.Redirect "Login.asp" End If
Retrieve the password associated with the profile.
Dim sProfilePassword sProfilePassword = oProfileObject.user_security_password
If the submitted password matches the profile password, set the authentication ticket to use the AuthManager object, oAuthManager, created and initialized in Code to Create and Initialize AuthManager. If the passwords do not match, redirect the user to the login page.
If sPassword = sProfilePassword Then oAuthManager.SetAuthTicket sUserID, True, 45 Else Response.Redirect "Login.asp" End If
Append the user ID and password to the URL string as custom properties. This step is provided for sites using the AuthFilter ISAPI filter in Windows Authentication mode and, in general, is not required. For more information about this mode and specific to this step, see Post Method.
Dim sReturn sReturn = Request.Cookies("MSCSFirstRequestedURL") sReturn = sReturn & "&proxyuser=" & sUserID & "&proxypwd=" & sPassword
Redirect the user to the original requested URL.
Response.Redirect sReturn
Release the objects.
Set oProfileService = Nothing Set oProfileObject = Nothing Set oAuthManager = Nothing
Copyright © 2005 Microsoft Corporation.
All rights reserved.