close ad
 
Important WebAssist Announcement
open ad
View Menu

Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

rating

Bug in Security Assist

Thread began 3/04/2010 6:06 am by jernej | Last modified 3/06/2010 1:03 am by jernej | 1651 views | 6 replies |

jernej

Bug in Security Assist

There is a bug in SA ASP version.

The WA_Auth_RulePasses("Logged in to customer")

gives:

Microsoft VBScript runtime error '800a000d'

Type mismatch: 'WA_Auth_RulePasses'

It happens only when you have ONE column value to check in Authorization script, like here:

If (Not WA_Auth_RulePasses("Logged in to customer")) and Request.Cookies("AutoLoginHash")<>"" Then
Dim WA_AuthParameter101 : Set WA_AuthParameter101 = Server.CreateObject("Scripting.Dictionary")
WA_AuthParameter101.Add "connection" , MM_xxx_STRING
WA_AuthParameter101.Add "tableName" , "customer"
WA_AuthParameter101.Add "columns" , Split("Cookie", WA_Auth_Separator)
WA_AuthParameter101.Add "columnValues" , Split("" & cStr(cStr(Request.Cookies("AutoLoginHash"))) & "", WA_Auth_Separator)
WA_AuthParameter101.Add "columnTypes" , Split("200", WA_Auth_Separator)
WA_AuthParameter101.Add "columnSizes" , Split("40", WA_Auth_Separator)
WA_AuthParameter101.Add "sessionColumns" , Split("CustomerID"&WA_Auth_Separator&"Username"&WA_Auth_Separator&"Password", WA_Auth_Separator)
WA_AuthParameter101.Add "sessionNames" , Split("CustomerID"&WA_Auth_Separator&"Username"&WA_Auth_Separator&"Password", WA_Auth_Separator)
WA_AuthParameter101.Add "successRedirect" , "/default.asp"
WA_AuthParameter101.Add "failRedirect" , ""
WA_AuthParameter101.Add "gotoPreviousURL" , True
WA_AuthParameter101.Add "keepQueryString" , True

WA_AuthenticateUser WA_AuthParameter101
End If

Could you please fix that?

Jerry

Sign in to reply to this post

Eric Mittman

This is not an issue that I can reproduce. I have crafted an authenticate user server behavior and and access rule for it very similar to yours. I used only a single column for the authentication, password, and stored some session variables based on other columns in the table.

I then applied an access rule to a page much like yours and I was able to login successfully and pass the rule. It looks as though you have customized the trigger for this authenticate user server behavior. What is the result you get with this server behavior by default?

It seems that the error is referring to the authentication rule in your custom trigger, what happens if you do not have this part in your custom trigger?

Sign in to reply to this post

jernej

Thanx for the help.

I don't have custom trigger, I just check if I have cookie set and if the user is not logged in (that part is not working). If I have cookie I wanted to use the behaviour to set 3 session variables from the DB.

If I do not use your rule for logged in customer, but let's say check if the customer is logged like session("CustomerID")<>"" then... the script works. I wanted to use your trigger (the log in customer one).

Sign in to reply to this post

Eric Mittman

Since you are getting a type mismatch and the error is pointing to the rule pass code in your if statement it tells me that whatever values this rule is evaluating is causing this problem. What value is being compared in this rule?

If you are comparing it to a session variable that does not exist yet it is possible that you are getting a mismatch based on this. One possibility is that the value being evaluated comes out as NULL, or it could be that you are trying to compare a numeric type of value against a string. This is the place to start looking though, whatever you are comparing against seems to be the problem.

There are several ways you can do some testing of this, if you print out the value you are comparing to you should be able to see what it it trying to match up. Another thing you can do is to apply the auth rule to another page by itself to see if you get an error there as well. Please post back and let us know what you discover.

Sign in to reply to this post

jernej

Well, I am comparing against: Request.Cookies("AutoLoginHash")

Problem is when there is NO COOKIE and there is empty string then. Then it fails.

i have used this behaviour many times, but allways with 2 cokkies, if both were empty (no cookies set) the result was not error. If I use one cookie that is empty, then I get error.

Jerry

Sign in to reply to this post

Eric Mittman

You say that the value you are comparing to is Request.Cookies("AutoLoginHash"), this is the 'and' part of your if statement. I was referring to the value that is being compared in the auth rule. Are you checking the same value in the rule? If so how is it setup and why are you trying to check it in both places?

When you say that you can make this check with two cookies and do not have the problem do you mean that you would have another 'and' condition in the if statement that is checking the value of another cookie? Also when you are using two cookies are both not existing when you check on them?

Sorry for all of the questions, I'm just trying to understand this the best I can so that I can reproduce exactly what you are experiencing to determine if there is something that can be updated to get past this issue. From what I have read here in this thread I'm wondering if a simple check for null on the cookie first could prevent this error from occurring.

Sign in to reply to this post

jernej

Sorry, I found out it may be my mistake all together. I think the include file went down beyond this behaviour, so it was checking before it got the proper variables :-( I think this may be the reason, I'll check further.

Sign in to reply to this post

Build websites with a little help from your friends

Your friends over here at WebAssist! These Dreamweaver extensions will assist you in building unlimited, custom websites.

Build websites from already-built web applications

These out-of-the-box solutions provide you proven, tested applications that can be up and running now.  Build a store, a gallery, or a web-based email solution.

Want your website pre-built and hosted?

Close Windowclose

Rate your experience or provide feedback on this page

Account or customer service questions?
Please user our contact form.

Need technical support?
Please visit support to ask a question

Content

rating

Layout

rating

Ease of use

rating

security code refresh image

We do not respond to comments submitted from this page directly, but we do read and analyze any feedback and will use it to help make your experience better in the future.

Close Windowclose

We were unable to retrieve the attached file

Close Windowclose

Attach and remove files

add attachmentAdd attachment
Close Windowclose

Enter the URL you would like to link to in your post

Close Windowclose

This is how you use right click RTF editing

Enable right click RTF editing option allows you to add html markup into your tutorial such as images, bulleted lists, files and more...

-- click to close --

Uploading file...