Authorize users based on network login name.

[selvsagt]

Help with Authourizing users based on username???

Hi.

I use a simple kode to authenticate users. The web page is based on a msaccess db, and the users all sit in the same office.

<%
login=ucase(request.servervariables("AUTH_USER"))
login=right(login,len(login)-instr(login,"\"))
if login <>"ADM" and login<>"US1" and login<>"US2" and login<>"US3" and  login<>"US4" then
 response.redirect "http://web/noaccess.asp"
end if
%>

The problem is that the users change often, and I would therefore like to check my DB for users that have access. The DB has the name us.mdb
The maintainance of adding the username in all my 50 DAPS is hopeless, and require the DB administrator to make changes directly in code.

I have a table called users where the usernames are defined in the field username.

Does anyone have an idea on how to create such a code?
I am new to this and have really no idea on how to write this.
I have tried to copy and paste a code, but I end up with an errormessage.

I recieve an error that says, To few arguments, expected 1.

Any idea why?
Supportforums says its because there is an error in some field name, but I have checked them all.

Need help!


Here's the code:

<%
login=ucase(request.servervariables("AUTH_USER"))
login=right(login,len(login)-instr(login,"\"))

set conn=Server.CreateObject("ADODB.Connection")
conn.open("Driver={Microsoft Access Driver (*.mdb)};Dbq=\\web\us.mdb;Uid=Admin;Pwd=;")

set rs = conn.execute("SELECT username FROM users WHERE username=""" & login  & """") 
if rs.eof then
 Response.write rs.fields(0).value
else
 response.redirect "http://web/noaccess.asp"
 
end if
 
%>

 

[dan-cat]

If it doesn't work write out to the screen the command you're trying to execute.

<%
login=ucase(request.servervariables("AUTH_USER"))
login=right(login,len(login)-instr(login,"\"))

set conn=Server.CreateObject("ADODB.Connection")
conn.open("Driver={Microsoft Access Driver (*.mdb)};Dbq=\\web\us.mdb;Uid=Admin;Pwd=;")

[COLOR="Red"]' write out your select query to the page
response.write("SELECT username FROM users WHERE username=""" & login  & """")
' finish all further processing of this page
response.end()[/COLOR]

'set rs = conn.execute("SELECT username FROM users WHERE username=""" & login  & """") 
'if rs.eof then
 'Response.write rs.fields(0).value
'else
 'response.redirect "http://web/noaccess.asp"
 
'end if
 
%>

Paste your query into the access db and see if it works. If it does then you know it's not your sql syntax and you can move on to focus on other areas of your problem.