16-3 ?用範?:任?網??密碼認?

`NϥΡuKX{ҡvdҡAӻpX client-side script server-side scriptAӹFKKX{ҥ\CdҪSIpUG
  1. ݭnΨ IIS ΦA@~tΥ{ҥ\AҥHݺ޲z̡]Administrator^vA]iϥΡC
  2. ϥΤKAuݦbQKXO@ɤJ]Include^@ɮקYiC
  3. ϥ session ܼơAC{ҫAĮɶ 20 C
²ƻAڭ̨ϥΡuؼкvӥNuQKXO@vAèϥΡuӷvӥN]tuؼкvsCUC]password/source.asp^OdҪiJIG

Example]password/source.asp^G

WzdҪlɮצpUG

lɡ]password/source.asp^G]ǦϰUYi^
<%@language=jscript%>
<%title="g Session ܼƫOsKX{ҡG Client M Server XB"%>
<!--#include file="../head.inc"-->
<hr>

<p align=center>I惡<a href="target.asp">K</a>I
<p align=center>] "source.asp"^

<hr>
<!--#include file="../foot.inc"-->

bWzdҤAunϥΪIuKvAN|}ұKX{ҵApUG

wgNTbMKXbrA]unIueXvA{ҵN|QAæbܡuKvG

ڭ̲{ݬݦuKvlXG

lɡ]password/target.asp^G]ǦϰUYi^
<%@language=jscript%>
<!--#include file="auth.inc"-->
<%title = "K" %>
<!--#include file="../head.inc"-->
<hr>

<p align=center>zw\nJKI</h3>
<p align=center> "target.asp"A session ܼƦpUG
<br>Session("source") = <%=Session("source")%>
<br>Session("target") = <%=Session("target")%>

<p align=center>
<a href="delauth.asp">{ҸT</a><br>

<hr>
<!--#include file="../foot.inc"-->

lXM@ ASP õLSBAߤ@tOOblɮתĤ@CA]tFt@ɮ auth.inc ӭtd{ҡAoOdҪҦbA䤺epUG

lɡ]password/auth.inc^G]ǦϰUYi^
<%
// Ȭ{ҸTO_sbG
// 1. YsbAhơC
// 2. YsbAhX{ҵ]auth.asp^AШDJKXAæbJ]source.asp^C

// ݭnKXO@Auݭn include ɮסAYiFO@\C
%>

<script>
function getPassword() {	// ܻ{ҵ
	var toURL = "auth.asp";
	win1 = window.open(toURL, "getPassword", "height=300, width=500, alwaysRaised");
}
</script>

<% // wqơAT{{ҸTO_sb
function authentication(sessionVariable){
	// This file is usually loaded twice after the user has input the password correctly.
	// When it's loaded the second time, Request.ServerVariables("HTTP_REFERER") will be empty since the page is loaded via a JavaScript in the authentication window
	if ((Request.ServerVariables("HTTP_REFERER")+"")!="undefined")	// Xӷ
		Session("source") = (Request.ServerVariables("HTTP_REFERER")+"");
	Session("target") = Request.ServerVariables("URL")+"";	// ؼк
	if (Request.ServerVariables("QUERY_STRING")!="")
		Session("target") = Session("target") + "?" + Request.ServerVariables("QUERY_STRING");
	if (!sessionVariable){ %>
		<script>
		getPassword();		// ܻ{ҵ
		history.go(-1);		// Jӷ
		</script>
		<% Response.End()
	}
}

authentication(Session("ok")); %>

blɤAڭ̩wqFӨơAObΤݻPAݰA껡pUG

~AY{ҸTsbAڭ̥}һ{ҵAepUG

lɡ]password/auth.asp^G]ǦϰUYi^
<%@language=jscript%>
<%title="KX{Һ"%>
<!--#include file="../head.inc"-->
<hr>
<%  
// تiKX{ҡG
// 1. YqLAh}ҳQO@ target.asp 
// 2. YqLAhШDsJbBKX

login=Request("login")+"";
password=Request("password")+"";
if ((login=="jang") && (password=="jang")){
	Session("ok") = true; %>
	<script>
	window.opener.document.location="<%=Session("target")%>";	// } target 
	window.close();							// KX{ҵ
	</script>
<% } else {
//	if ((Request.ServerVariables("HTTP_REFERER")+"")!="undefined")	// eXIsۤv]Y window.open() Ҷ}AS referer^
	if ((login!="undefined") && (password!="undefined"))		// eXIsۤv
		Response.Write("<p align=center>Ʀ~AЭաG<br>");
%>
	<form method=post>
	<table border=0 align=center>
	<tr><td align=right>bG<td><input name="login" value="jang">
	<tr><td align=right>KXG<td><input type=password name="password" value="jang">
	<tr><td align=center colspan=2><input type=submit></a>
	</table>
	</form>
<%
}
%>
<hr>

\iHpUG

  1. YϥΪ̿JTbKXAh]w Session("ok") trueAPɦb}ҥؼкA{ҵC
  2. YbKXTAhb{ҵܭӪ{ҵeC
AѦdҡAŪ̪}ҦdҡAèBIݬݡAHxB@CWzdҪy{AipUG

  1. ϥΪ̱q source.asp ]ӷ^I target.asp]ؼк^C
  2. target.asp |ˬdO_wgLT{ҡ]BɶWL 20 ^ATOdb session("ok")CYܼƬ TrueAh target.aspC
  3. Y session("ok") FalseANݭn{ҡAɫhXKX{ҺAæbJ source.aspC
  4. ϥΪ̦b{ҵJ{ҸTAY~AO{ҵ}ҡA~nD{ҸTC
  5. YoT{ҸTAh{ҵA]w session("ok") TrueAæb} target.aspC
WzAiάy{ܦpUG

Example]password/password.ppt^G

bdҤA`@oA줭ɮסAFUŪAѦdҡAڭ̱Nɮת\OpUG


JScript {]pPΡGΩAݪ ASP