[raven/abandoned/asp.git] / Test.asp

<!DOCTYPE html>\r
<html>\r
<head>\r
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">\r
<!--#include file="Ucam_Webauth.vbs"-->\r
</head>\r
<%\r
\r
Sub Main\r
\r
	' Examine the 'UcamWebAuthTestingClient' cookie.\r
	' This cookie is used to store the index number of \r
	' the LAST test and the outcome of that test. This \r
	' cookie is only updated when an authentication \r
	' cycle is complete (which could be due to an \r
	' error) so we use the cookie to determine the \r
	' index of the CURRENT test. \r
	' \r
	' NOTE: This cookie is completely separate \r
	' from the 'Authentication cookie' and is \r
	' purely used for testing.\r
	'\r
	' The actual value of the cookie consists of \r
	' three elements delimited by '!': \r
	'\r
	' 'index!status_code!status_message'\r
                 \r
	testing_client_cookie_name = "UcamWebAuthTestingClient"\r
	testing_client_cookie_index = 1\r
	\r
	If (Request.Cookies(testing_client_cookie_name) <> "") Then\r
		testing_client_cookie_value = Request.Cookies(testing_client_cookie_name)\r
		testing_client_cookie_array = Split(testing_client_cookie_value, "!")\r
		testing_client_cookie_index = CInt(testing_client_cookie_array(0))\r
		testing_client_cookie_index = testing_client_cookie_index + 1\r
	End If\r
		\r
	' Create 'Scripting.Dictionary' object \r
	' to hold the arguments we will supply \r
	' to the 'Ucam_Webauth' object.\r
	\r
	Set args = CreateObject("Scripting.Dictionary")\r
	\r
	' Add the different arguments to the 'args' \r
	' associative array as name/value pairs.\r
	' Both name and value must be strings \r
	' so integers must be added as "x", eg. "60".\r
\r
	' 'auth_service' is the WLS authentication server.\r
	' The following line gives the the demo Raven testing server:\r
\r
	' args.Add "auth_service", "https://demo.raven.cam.ac.uk/auth/authenticate.html"\r
\r
	' We're testing with our Dummy Raven WLS server so use that:\r
	args.Add "auth_service", "http://www2.careers.cam.ac.uk:11812"        \r
\r
	' 'hostname' must be a domain name and perhaps a \r
	' port but nothing more.\r
	\r
	args.Add "hostname", "localhost:81"\r
\r
	' 'log_file' is the location of the logfile \r
	' which must be read/writable by the webserver.\r
	\r
	args.Add "log_file", "C:/wamp/www/raven/vbscriptlog.txt"\r
\r
	' 'key_dir' is the directory holding the \r
	' public key certificate.\r
	\r
	args.Add "key_dir", "C:/wamp/www/raven"\r
\r
	' 'cookie_key' is the key used to generate \r
	' hash values of the authentication cookie. \r
	' Ideally it should be changed on a regular basis \r
	' but not during sessions.\r
	\r
	args.Add "cookie_key", "Random string"\r
\r
	' We add the current iteration of testing in \r
	' 'testing_client_cookie_index' as a parameter \r
	' to Ucam_Webauth which should then be \r
	' included as a parameter in the authentication \r
	' request to the WLS and the subsequent \r
	' authentication response back from the WLS.\r
	\r
	args.Add "authrequest_params", CStr(testing_client_cookie_index)\r
\r
\r
	' Create new instance of 'Ucam_Webauth' \r
	' and supply arguments.\r
	' We do not need to include 'Request' and 'Response' \r
	' variables (as in C# version), in order to get/set \r
	' cookies and server variables and perform redirects \r
	' as these variables are globally accessible to ASP class.\r
			       \r
	Set oUcam_Webauth = New Ucam_Webauth\r
	Call oUcam_Webauth(args)       \r
	\r
	' For the purposes of testing, we provide \r
	' a 'Logout' link that removes the local \r
	' authentication cookie and then displays \r
	' a link to easily logout the Raven WLS.\r
	' So we check to see if this 'Action=Logout' \r
	' link has been called and logout/display \r
	' link accordingly.\r
	 		\r
	If (Request.ServerVariables("QUERY_STRING") = "Action=Logout") Then\r
		oUcam_Webauth.ResetState()\r
		Response.Write("Logged out of Raven (local)<br/>")\r
		Response.Write("<a href='https://raven.cam.ac.uk/auth/logout.html'>Logout Raven (remote)</a><br/>" & _\r
	    		      "<a href='Default.asp'>Access Raven authenticated page</a>")            \r
		Exit Sub\r
	End If		\r
\r
	' When you first access this page \r
	' the 'Authenticate' function will be called. \r
	' This will typically be called three times \r
	' in total to successfully authenticate the \r
	' user. In the first two iterations of \r
	' 'Authenticate', it will return \r
	' 'AUTHENTICATE_INCOMPLETE' while it \r
	' redirects the user's browser first to \r
	' the Raven WLS and then back to this page.\r
	' On the third iteration of 'Authenticate', it \r
	' will return 'AUTHENTICATE_COMPLETE_AUTHENTICATED' \r
	' or 'AUTHENTICATE_COMPLETE_NOT_AUTHENTICATED' \r
	' if the authentication process has fully \r
	' completed without error.\r
		\r
	Select Case oUcam_Webauth.Authenticate()\r
		\r
		Case oUcam_Webauth.AUTHENTICATE_INCOMPLETE\r
\r
			' 'Authenticate' still redirecting pages \r
			' so don't do anything else.\r
			\r
			Exit Sub\r
\r
		Case oUcam_Webauth.AUTHENTICATE_COMPLETE_AUTHENTICATED		\r
\r
			' Success so display the 'principal', ie. the user id.\r
			\r
			Response.Write("SUCCESS. You are " & oUcam_Webauth.principal() & "<br/>")\r
			\r
			' Also display the 'ptags' parameter indicating \r
			' whether the user is 'current' or not.\r
			\r
			Response.Write("Ptags = " & oUcam_Webauth.ptags() & "<br/>")\r
			\r
			' Display any 'GET variables' to check they \r
			' have carried through from the original \r
			' page request.\r
			\r
			For Each item In Request.QueryString() \r
	    		Response.Write item & "=" & Request.QueryString()(item) & "<br/>"  \r
			Next 			\r
			\r
			' Display a 'Logout' link to make it easy to \r
			' test authentication repeatedly.\r
			\r
			Response.Write("<a href='Default.asp?Action=Logout'>Logout Raven (local)</a>")                \r
		\r
		Case Else\r
			\r
			' Either there was an error or a failed \r
			' authentication so print out the result either way.\r
\r
			Response.Write("FAIL - " & oUcam_Webauth.status() & ": " & oUcam_Webauth.msg())\r
\r
			' Also log the error for debugging purposes.\r
								\r
			oUcam_Webauth.write_log("FAIL - " & oUcam_Webauth.status() & ": " & oUcam_Webauth.msg())\r
					\r
	End Select\r
\r
	' We use a 'UcamWebAuthTestingClient' cookie \r
	' to store the return 'status' of the most recent  \r
	' authentication attempt. The Dummy WLS server \r
	' looks at the value of this cookie, compares \r
	' it with its most recent attempt to generate a \r
	' particular status and logs the results. \r
	' Ideally the status/error the Dummy WLS server \r
	' tried to generate should match the status/error \r
	' recorded here.\r
	'\r
	' NOTE: The Dummy WLS server only performs the \r
	' comparison of 'actual' and 'expected' when \r
	' it receives a subsequent authentication request.\r
	' ie. when testing is terminated, the final \r
	' authentication attempt comparison may be lost.\r
	      	\r
	' Store number of testing iteration, return status and status msg.\r
	' To make it a session cookie, we don't specify 'Expires'.\r
		\r
	Response.Cookies("UcamWebAuthTestingClient") = CStr(testing_client_cookie_index) & "!" & oUcam_Webauth.status() & "!" & oUcam_Webauth.msg()	\r
		\r
	' We intend to perform another authentication attempt\r
	' so reset the state of Ucam_Webauth, ie. remove \r
	' the authentication cookie.\r
	\r
	oUcam_Webauth.ResetState()                    \r
\r
		\r
End Sub\r
\r
Call Main\r
\r
%>\r
\r
<script language="javascript">\r
\r
    // Set a brief timeout before reloading this page again \r
    // and triggering off another authentication attempt cycle.\r
\r
    window.setTimeout(function () { window.location.href = "http://localhost:81/Test.asp?Test1=Value1&Test2=Value2&Test3=Value3+Value4"; }, 10);\r
\r
</script>\r
\r
</html>\r
Commit	Line	Data
f560b040 MV	1	<!DOCTYPE html>\r
	2	<html>\r
	3	<head>\r
	4	<meta http-equiv="Content-Type" content="text/html; charset=utf-8">\r
	5	<!--#include file="Ucam_Webauth.vbs"-->\r
	6	</head>\r
	7	<%\r
	8	\r
	9	Sub Main\r
	10	\r
	11	' Examine the 'UcamWebAuthTestingClient' cookie.\r
	12	' This cookie is used to store the index number of \r
	13	' the LAST test and the outcome of that test. This \r
	14	' cookie is only updated when an authentication \r
	15	' cycle is complete (which could be due to an \r
	16	' error) so we use the cookie to determine the \r
	17	' index of the CURRENT test. \r
	18	' \r
	19	' NOTE: This cookie is completely separate \r
	20	' from the 'Authentication cookie' and is \r
	21	' purely used for testing.\r
	22	'\r
	23	' The actual value of the cookie consists of \r
	24	' three elements delimited by '!': \r
	25	'\r
	26	' 'index!status_code!status_message'\r
	27	\r
	28	testing_client_cookie_name = "UcamWebAuthTestingClient"\r
	29	testing_client_cookie_index = 1\r
	30	\r
	31	If (Request.Cookies(testing_client_cookie_name) <> "") Then\r
	32	testing_client_cookie_value = Request.Cookies(testing_client_cookie_name)\r
	33	testing_client_cookie_array = Split(testing_client_cookie_value, "!")\r
	34	testing_client_cookie_index = CInt(testing_client_cookie_array(0))\r
	35	testing_client_cookie_index = testing_client_cookie_index + 1\r
	36	End If\r
	37	\r
	38	' Create 'Scripting.Dictionary' object \r
	39	' to hold the arguments we will supply \r
	40	' to the 'Ucam_Webauth' object.\r
	41	\r
	42	Set args = CreateObject("Scripting.Dictionary")\r
	43	\r
	44	' Add the different arguments to the 'args' \r
	45	' associative array as name/value pairs.\r
	46	' Both name and value must be strings \r
	47	' so integers must be added as "x", eg. "60".\r
	48	\r
	49	' 'auth_service' is the WLS authentication server.\r
ec07b297	50	' The following line gives the the demo Raven testing server:\r
f560b040 MV	51	\r
	52	' args.Add "auth_service", "https://demo.raven.cam.ac.uk/auth/authenticate.html"\r
	53	\r
	54	' We're testing with our Dummy Raven WLS server so use that:\r
	55	args.Add "auth_service", "http://www2.careers.cam.ac.uk:11812" \r
	56	\r
	57	' 'hostname' must be a domain name and perhaps a \r
	58	' port but nothing more.\r
	59	\r
	60	args.Add "hostname", "localhost:81"\r
	61	\r
	62	' 'log_file' is the location of the logfile \r
	63	' which must be read/writable by the webserver.\r
	64	\r
	65	args.Add "log_file", "C:/wamp/www/raven/vbscriptlog.txt"\r
	66	\r
	67	' 'key_dir' is the directory holding the \r
	68	' public key certificate.\r
	69	\r
	70	args.Add "key_dir", "C:/wamp/www/raven"\r
	71	\r
	72	' 'cookie_key' is the key used to generate \r
	73	' hash values of the authentication cookie. \r
	74	' Ideally it should be changed on a regular basis \r
	75	' but not during sessions.\r
	76	\r
	77	args.Add "cookie_key", "Random string"\r
	78	\r
	79	' We add the current iteration of testing in \r
	80	' 'testing_client_cookie_index' as a parameter \r
	81	' to Ucam_Webauth which should then be \r
	82	' included as a parameter in the authentication \r
	83	' request to the WLS and the subsequent \r
	84	' authentication response back from the WLS.\r
	85	\r
	86	args.Add "authrequest_params", CStr(testing_client_cookie_index)\r
	87	\r
	88	\r
	89	' Create new instance of 'Ucam_Webauth' \r
	90	' and supply arguments.\r
	91	' We do not need to include 'Request' and 'Response' \r
	92	' variables (as in C# version), in order to get/set \r
	93	' cookies and server variables and perform redirects \r
	94	' as these variables are globally accessible to ASP class.\r
	95	\r
	96	Set oUcam_Webauth = New Ucam_Webauth\r
	97	Call oUcam_Webauth(args) \r
	98	\r
	99	' For the purposes of testing, we provide \r
	100	' a 'Logout' link that removes the local \r
	101	' authentication cookie and then displays \r
	102	' a link to easily logout the Raven WLS.\r
	103	' So we check to see if this 'Action=Logout' \r
	104	' link has been called and logout/display \r
	105	' link accordingly.\r
	106	\r
	107	If (Request.ServerVariables("QUERY_STRING") = "Action=Logout") Then\r
	108	oUcam_Webauth.ResetState()\r
	109	Response.Write("Logged out of Raven (local)<br/>")\r
	110	Response.Write("<a href='https://raven.cam.ac.uk/auth/logout.html'>Logout Raven (remote)</a><br/>" & _\r
	111	"<a href='Default.asp'>Access Raven authenticated page</a>") \r
	112	Exit Sub\r
	113	End If \r
	114	\r
115	' When you first access this page \r
116	' the 'Authenticate' function will be called. \r
117	' This will typically be called three times \r
118	' in total to successfully authenticate the \r
119	' user. In the first two iterations of \r
120	' 'Authenticate', it will return \r
121	' 'AUTHENTICATE_INCOMPLETE' while it \r
122	' redirects the user's browser first to \r
123	' the Raven WLS and then back to this page.\r
124	' On the third iteration of 'Authenticate', it \r
125	' will return 'AUTHENTICATE_COMPLETE_AUTHENTICATED' \r
126	' or 'AUTHENTICATE_COMPLETE_NOT_AUTHENTICATED' \r
127	' if the authentication process has fully \r
128	' completed without error.\r
129	\r
130	Select Case oUcam_Webauth.Authenticate()\r
131	\r
132	Case oUcam_Webauth.AUTHENTICATE_INCOMPLETE\r
133	\r
134	' 'Authenticate' still redirecting pages \r
135	' so don't do anything else.\r
136	\r
137	Exit Sub\r
138	\r
139	Case oUcam_Webauth.AUTHENTICATE_COMPLETE_AUTHENTICATED \r
140	\r
141	' Success so display the 'principal', ie. the user id.\r
142	\r
143	Response.Write("SUCCESS. You are " & oUcam_Webauth.principal() & "<br/>")\r
144	\r
145	' Also display the 'ptags' parameter indicating \r
146	' whether the user is 'current' or not.\r
147	\r
148	Response.Write("Ptags = " & oUcam_Webauth.ptags() & "<br/>")\r
149	\r
150	' Display any 'GET variables' to check they \r
151	' have carried through from the original \r
152	' page request.\r
153	\r
154	For Each item In Request.QueryString() \r
155	Response.Write item & "=" & Request.QueryString()(item) & "<br/>" \r
156	Next \r
157	\r
158	' Display a 'Logout' link to make it easy to \r
159	' test authentication repeatedly.\r
160	\r
161	Response.Write("<a href='Default.asp?Action=Logout'>Logout Raven (local)</a>") \r
162	\r
163	Case Else\r
164	\r
165	' Either there was an error or a failed \r
166	' authentication so print out the result either way.\r
167	\r
168	Response.Write("FAIL - " & oUcam_Webauth.status() & ": " & oUcam_Webauth.msg())\r
169	\r
170	' Also log the error for debugging purposes.\r
171	\r
172	oUcam_Webauth.write_log("FAIL - " & oUcam_Webauth.status() & ": " & oUcam_Webauth.msg())\r
173	\r
174	End Select\r
175	\r
176	' We use a 'UcamWebAuthTestingClient' cookie \r
177	' to store the return 'status' of the most recent \r
178	' authentication attempt. The Dummy WLS server \r
179	' looks at the value of this cookie, compares \r
180	' it with its most recent attempt to generate a \r
181	' particular status and logs the results. \r
182	' Ideally the status/error the Dummy WLS server \r
183	' tried to generate should match the status/error \r
184	' recorded here.\r
185	'\r
186	' NOTE: The Dummy WLS server only performs the \r
187	' comparison of 'actual' and 'expected' when \r
188	' it receives a subsequent authentication request.\r
189	' ie. when testing is terminated, the final \r
190	' authentication attempt comparison may be lost.\r
191	\r
192	' Store number of testing iteration, return status and status msg.\r
193	' To make it a session cookie, we don't specify 'Expires'.\r
194	\r
195	Response.Cookies("UcamWebAuthTestingClient") = CStr(testing_client_cookie_index) & "!" & oUcam_Webauth.status() & "!" & oUcam_Webauth.msg() \r
196	\r
197	' We intend to perform another authentication attempt\r
198	' so reset the state of Ucam_Webauth, ie. remove \r
199	' the authentication cookie.\r
200	\r
201	oUcam_Webauth.ResetState() \r
202	\r
203	\r
204	End Sub\r
205	\r
206	Call Main\r
207	\r
208	%>\r
209	\r
210	<script language="javascript">\r
211	\r
212	// Set a brief timeout before reloading this page again \r
213	// and triggering off another authentication attempt cycle.\r
214	\r
215	window.setTimeout(function () { window.location.href = "http://localhost:81/Test.asp?Test1=Value1&Test2=Value2&Test3=Value3+Value4"; }, 10);\r
216	\r
217	</script>\r
218	\r
219	</html>\r