• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

FBA - Possible to build in logic to these pages?

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Publishing] >> Web Publishing >> FBA - Possible to build in logic to these pages? Page: [1]
Login
Message << Older Topic   Newer Topic >>
FBA - Possible to build in logic to these pages? - 10.Nov.2008 11:00:33 PM   
alsace

 

Posts: 13
Joined: 4.Dec.2007
Status: offline 		Hi all,

We have a DMZ with an ISA front-end (2006 SE - v5.0.5720.100), and it has a web publishing rule for a web server in an attached DMZ. We currently use Forms Based Auth to access this web site. All authentication occurs in a seperate domain - which is also in a DMZ - and it is completely isolated from our production domain.

We have modified the form in order to accomodate the standard branding, company colours etc etc. (I think we copied the original 'Exchange' directory).

IT'S FANTASTIC!

Anyway to cut a long story short I want to know if there is a way to build some logic into what the users are typing into the username / password fields at all?

For example, after typing in their username and password and hitting enter I would like certain conditions to be checked - eg 'if the username is in a specific format (like A******) then throw an error or redirect back to the logon page. For everything else, continue processing the publishing rule and any relevant access rules.'

I have asked our web dudes this question, but given that the FBA URL contains a dll file (https://<OurCompanyExtranet.com/CookieAuth.dll?GetLogon?curl=Z2F&reason=0&formdir=3) then they are at a loss (i.e. there is no simple Default.htm to point them to).

So my questions are:
1. Am I making any sense?
2. If 1 = 'yes', are my requirements possible to anyones knowledge?


Thanks for any help,

Alsace


Post #: 1
RE: FBA - Possible to build in logic to these pages? - 12.Nov.2008 12:38:30 AM   
alsace

 

Posts: 13
Joined: 4.Dec.2007
Status: offline 		FYI it looks like we have found a way.

The default landing page is located at
C:\Program Files\Microsoft ISA Server\CookieAuthTemplates\<Your_Forms_Application>\HTML\usr_pwd.htm

Our web developer has built in some javascript to this page that checks for certain conditions and throws an error if those conditions are met, else continue with the logon

Preliminary testing looks positive

Alsace


(in reply to alsace)
Post #: 2
RE: FBA - Possible to build in logic to these pages? - 12.Nov.2008 6:21:10 PM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline 		Be useful if you could share your finalised code for others to benefit...it would be appreciated  

_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to alsace)
Post #: 3
RE: FBA - Possible to build in logic to these pages? - 13.Nov.2008 12:06:16 AM   
alsace

 

Posts: 13
Joined: 4.Dec.2007
Status: offline 		See below for the contents of usr_pwd.htm. There are 2 highlighted (and underlined) bits:

1. The first part is an additional javascript function
2. The second part is the onclick event that calls the function.

The function looks for the presence of a period "." in the username field once the user clicks Log On. If a period IS NOT present then an alert pops up saying 'bad name' (pretty crude but it was a quick and dirty test - it can be tailored as needed).

This is pretty much the extent of my knowledge (as I said our web developers authored it).

================================================

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<!-- {57A118C6-2DA9-419d-BE9A-F92B0F9A418B} -->
<html>
<head>
    <title>@@L_WindowTitle_Text</title>
    <meta http-equiv="Content-Type" content="text/html; CHARSET=utf-8">
    <meta content="NOINDEX, NOFOLLOW" name="Robots">
    <link href="/CookieAuth.dll?GetPic?formdir=@@FORMDIR&image=logon_style.css" type="text/css" rel="stylesheet">
    <script src="/CookieAuth.dll?GetPic?formdir=@@FORMDIR&image=flogon.js" type="text/javascript"></script>
<script type="text/javascript">
                <!--
               
                var a_fGzpEnbl = 1;
    var g_fFcs = 1;
               
    function window_onload()
    {
        onld();
       
        if (chkCookies())
        {
                                                ldCookie('username', 'password');
                            
                                                var expl1 = document.getElementById('expl1');
                                                expl1.style.display = "";
                                   
                                                var lnkHidedSection = document.getElementById('lnkHdSec');
                                                lnkHidedSection.style.display = "none";
                               
                                                var lnkShowSection = document.getElementById('lnkShwSec');
                                                lnkShowSection.style.display = "";
                                }
    }
 
 
 
    function ValidUserCheck()
                {
 
var myTextField = document.getElementById("username");
var postn = 0;
 
 
 
 for (i=0; i < myTextField.value.length; i++)
            {
 
                  if (myTextField.value.substring(i, i+1) == ".")
                  {
                        postn = i;
                  }
            }
           
 
 
                if(postn == 0 )
 
                                {
               
                                                alert("bad name");
                                                return;
 
                                }
                                clkLgn()
 
 
                }
 
                -->
</script>
</head>
<body class="ltr" onload="return window_onload();">
<form action="/CookieAuth.dll?Logon" method="post" id="logonForm" autocomplete="off">
<input type="hidden" id="curl" name="curl" value="@@DESTINATION" />
<input type="hidden" id="flags" name="flags" value="@@GZIP_VAL" />
<input type="hidden" id="forcedownlevel" name="forcedownlevel" value="0" />
<input type="hidden" id="formdir" name="formdir" value="@@FORMDIR" />
 <!-- Main table -->
<table align="center" id="tblMain" cellpadding=0 cellspacing=0>
                <tr>
                                <td colspan=3><img src="/CookieAuth.dll?GetPic?formdir=@@FORMDIR&image=lgntop.gif" alt=""></td>
                </tr>
                <tr>
                                <td id="mdLft">&nbsp;</td>
                                <td id="mdMid">
        <!-- Mid table -->
        <table id="tblMid" class="mid">
        <tbody>
        <tr>
          <td class="expl" id="expltxt"></td>
        </tr>
        <tr>
          <td class="align">
              <!-- Table 1-->
              <table cellpadding="0" cellspacing="0">
                                         <tr>
                                                        <td class="wrng">@@INSERT_USER_TEXT</td>
                                        </tr>
                                                  </table> 
                                                  <!-- End Table 1-->
          </td>
        </tr>
        <tr>
          <td>
            <hr /><!-- HR-->
          </td>
        </tr>
         <tr>
          <td class="align">
              <!-- Table 2-->
              <table cellpadding="0" cellspacing="0">
                <col>
                                        <col class="w100">
                                        <tr id="trSec">
                                                                    <td class="nowrap">
                                                                                    @@L_ShowTrustTitle_Text&nbsp;
                                                                    </td>
                                                                    <td id="expl1" style="display:none">
                                                                        ( <a href="javascript:clkExp(lnkShwSec)" id="lnkShwSec">@@L_ShowDetail_Text</a><a href="javascript:clkExp(lnkHdSec)" id="lnkHdSec">@@L_HideDetail_Text</a> )
                                                                    </td>
                                                    </tr>
                                                  </table> 
                                                  <!-- End Table 2-->
          </td>
        </tr>
        <tr>
          <td>
            <!--Table 3-->
            <table cellpadding="0" cellspacing="0">
                                                    <col>
                                                    <col class="w100">
                                                    <tr class="height">
                                                                    <td><input id="rdoPblc" type="radio" name="trusted" value="0" class="rdo" onclick="clkSec()" checked="checked" /></td>
                                                                    <td><label for="rdoPblc">@@L_ShowPublicUI_Text</label></td>
                                                    </tr>
                                                    <tr id="trPubExp" class="expl" style="display:none">
                                                                    <td></td>
                                                                    <td>@@L_PublicDescription_Text</td>
                                                    </tr>
                                                    <tr class="height">
                                                                    <td><input id="rdoPrvt" type="radio" name="trusted" value="4" class="rdo" onclick="clkSec()" /></td>
                                                                    <td><label for="rdoPrvt">@@L_ShowTrustedUI_Text</label></td>
                                                    </tr>
                                                    <tr id="trPrvtExp" class="expl" style="display:none">
                                                                    <td></td>
                                                                    <td>@@L_PremiumTrustDescription_Text</td>
                                                    </tr>
                                                    <tr id="trPrvtWrn" class="wrng" style="display:none">
                                                                    <td></td>
                                                                    <td>@@L_TrustWarning_Text</td>
                                                    </tr>
                                                </table>
                                                <!-- End Table 3-->
          </td>
        </tr>
        <tr>
          <td>
            <hr /><!-- HR-->
          </td>
        </tr>
        <tr>
          <td>
                                                <!-- Table 5-->
                                                <table cellpadding=0 cellspacing=0>
                                                    <col>
                                                    <col class="w100">
                                                                <tr style="display: @@CHPWDSTYLE">
                                                                                <td valign="top"><input id="chpwd" name="chpwd" type="checkbox" class="rdo" onclick="clkChpwd()" /></td>
                                                                                <td nowrap><label for="chpwd">@@L_RequestPwdChange_Text</label></td>
                                                                </tr>
                                                                <tr id="trChpwdExp" class="expl" style="display:none">
                                                                                <td></td>
                                                                                <td>@@L_RequestPwdChangeExpl_Text</td>
                                                                </tr>
                                                </table>
                                                <!-- End Table 5-->
          </td>
        </tr>
        <tr style="display: @@CHPWDSTYLE">
          <td>
            <hr /><!-- HR-->
          </td>
        </tr>
        <tr>
          <td>
            <!-- Table 6-->
            <table cellspacing="0" cellpadding="0">
              <colgroup>
              <col class="nowrap">
              <col class="w100">
              <col>
              <tbody>
                  <tr>
                    <td class="nowrap"><label for="username">@@L_UserName_Text</label></td>
                    <td class="txtpad">
                        <input class="txt" id="username" name="username" type="text" />
                    </td>
                  </tr>
                  <tr>
                    <td class="nowrap"><label for="password">@@L_Password_Text</label></td>
                    <td class="txtpad">
                        <input class="txt" id="password" onfocus="g_fFcs=0" type="password" name="password" />
                    </td>
                  </tr>
                  <tr>
                    <td class="nowrap">&nbsp;</td>
                    <td class="txtpad" colspan="2">
                        <input class="btn" onmousedown="this.className='btnOnMseDwn'" id="SubmitCreds" onmouseover="this.className='btnOnMseOvr'" onclick="ValidUserCheck()" onmouseout="this.className='btn'" type="submit" value="@@L_LoginButton_Text" name="SubmitCreds" />
                    </td>
                  </tr>
              </tbody>
             </table>
             <!-- End Table 6-->
          </td>
        </tr>
        <tr>
          <td>
            <hr /><!-- HR-->
          </td>
        </tr>
       </tbody>
      </table>
      <!-- End Mid Table-->
      <!-- Mid2 Table-->
                                <table id="tblMid2" class="mid" style="display:none">
                                                <tr><td><hr /></td></tr>
                                                <tr>
                                                                <td><br />@@L_CookiesDisabledWrn_Text<br /><br /><br /></td>
                                                </tr>
                                                <tr><td><hr></td></tr>
                                                <tr>
                                                                <td class="txtpad">
                                                                                <input type="button" class="btn" style="float: right" value="@@L_RetryButton_Text" onclick="clkRtry()"
                                                                                onmouseover="this.className='btnOnMseOvr'" onmouseout="this.className='btn'" onmousedown="this.className='btnOnMseDwn'">
                                                                </td>
                                                </tr>
                                </table>
      <!-- End Mid2 Table-->
                                <table class="mid tblConn">
                                                <tr>
                                                                <td class="tdCopy">@@L_Copyright</td>
                                                </tr>
                                </table>
                </td>
                <td id="mdRt">&nbsp;</td>
                </tr>
                <tr>
                                <td colspan=3><img src="/CookieAuth.dll?GetPic?formdir=@@FORMDIR&image=lgnbottom.gif" alt=""></td>
                </tr>
 </tbody>
</table>
<!-- End Main Table-->
</form>
</body>
</html>

================================================

regards,

Alsace

(in reply to Jason Jones)
Post #: 4
RE: FBA - Possible to build in logic to these pages? - 13.Nov.2008 10:08:40 AM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline 		Thanks!

_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to alsace)
Post #: 5
RE: FBA - Possible to build in logic to these pages? - 20.Nov.2008 8:55:03 PM   
alsace

 

Posts: 13
Joined: 4.Dec.2007
Status: offline 		******* UPDATED *******

After some testing I noticed that an incorrect logon (one without a period) would throw the error, but if the user was still a valid user on the web site it would still allow the request (i.e. ISA would throw the error but it still attempts the authentication in the background...which is not what I wanted - I wanted it to stop at the front door).

So below is the new code provided to me which now appears to satisfy the requirements (they added a 'return' condition that would return false without the existence of a period, else true). If false is returned, the user is returned to the form without an authentication attempt (even if they are a valid user on the web site - the only way they are allowed through is if they are a valid user AND they have a period in their logon name).

Also note that position zero is defined here as returning false. This means that all (valid) users that have a period in their logon will be let through UNLESS THE PERIOD IS IN POSITION ZERO.

SO:
"anything.anything" is OK
".anything" is NOT ok, even if they exist on the web site. This can apparently be changed by defining a negative integer at the "var postn = 0" line (i.e. instead of "var postn = 0", have "var postn = -1"). But this is not tested, and nor do I need to because none of our users have a period at character zero, so it is an inadvertant security enhancement for us.

Code:
=====================================================
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<!-- {57A118C6-2DA9-419d-BE9A-F92B0F9A418B} -->
<html>
<head>
   <title>@@L_WindowTitle_Text</title>
   <meta http-equiv="Content-Type" content="text/html; CHARSET=utf-8">
   <meta content="NOINDEX, NOFOLLOW" name="Robots">
   <link href="/CookieAuth.dll?GetPic?formdir=@@FORMDIR&image=logon_style.css" type="text/css" rel="stylesheet">
   <script src="/CookieAuth.dll?GetPic?formdir=@@FORMDIR&image=flogon.js" type="text/javascript"></script>
<script type="text/javascript">
<!--

var a_fGzpEnbl = 1;
   var g_fFcs = 1;

   function window_onload()
   {
       onld();
      
       if (chkCookies())
       {
  ldCookie('username', 'password');
            
  var expl1 = document.getElementById('expl1');
  expl1.style.display = "";
    
  var lnkHidedSection = document.getElementById('lnkHdSec');
  lnkHidedSection.style.display = "none";
     
  var lnkShowSection = document.getElementById('lnkShwSec');
  lnkShowSection.style.display = "";
 }
   }


   function ValidUserCheck()
{
var myTextField = document.getElementById("username");
var postn = 0;

for (i=0; i < myTextField.value.length; i++)
           {
 
                 if (myTextField.value.substring(i, i+1) == ".")
                 {
                       postn = i;
                 }
           }
          
//if the character searched for is in 0th position, that will not be allowed
if(postn == 0 )
 {

  alert("bad name");
  return false;
 }
 clkLgn()

}
-->
</script>
</head>
<body class="ltr" onload="return window_onload();">
<form action="/CookieAuth.dll?Logon" method="post" id="logonForm" autocomplete="off">
<input type="hidden" id="curl" name="curl" value="@@DESTINATION" />
<input type="hidden" id="flags" name="flags" value="@@GZIP_VAL" />
<input type="hidden" id="forcedownlevel" name="forcedownlevel" value="0" />
<input type="hidden" id="formdir" name="formdir" value="@@FORMDIR" />
<!-- Main table -->
<table align="center" id="tblMain" cellpadding=0 cellspacing=0>
<tr>
 <td colspan=3><img src="/CookieAuth.dll?GetPic?formdir=@@FORMDIR&image=lgntop.gif" alt=""></td>
</tr>
<tr>
 <td id="mdLft">&nbsp;</td>
 <td id="mdMid">
       <!-- Mid table -->
       <table id="tblMid" class="mid">
       <tbody>
       <tr>
         <td class="expl" id="expltxt"></td>
       </tr>
       <tr>
         <td class="align">
             <!-- Table 1-->
             <table cellpadding="0" cellspacing="0">
          <tr>
          <td class="wrng">@@INSERT_USER_TEXT</td>
         </tr>
    </table> 
    <!-- End Table 1-->
         </td>
       </tr>
       <tr>
         <td>
           <hr /><!-- HR-->
         </td>
       </tr>
        <tr>
         <td class="align">
             <!-- Table 2-->
             <table cellpadding="0" cellspacing="0">
               <col>
         <col class="w100">
         <tr id="trSec">
       <td class="nowrap">
        @@L_ShowTrustTitle_Text&nbsp;
       </td>
       <td id="expl1" style="display:none">
           ( <a href="javascript:clkExp(lnkShwSec)" id="lnkShwSec">@@L_ShowDetail_Text</a><a href="javascript:clkExp(lnkHdSec)" id="lnkHdSec">@@L_HideDetail_Text</a> )
       </td>
      </tr>
    </table> 
    <!-- End Table 2-->
         </td>
       </tr>
       <tr>
         <td>
           <!--Table 3-->
           <table cellpadding="0" cellspacing="0">
      <col>
      <col class="w100">
      <tr class="height">
       <td><input id="rdoPblc" type="radio" name="trusted" value="0" class="rdo" onclick="clkSec()" checked="checked" /></td>
       <td><label for="rdoPblc">@@L_ShowPublicUI_Text</label></td>
      </tr>
      <tr id="trPubExp" class="expl" style="display:none">
       <td></td>
       <td>@@L_PublicDescription_Text</td>
      </tr>
      <tr class="height">
       <td><input id="rdoPrvt" type="radio" name="trusted" value="4" class="rdo" onclick="clkSec()" /></td>
       <td><label for="rdoPrvt">@@L_ShowTrustedUI_Text</label></td>
      </tr>
      <tr id="trPrvtExp" class="expl" style="display:none">
       <td></td>
       <td>@@L_PremiumTrustDescription_Text</td>
      </tr>
      <tr id="trPrvtWrn" class="wrng" style="display:none">
       <td></td>
       <td>@@L_TrustWarning_Text</td>
      </tr>
  </table>
  <!-- End Table 3-->
         </td>
       </tr>
       <tr>
         <td>
           <hr /><!-- HR-->
         </td>
       </tr>
       <tr>
         <td>
  <!-- Table 5-->
  <table cellpadding=0 cellspacing=0>
      <col>
      <col class="w100">
   <tr style="display: @@CHPWDSTYLE">
    <td valign="top"><input id="chpwd" name="chpwd" type="checkbox" class="rdo" onclick="clkChpwd()" /></td>
    <td nowrap><label for="chpwd">@@L_RequestPwdChange_Text</label></td>
   </tr>
   <tr id="trChpwdExp" class="expl" style="display:none">
    <td></td>
    <td>@@L_RequestPwdChangeExpl_Text</td>
   </tr>
  </table>
  <!-- End Table 5-->
         </td>
       </tr>
       <tr style="display: @@CHPWDSTYLE">
         <td>
           <hr /><!-- HR-->
         </td>
       </tr>
       <tr>
         <td>
           <!-- Table 6-->
           <table cellspacing="0" cellpadding="0">
             <colgroup>
             <col class="nowrap">
             <col class="w100">
             <col>
             <tbody>
                 <tr>
                   <td class="nowrap"><label for="username">@@L_UserName_Text</label></td>
                   <td class="txtpad">
                       <input class="txt" id="username" name="username" type="text" />
                   </td>
                 </tr>
                 <tr>
                   <td class="nowrap"><label for="password">@@L_Password_Text</label></td>
                   <td class="txtpad">
                       <input class="txt" id="password" onfocus="g_fFcs=0" type="password" name="password" />
                   </td>
                 </tr>
                 <tr>
                   <td class="nowrap">&nbsp;</td>
                   <td class="txtpad" colspan="2">
                       <input class="btn" onmousedown="this.className='btnOnMseDwn'" id="SubmitCreds" onmouseover="this.className='btnOnMseOvr'" onclick="return ValidUserCheck()" onmouseout="this.className='btn'" type="submit" value="@@L_LoginButton_Text" name="SubmitCreds" />
                   </td>
                 </tr>
             </tbody>
            </table>
            <!-- End Table 6-->
         </td>
       </tr>
       <tr>
         <td>
           <hr /><!-- HR-->
         </td>
       </tr>
      </tbody>
     </table>
     <!-- End Mid Table-->
     <!-- Mid2 Table-->
 <table id="tblMid2" class="mid" style="display:none">
  <tr><td><hr /></td></tr>
  <tr>
   <td><br />@@L_CookiesDisabledWrn_Text<br /><br /><br /></td>
  </tr>
  <tr><td><hr></td></tr>
  <tr>
   <td class="txtpad">
    <input type="button" class="btn" style="float: right" value="@@L_RetryButton_Text" onclick="clkRtry()"
    onmouseover="this.className='btnOnMseOvr'" onmouseout="this.className='btn'" onmousedown="this.className='btnOnMseDwn'">
   </td>
  </tr>
 </table>
     <!-- End Mid2 Table-->
 <table class="mid tblConn">
  <tr>
   <td class="tdCopy">@@L_Copyright</td>
  </tr>
 </table>
</td>
<td id="mdRt">&nbsp;</td>
</tr>
<tr>
 <td colspan=3><img src="/CookieAuth.dll?GetPic?formdir=@@FORMDIR&image=lgnbottom.gif" alt=""></td>
</tr>
</tbody>
</table>
<!-- End Main Table-->
</form>
</body>
</html>

=====================================================


Regards,

Alsace

(in reply to Jason Jones)
Post #: 6

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Publishing] >> Web Publishing >> FBA - Possible to build in logic to these pages? Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts