Does anyone know a way where i can use the NT domain username for a network as a username for accessing a web site on the same network. I have a script that works fine in most cases, however it does not like usernames with ' in the username, ie: jim_o'reilly.

Below is the code that i am using, if anyone has any suggestions i would much appreciate your help.

The database has a table with: Username, Password, Access level.
What i want is for the NT login name to verify itself against whats in the database and assign it an access level for the web page.

As mentioned before, the script below works fine for normal name layouts, it only has a problem where there is an ' in the name.

<%@LANGUAGE="VBSCRIPT" CODEPAGE="1252"%>
<!--#include file="Connections/GTS_CR.asp" -->
<%
NetLoginName = Request.ServerVariables("REMOTE_USER"
If NetLoginName <> "" then
Username = Right(NetLoginName , Len(NetLoginName ) - InStr(1, NetLoginName , "\")
else
Username = ("Dummy"
end if
%>

<%
Dim Account
Dim Account_numRows

Set Account = Server.CreateObject("ADODB.Recordset"
Account.ActiveConnection = MM_GTS_CR_STRING
Account.Source = "SELECT * FROM Users WHERE (((Users.Username) = '" + Username + "'));"
Account.CursorType = 0
Account.CursorLocation = 2
Account.LockType = 1
Account.Open()

Account_numRows = 0
%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>
<p>Username:
<%= Username %>
</p>
<p>Access Level: <%=(Account.Fields.Item("Access Level".Value)%>
</p>
</body>
</html>
<%
Account.Close()
Set Account = Nothing
%>

Hey there,

This is a common problem...

u need to add an additional single quote before (or after) the single quote... I modified your code...

A single quote confuses SQL server.

If NetLoginName <> "" then
Username = Right(NetLoginName , Len(NetLoginName ) - InStr(1, NetLoginName , "\")

' ADDED
testUsername = InStr(Username, "'" ' COMMENT: look for single quote
if testUsername <> 0 then
Username = replace(Username, "'", "''" ' add additional single quote
end if
' END

else
Username = ("Dummy"
end if

The "InStr" test for ' is unnecessary, well maybe slightly overkill!

If you simply use:
Username = replace(Username, "'", "''" ' add additional single quote
you'll be all set!

Later
Tommy

Tommy Gibson

Hi Tommy,

That's worked a treat!!! Thanks. Though it now shows the name with '' (jim_o''reilly), but i will use the name that i have entered in the database as the name displayed.

Thanks again for your help

Steve