Password Protection

Password Protection (Full Version)

All Forums >> [Web Development] >> Server Issues

Message

mende006 -> Password Protection (12/5/2001 7:51:28)
I have a frontpage 2000/2002 site running on as IIS server(5) and I'm looking for a way to password protect separate pages and entire directories without have to create actual NT accounts on the server (the way that I have it set-up now). Is there another product out there similiar to http://www.iisprotect.com/ I have been given the green light as far as purchasing iisprotect but the problem is that there is no actual media and my company would rather be billed than have to do a credit card transaction over the net. Any suggestions?

KCIWebMaster -> RE: Password Protection (12/5/2001 10:25:45)
Would it help to put these separate pages and directories into subwebs? You can set different permissions for subwebs. Marissa

mende006 -> RE: Password Protection (12/5/2001 10:30:15)
Doesn't this still require an actual account on the machine in order to authenticate the user? I'm concerned about the possible security issues that may arise from this.

Talismanic -> RE: Password Protection (12/5/2001 10:48:58)
Sorry if I am missing something here but this is how I password protect pages inside my site: I have a file called myadmin.inc which includes this code: <% Response.Buffer = true Session.Timeout = 03 if session("loggedin") = false then session("calling_page") = Request.ServerVariables ("URL") Response.Clear Response.Redirect ("logon.asp") end if %> Then put this at the top of each page that you want to protect: <!-- #include file = "myadmin.inc" --> If a logon (session) hasn't occured you will redirected to the logon.asp page to enter a user name and password. The session.timeout is how long the session will remain open until you are required to enter the password again. By the way the user name and passwords are stored in an Access database. If you need the script to check the database let me know and I will post that here also. Edited by - Talismanic on 12/05/2001 10:59:26

mende006 -> RE: Password Protection (12/5/2001 11:19:16)
Thanks Talismanic, If this is something that will work on IIS then by all means send me the script. Kevin

Rian -> RE: Password Protection (12/5/2001 11:36:23)
For IIS also take a look at the Spooky Login here... http://www.frontpagecommerce.com/shop/shopdisplayproducts.asp?id=7&cat=Cool+Tools Rian "Designing The Future" SR Web Creators www.srwebcreators.com "What boots up must come down..."

Talismanic -> RE: Password Protection (12/5/2001 11:56:14)
Yes it works on any windows server that supports ASP (most do). You have the first part in my post above. Here is the only other thing that you would need. <html> <head> <title></title> </head> <body> <form action="NameOfThisPage.asp" method="post"> <div align="center"> <table border="0" width="350"> <tr> <td width="79"><font face="Verdana" size="2">User Name</font>: </td> <td width="257"><input type="text" name="uname" size="25" maxlength="25" /></td> </tr> <tr> <td width="79"><font size="2" face="Verdana">Password</font>: </td> <td width="257"><input type="password" name="pword" size="25" maxlength="25" /></td> </tr> <tr> <td colspan="2" width="342"><p align="center"><input type="submit" value="Submit" /></p></td> </tr> </table> </div> </form> <% Dim objRs, bolFound, objConn, strUsername Set objconn = Server.CreateObject("ADODB.Connection") objconn.ConnectionString = "DRIVER=Microsoft Access Driver (*.mdb);DBQ=" & _ Server.MapPath("/fpdb/DatabaseName.mdb") ' Set name here objconn.Open strUserName = Request.Form("uname") strPassWord = Request.Form("pword") If ((Request.Form("uname") = "") Or (Request.Form("pword") = "")) Then objConn.Close Set objConn = Nothing Else Set objRs = Server.CreateObject("ADODB.Recordset") objRs.Open "tbladmin", objConn, , adLockOptimistic, adCmdTable bolFound = False Do Until objRs.EOF Or bolFound If (strComp(objRs("uname"), strUserName, vbTextCompare) = 0) _ And (strComp(objRs("pword"), strPassWord, vbTextCompare) = 0) Then bolFound = True Else objRs.MoveNext End If Loop If Not bolFound Then objRs.Close Set objRs = Nothing ObjConn.Close Set objConn = Nothing Response.End End If session("loggedin") = true Response.Redirect ("protected page") objRs.Close Set objRs = Nothing objConn.Close Set objConn = Nothing End If %> </body> </html> You need to rename the NameOfThisPage.asp to the name of your log in page. Also rename the database and the table name to match yours. The script that I posted here has been improved upon but I dont have the updated code with me. But this should get you started and I can post the newer code later on my website if you would like to see it or view a demo of how it all works. Edited by - Talismanic on 12/05/2001 11:57:44

mende006 -> RE: Password Protection (12/5/2001 12:18:38)
Thanks alot Talismanic, I would definetely be interested in viewing the updated code. Kevin

caywind -> RE: Password Protection (12/5/2001 12:56:47)
Wow, looks good, do you have any commented code to help us figure out how it works...especially for the uninitiated in ADO. I saw some code that did a check to see if the user was already logged in first then sent them to login screen. That seemed like a neat feature... Boy, all this to change numbers into names hey, need a break? http://webpages.charter.net/cwind/SSGallery/

Talismanic -> RE: Password Protection (12/5/2001 14:42:11)
I don't have a commented version mostly becuase I am part of the uninitiated in ADO. I do a lot of cut/copy and paste along with some trial and error to get things working. Once I have them working I go back and start cleaning them out including any comments that I may of added. If you have a little time I could give you the more updated code with comments in a zip file. Or if you prefer I can post the scripts to my website where you can just copy/paste them to yours. The Ultimate List for PC Support.

JessCoburn -> RE: Password Protection (12/5/2001 22:08:26)
Only downside to asp based tools is it doesn't password protect .htm files (you have convert to asp), they don't password protect images or other files (zips, exes, downloadables, etc). In my opinion IISProtect is probably the best tool out there (Spooky's does kick a&& though) for the price. authentix has been around a while but seems pricey. You may want to grab a demo of iisprotect and test out before you purchase. Jess Applied Innovations http://www.appliedi.net/ FrontPage Web Hosting

mende006 -> RE: Password Protection (12/6/2001 6:49:50)
I did download the trial but the included database was already populated and I couldn't seem to figure out where to start. I'd reather start out with a clean database and an intuitive interface. I like spooky login but I need to password protect all sorts of files not just .asp ones Kevin

Page: [1]

Forum Software © ASPPlayground.NET Advanced Edition 2.4.5 ANSI

0.078125