|
| |
|
|
mende006
Posts: 117
Joined: 12/5/2001
From: Bellmawr NJ USA
Status: offline
 |
Password Protection - 12/5/2001 7:51:28
I have a frontpage 2000/2002 site running on as IIS server(5) and I'm looking for a way to password protect separate pages and entire directories without have to create actual NT accounts on the server (the way that I have it set-up now). Is there another product out there similiar to http://www.iisprotect.com/
I have been given the green light as far as purchasing iisprotect but the problem is that there is no actual media and my company would rather be billed than have to do a credit card transaction over the net. Any suggestions?
|
|
|
|
KCIWebMaster
Posts: 524
From: Fredericksburg VA USA
Status: offline
|
RE: Password Protection - 12/5/2001 10:25:45
Would it help to put these separate pages and directories into subwebs? You can set different permissions for subwebs.
Marissa
| |
|
|
|
mende006
Posts: 117
Joined: 12/5/2001
From: Bellmawr NJ USA
Status: offline
|
RE: Password Protection - 12/5/2001 10:30:15
Doesn't this still require an actual account on the machine in order to authenticate the user? I'm concerned about the possible security issues that may arise from this.
| |
|
|
|
Talismanic
Posts: 59
From: Three Rivers, MI
Status: offline
|
RE: Password Protection - 12/5/2001 10:48:58
Sorry if I am missing something here but this is how I password protect pages inside my site:
I have a file called myadmin.inc which includes this code:
<%
Response.Buffer = true
Session.Timeout = 03
if session("loggedin") = false then
session("calling_page") = Request.ServerVariables ("URL")
Response.Clear
Response.Redirect ("logon.asp")
end if
%>
Then put this at the top of each page that you want to protect:
<!-- #include file = "myadmin.inc" -->
If a logon (session) hasn't occured you will redirected to the logon.asp page to enter a user name and password. The session.timeout is how long the session will remain open until you are required to enter the password again.
By the way the user name and passwords are stored in an Access database. If you need the script to check the database let me know and I will post that here also.
Edited by - Talismanic on 12/05/2001 10:59:26
| |
|
|
|
mende006
Posts: 117
Joined: 12/5/2001
From: Bellmawr NJ USA
Status: offline
|
RE: Password Protection - 12/5/2001 11:19:16
Thanks Talismanic,
If this is something that will work on IIS then by all means send me the script.
Kevin
| |
|
|
|
Talismanic
Posts: 59
From: Three Rivers, MI
Status: offline
|
RE: Password Protection - 12/5/2001 11:56:14
Yes it works on any windows server that supports ASP (most do). You have the first part in my post above. Here is the only other thing that you would need.
<html>
<head>
<title></title>
</head>
<body>
<form action="NameOfThisPage.asp" method="post">
<div align="center">
<table border="0" width="350">
<tr>
<td width="79"><font face="Verdana" size="2">User Name</font>: </td>
<td width="257"><input type="text" name="uname" size="25" maxlength="25" /></td>
</tr>
<tr>
<td width="79"><font size="2" face="Verdana">Password</font>: </td>
<td width="257"><input type="password" name="pword" size="25" maxlength="25" /></td>
</tr>
<tr>
<td colspan="2" width="342"><p align="center"><input type="submit" value="Submit" /></p></td>
</tr>
</table>
</div>
</form>
<%
Dim objRs, bolFound, objConn, strUsername
Set objconn = Server.CreateObject("ADODB.Connection")
objconn.ConnectionString = "DRIVER=Microsoft Access Driver (*.mdb);DBQ=" & _
Server.MapPath("/fpdb/DatabaseName.mdb") ' Set name here
objconn.Open
strUserName = Request.Form("uname")
strPassWord = Request.Form("pword")
If ((Request.Form("uname") = "") Or (Request.Form("pword") = "")) Then
objConn.Close
Set objConn = Nothing
Else
Set objRs = Server.CreateObject("ADODB.Recordset")
objRs.Open "tbladmin", objConn, , adLockOptimistic, adCmdTable
bolFound = False
Do Until objRs.EOF Or bolFound
If (strComp(objRs("uname"), strUserName, vbTextCompare) = 0) _
And (strComp(objRs("pword"), strPassWord, vbTextCompare) = 0) Then
bolFound = True
Else
objRs.MoveNext
End If
Loop
If Not bolFound Then
objRs.Close
Set objRs = Nothing
ObjConn.Close
Set objConn = Nothing
Response.End
End If
session("loggedin") = true
Response.Redirect ("protected page")
objRs.Close
Set objRs = Nothing
objConn.Close
Set objConn = Nothing
End If
%>
</body>
</html>
You need to rename the NameOfThisPage.asp to the name of your log in page. Also rename the database and the table name to match yours. The script that I posted here has been improved upon but I dont have the updated code with me. But this should get you started and I can post the newer code later on my website if you would like to see it or view a demo of how it all works.
Edited by - Talismanic on 12/05/2001 11:57:44
| |
|
|
|
mende006
Posts: 117
Joined: 12/5/2001
From: Bellmawr NJ USA
Status: offline
|
RE: Password Protection - 12/5/2001 12:18:38
Thanks alot Talismanic, I would definetely be interested in viewing the updated code.
Kevin
| |
|
|
|
Talismanic
Posts: 59
From: Three Rivers, MI
Status: offline
|
RE: Password Protection - 12/5/2001 14:42:11
I don't have a commented version mostly becuase I am part of the uninitiated in ADO. I do a lot of cut/copy and paste along with some trial and error to get things working. Once I have them working I go back and start cleaning them out including any comments that I may of added.
If you have a little time I could give you the more updated code with comments in a zip file. Or if you prefer I can post the scripts to my website where you can just copy/paste them to yours.
The Ultimate List for PC Support.
| |
|
|
|
JessCoburn
Posts: 83
From: Boca Raton, FL US
Status: offline
|
RE: Password Protection - 12/5/2001 22:08:26
Only downside to asp based tools is it doesn't password protect .htm files (you have convert to asp), they don't password protect images or other files (zips, exes, downloadables, etc). In my opinion IISProtect is probably the best tool out there (Spooky's does kick a&& though) for the price. authentix has been around a while but seems pricey. You may want to grab a demo of iisprotect and test out before you purchase.
Jess
Applied Innovations
http://www.appliedi.net/
FrontPage Web Hosting
| |
|
|
|
mende006
Posts: 117
Joined: 12/5/2001
From: Bellmawr NJ USA
Status: offline
|
RE: Password Protection - 12/6/2001 6:49:50
I did download the trial but the included database was already populated and I couldn't seem to figure out where to start. I'd reather start out with a clean database and an intuitive interface. I like spooky login but I need to password protect all sorts of files not just .asp ones
Kevin
| |
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts
|
|
|
Printable Version 
