HOW TO CREATE AN ASP AUTHENTICATION (LOG IN) PAGE

Visto 0 veces
Saltar al primer mensaje no leído

cecilia ruiz-smith

no leída,
16 nov 2000 3:00:0016/11/00
a
Hello,

I'm trying to find a way to create an ASP authetication page using the
ASP components for NOF 5.0. Can anyone steer me in the right
direction? Is there an example anywhere that utilizes the ASP component
to create a login page.

I've already tried scripting my own using many of the existing scripts
available on many of the ASP sites on the net but so many of their
instructions are so poor and very often difficult to implement.

If anyone out there has an idea please respond

Thanks so much.


Laurence Nixon

no leída,
17 nov 2000 0:08:4117/11/00
a
As far as I can tell this cant be done with the ASP componant in Fusion. If
you have control over the server and it is NT you can get ASPLOGN for free
allthough its limited in the amount of users accounts it will verify. I
know what you mean about the instructions on the asp sites, I eneded up
writing one from scratch for a client for just the same reason. If your so
inclined the best sample I found were at www.4guysfromrolla.com.

Good Luck
Laurence

cecilia ruiz-smith

no leída,
17 nov 2000 3:00:0017/11/00
a
Thank you so much.!

Christopher Bennetts

no leída,
19 feb 2001 6:31:5219/2/01
a
Hello Cecilia,

I wanted a method to password protect pages and looked around the net.

I found nothing that suited but found the principle simple and created my
own.

Its very simple but effective.

From an HTML page I use a form login which is submitted to a simple ASP
script.

In the script I have username/password pairs that need to be matched.

If matched the ASP script directs to the required page otherwise to a
suitable error page.

When the username/password pair was matched a session variable was set.

Each secure page from that point on checks this session variable using
simple ASP code

For this reason all the secure pages must have the ASP extention.

Very simple and works well. I can send you sample files if required

"cecilia ruiz-smith" <crui...@uci.edu> wrote in message
news:3A146ACF...@uci.edu...

Jesús Guzmán / Iris Ló

no leída,
19 feb 2001 8:56:4419/2/01
a
please post them, im tryin to do the same.

Blake Kadatz

no leída,
19 feb 2001 17:06:1819/2/01
a
If you're looking to integrate security directly in NOF and want the
ability to use a database of usernames/passwords to protect your site,
you may be interested in the following component:

http://www.bitmotion.com/products/advanced_site_protector.asp

It integrates fully into Fusion (no coding required) and allows you to
control access by username and/or group from a database. Try it out:

http://www.bitmotion.com/examples/advanced_site_protector


Blake Kadatz
BitMotion Software Inc.
------------------------------------------
BitMotion: http://www.bitmotion.com
Fusion FAQ: http://fusionfaq.bitmotion.com


Christopher Bennetts

no leída,
1 mar 2001 6:18:391/3/01
a
I have just responded to a post from Cecilia made some time ago and thought
I would share this with the list in case it can help someone else.

RE: HOW TO CREATE AN ASP AUTHENTICATION (LOG IN) PAGE

Hello Cecilia,

This is a very simple bit of coding so no need to give me credit (I copied
from different sources myself).

This is a step-by-step:

First thing is to create your site in the normal way including a page that
will be used for login to the secure area.

You will not even have to rename the pages to the ASP extension unless you
are doing it for other ASP code requirements. The exception to this is the
actual secure page(s) which need to run ASP in order to authenticate uses.

Create a page for the login process. Define a form area on the page using
the normal NOF "layout region" and ticking the "Form" box. Click the
"settings" box next to this and give the form a name ( I called it simply
login ).

In the Action field enter the location of the login script ( one of the
sample files I am sending to you ) which will be normally located in your
cgi-bin directory bud does not have to be. On my site I used
"../cgi-bin/login.asp". If the script can not be found you will have to
play around with this location string. The default post method is fine to
leave.

login.asp
----------------------------------------------------------------------------
-
<%
'**************************************************************************
' This type of script becomes more useful and managable when you are
' comparing these values to those stored in a database or some other source
' of user information instead of hard coding them into the actual code.
' Just be sure that if a data source error arises you don't inadvertantly
' end up giving access to the pages you are trying to protect!
'**************************************************************************

If Request.Form("login") = "mylogin" AND Request.Form("password") =
"mypassword" Then
Session("ACCOUNTACCESS") = "mylogin"
Response.Redirect "/Accounts/protected_page.asp"
Else
' Response.Write "Access Denied!"
Response.Redirect "/html/accounts.htm"
'*****************************************************************
' Note: we don't use the next line so that our description below
' the script comes in. If you wanted to just stop everything here
' you would un-comment the next line and it would stop execution.
'*****************************************************************
'Response.End
End If
%>
---------------------------------------------------------------------------

Create two entry fields in the form using the standard NOF "Forms Edit
Field". Place descriptions next to them such as "Please enter you Password"
etc. Edit the properties of each of the two Form Edit Fields giving each a
name. I used "login" and "password". The names will be used in the
"login.asp" script and must be the same so whatever you call them here you
must edit the login.asp and make them the same.

You may want to tick the "Password Field" tick box on the Forms Edit Field
used to enter the password. This will hide it from view when someone is
entering the page.

The last thing to add is a submit button. Add a standard NOF Forms button
and edit the properties as follows.

Name - I did not even change the NOF default so not important
Text - Whatever you like. Could as simple as "Enter" or "Enter Restricted
Area" etc
you could also make your own graphic and use that
Type - Submit

In my case I created a separate NOF site with one page for the restricted
page and added the checking code to it. You could just as easily include it
in your site and simply change the extension for this particular page to ASP
using the "Custom Names" "File Extension" option. Just type in "asp" It
will not appear in the pull down list. You will then need to edit the
published file in a standard text editor such as Notepad and add the ASP
checking routine to the very start of the file and any others you would like
secure.

Code to be place at top of each secured page:
-----------------------------------------------------------------------
<%@ LANGUAGE="VBSCRIPT"%>
<% If Session("ACCOUNTACCESS") <> "mylogin" then
Response.Redirect "/html/accounts.htm"
' Response.Write "Access really Denied!"
' Response.End
else
Response.Write "Password Accepted"
End if
%>
-------------------------------------------------------------------------

This re-checks that the user is authorised for each page. A lot of so
called password protection schemes rely on the person not knowing the name
of the secure page. With this method it can not be accessed by simply
knowing the URL address.

My example login.asp script has only one user and password setup but you can
add more uses with their own passwords. You can also convert it to use a
database in the future.

As you will have noted by now this does not use the "ASP components" I have
just started using them but find them very limited for database access. I
will use them for simple things but any time you want to do anything else
you will need to resort to a bit of coding. You should be able to combine
this security method with ASP component database access. With a bit of
thinking you could have the usernames and passwords in a table and check for
a match (all using ASP components) and then simply use the set session
variable and check routine I have sent you.

Good luck.

Christopher Bennetts


-----Original Message-----
From: Ruiz-Smith, Cecilia [mailto:crui...@uci.edu]
Sent: Thursday, 1 March 2001 04:32
To: 'Christopher Bennetts'
Subject: RE: HOW TO CREATE AN ASP AUTHENTICATION (LOG IN) PAGE


Hi Christopher.....it's very kind of you to respond to my email. And yes,
sample files of the asp scripts would be great if you're willing and it's
not to inconvenient. I'll give you credit too!

Thanks again
Cecilia

Responder a todos
Responder al autor
Reenviar
0 mensajes nuevos