Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

ASP security

Status
Not open for further replies.
markdt

markdt

Technical User
Feb 15, 2006
63
GB
Hi all,

I have a problem/question regarding securing an asp system.
Basically a user logs in and enters a customer concern which gets inserted into the database and the link to this concern is sent to the quality manager via email.
The quality manager then clicks the link and appears the concern. What i want to do is force the manager to login before it shows them the concern.
I already have a login page which verifies against a database.

the code i have been using on other pages to check if they have logged in:

If Session("userLevel") < 1 then
Response.Redirect("../register.asp")
Else
If Session("userLevel") ="" then
Response.Redirect("../register.asp")
end if
end if

If the manager just clicks a link obviousley he wont have a userlevel and therefore wont be able to view the page. Hopefully someone can understand what i want.

Anyone got any ideas?

Mark
 
Sort by date Sort by votes
If you have this in an include file (which I would recommend for various reasons), just add the include to the top of the page the manager uses.

Did you have a specific problem with the code you showed?

Lee
 
Upvote 0 Downvote
Thats the problem, the manager doesnt use a page he just clicks a link on the email. Which then shows him the concern.

Example

Say if you want to bid on an item on ebay. You select bid and it takes you to the login page. Then redirects you back to the item you were looking at.

Thats what i want to achieve.

Manager clicks link ---> Login --->Shows concern

Hope this makes it clearer
 
Upvote 0 Downvote
After you include the file that markdt said then when your manager clicks the link he will not have a valid session so he should get kicked out to your register page.
 
Upvote 0 Downvote

1. add that security check into an include file - include it in all pages that you want to secure.

2. instead of redirecting to your register page, redirect to the login page

3. add the url of the current page (including querystring etc) as a parameter to the login page e.g.:

response.redirect("/login.asp?redir=" & server.urlencode(sCurrentURL))

where sCurrentURL is the current page's url and query string. Note that it needs to be encoded.

4. In your login page, add a link to your register page so a user can register if they haven't got an account

5. read the query string and once logged in succesfully use the querystring parameter 'redir' to do another response.redirect to that page.. (remember that you need to pass the same parameter to the page you post to from your login form to do the authentication)... thus the user ends up back where they started, but has now got an authenticated and authorised session..



A smile is worth a thousand kind words. So smile, it's easy! :)
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

penguinspeaks
  • Locked
  • Question
write HTML code within ASP line
Replies
1
Views
286
xwb
xwb
leifoet
  • Locked
  • Question
How to send HTML emails with ASP classic?
Replies
0
Views
265
leifoet
leifoet
penguinspeaks
  • Locked
  • Question
Return to current location on page after asp processes.
Replies
2
Views
218
penguinspeaks
penguinspeaks
how2trainyourdragon
  • Locked
  • Question
Request.Server variables blank for classic ASP
Replies
12
Views
530
GriffMG
GriffMG
Swi
  • Locked
  • Question
JQUERY AJAX POST and how to receive data via Classic ASP
Replies
0
Views
297
Swi
Swi

Part and Inventory Search

Sponsor

Back
Top