Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Securing a website

Status
Not open for further replies.
emozley

emozley

Technical User
Jan 14, 2003
769
GB
Hi,

Does anyone have a good example of how to secure a website with classic asp?

At the moment I have 3 pages:

loginform.asp, login.asp and welcome.asp

loginform.asp is a basic html form with username and password boxes.

login.asp loops through my username and password table and if it finds a row where the username and password are the same as the form submitted then I Response.Redirect("welcome.asp")

The problem at the moment is there is nothing to stop someone typing in and viewing the page thereby circumventing the login process.

I've got a feeling it's something to do with session variables but don't really know where to start looking.

Thanks very much

Ed
 
Sort by date Sort by votes
Assign a session variable after you validate the username/password pair but BEFORE you do the redirect.

Code: 
Session("UID") = [i]<username>[/i]
Response.Redirect "welcome.asp"


Then, on your welcome page, add something like:
Code: 
... code to validate username/password goes here ...

If Session("UID") = "" Then
  Response.Redirect "loginform.asp"
End If

You can put that little bit of code on top of every ASP in your application and then anyone who is not logged in will be kicked out.
 
Upvote 0 Downvote
whoops I did that backwards

Code: 
[red]
This is the login page
... code to validate username/password goes here ...[/red]

Session("UID") = <username>
Response.Redirect "welcome.asp"

Code: 
[red] ... this is the top of the welcome page ...[/red]
If Session("UID") = "" Then
  Response.Redirect "loginform.asp"
End If
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

penguinspeaks
  • Locked
  • Question
Parse a database field that is comma delimited and input the results into another table
Replies
0
Views
184
penguinspeaks
penguinspeaks
leifoet
  • Locked
  • Question
Wrong code in a href ?
Replies
1
Views
190
leifoet
leifoet
leifoet
  • Locked
  • Question
How to check if a datatable is empty ?
Replies
0
Views
200
leifoet
leifoet
penguinspeaks
  • Locked
  • Question
Start loop from a specified point
Replies
0
Views
161
penguinspeaks
penguinspeaks
DiDYRO_
  • Locked
  • Question
How do I make a VBS file that can collect dialog-type answers in a local .log file?
Replies
0
Views
170
DiDYRO_
DiDYRO_

Part and Inventory Search

Sponsor

Back
Top