erot
asked on
Presenting an access control window to the user
if you enter www.creative-club.com/ then the first thing
you will see is an access control window.
It looks like the window presented are caused by some
network validation things....
Whatever the reason is for the window to be presented
on creative-club.com ....I just want a similar way of
presenting and checking users for valid ID's...but
whithout changing any contents in the current viewed
pages (where ever the user might be in my site),,,and
also be able to use it before anyone can see my welcome
pages as well.
-How can I create a window like this?
-How do I present it to the user?
-And how do I still keep window open for more tries
if the user enters wrong userid and/or password?
Examplecode please.
I'm using FrontPage98, ASP, Windows95 and PersonalServer
and are familar with VBScript and some JavaScript.
you will see is an access control window.
It looks like the window presented are caused by some
network validation things....
Whatever the reason is for the window to be presented
on creative-club.com ....I just want a similar way of
presenting and checking users for valid ID's...but
whithout changing any contents in the current viewed
pages (where ever the user might be in my site),,,and
also be able to use it before anyone can see my welcome
pages as well.
-How can I create a window like this?
-How do I present it to the user?
-And how do I still keep window open for more tries
if the user enters wrong userid and/or password?
Examplecode please.
I'm using FrontPage98, ASP, Windows95 and PersonalServer
and are familar with VBScript and some JavaScript.
ASKER
My main question is: Is it possible to present an access-window
similar to the window mentioned in my original Q.
Please read my question again.
similar to the window mentioned in my original Q.
Please read my question again.
OK, you want so when people type in... www.me.com, a login password will pop-up, even before rendering the first page. correct?
1. If you take out unanonymous access for that particular web, the window will pop-up.
2. If using NTFS, you could do the same thing by taking / not giving any acess from IUSR_machine name for that entire web directory structure and its subdirectories.
3. The second answer will only work for IIS
4. For other servers, you need to figure out how they are doing their security and follow those steps. Different server different method.
>....I just want a similar way of presenting and checking users for valid ID's...but whithout changing any contents in the current viewed pages
What exactly do you mean by that? You either protect the page or not at all. When a user arrived at the protected page, they'll be asked to authenticate themselves to the server. You will not see any content of that protected page before you authenticate yourself.
>and also be able to use it before anyone can see my welcome pages as well.
See answer above?
What am I missing here?
1. If you take out unanonymous access for that particular web, the window will pop-up.
2. If using NTFS, you could do the same thing by taking / not giving any acess from IUSR_machine name for that entire web directory structure and its subdirectories.
3. The second answer will only work for IIS
4. For other servers, you need to figure out how they are doing their security and follow those steps. Different server different method.
>....I just want a similar way of presenting and checking users for valid ID's...but whithout changing any contents in the current viewed pages
What exactly do you mean by that? You either protect the page or not at all. When a user arrived at the protected page, they'll be asked to authenticate themselves to the server. You will not see any content of that protected page before you authenticate yourself.
>and also be able to use it before anyone can see my welcome pages as well.
See answer above?
What am I missing here?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
have to go on vacation...untill 20. january.
Will come back laiter on with evaluation of the answers....
Will come back laiter on with evaluation of the answers....
> Okay, the previous comments are just way too intense...
How so? They are valid authentications solution on an NT server and IIS. Beside, taking anonymous access can also work on some other different server such as Netscape (I did administer a Netscape Communication Server at one point)
>What if he is not using NT? Ya know?
Go read my first post.. I believe I stated that different web server uses different authentication method, did I not?
If you miss it, here it is again:
"The explanation that I gave above will only work on NT Server and IIS. For other server such as Apache, Netscape, etc. different method of authentication must be used."
>Method One - New Small Window Only
Heh, you gotta admit this one is so weak. opening a window by itself will not authenticate user, where is the script to do the authentication? how about the i don't want to show my first page content until the user get authenticated part? how about i want to give the user x times chances until an access denied box is shown?
>METHOD TWO: UNIX Authentication
I give you this one.
What if he is not using UNIX? What if he is using xitami (or _insert other web server name here) web server?
Just reciprocating...
P-Ball X-) hehe
How so? They are valid authentications solution on an NT server and IIS. Beside, taking anonymous access can also work on some other different server such as Netscape (I did administer a Netscape Communication Server at one point)
>What if he is not using NT? Ya know?
Go read my first post.. I believe I stated that different web server uses different authentication method, did I not?
If you miss it, here it is again:
"The explanation that I gave above will only work on NT Server and IIS. For other server such as Apache, Netscape, etc. different method of authentication must be used."
>Method One - New Small Window Only
Heh, you gotta admit this one is so weak. opening a window by itself will not authenticate user, where is the script to do the authentication? how about the i don't want to show my first page content until the user get authenticated part? how about i want to give the user x times chances until an access denied box is shown?
>METHOD TWO: UNIX Authentication
I give you this one.
What if he is not using UNIX? What if he is using xitami (or _insert other web server name here) web server?
Just reciprocating...
P-Ball X-) hehe
I am sorry erot for using your question as a battleground, but he started it, i didn't hehe.
ASKER
At least back from vacation....Thanks for the answer...
You understood my question? Great.
You understood my question? Great.
To present the access control window, simply remove unanymous user access from the web and enable basic authentication. This will force the web server to authenticate the user (this will work on both FAT and NTFS partitions) but you need NT 4.0 Server for this.
For page level security, you will need NTFS partition on the drive where the web site is located. You will have to go into the web site directory structure itself and change file security to only allow certain groups/user. If you take out / set No Access to the IUSR_machinename user, the page will force the web server to authenticate the user.
The explanation that I gave above will only work on NT Server and IIS. For other server such as Apache, Netscape, etc. different method of authentication must be used.