Solved

Presenting an access control window to the user

Posted on 1999-01-11
8
190 Views
Last Modified: 2010-04-09
 if you enter www.creative-club.com/ then the first thing
  you will see is an access control window.

  It looks like the window presented are caused by some
  network validation things....
  Whatever the reason is for the window to be presented
  on creative-club.com  ....I just want a similar way of
  presenting and checking users for valid ID's...but
  whithout changing any contents in the current viewed
  pages (where ever the user might be in my site),,,and
  also be able to use it before anyone can see my welcome
  pages as well.

  -How can I create a window like this?
  -How do I present it to the user?
  -And how do I still keep window open for more tries
    if the user enters wrong userid and/or password?
 
  Examplecode please.  

  I'm using FrontPage98, ASP, Windows95 and PersonalServer
  and are familar with VBScript and some JavaScript.
0
Comment
Question by:erot
  • 4
  • 3
8 Comments
 
LVL 6

Expert Comment

by:PBall
Comment Utility
You used to be able to do this with the older PWS, but not anymore.  Now, this is only available on fullblown IIS 4.0.

To present the access control window, simply remove unanymous user access from the web and enable basic authentication.  This will force the web server to authenticate the user (this will work on both FAT and NTFS partitions) but you need NT 4.0 Server for this.

For page level security, you will need NTFS partition on the drive where the web site is located.  You will have to go into the web site directory structure itself and change file security to only allow certain groups/user.  If you take out / set No Access to the IUSR_machinename user, the page will force the web server to authenticate the user.

The explanation that I gave above will only work on NT Server and IIS.  For other server such as Apache, Netscape, etc.  different method of authentication must be used.

0
 

Author Comment

by:erot
Comment Utility
My main question is: Is it possible to present an access-window
  similar to the window mentioned in my original Q.

  Please read my question again.
 
0
 
LVL 6

Expert Comment

by:PBall
Comment Utility
OK, you want so when people type in... www.me.com, a login password will pop-up, even before rendering the first page.  correct?

1. If you take out unanonymous access for that particular web, the window will pop-up.

2. If using NTFS, you could do the same thing by taking / not giving any acess from IUSR_machine name for that entire web directory structure and its subdirectories.

3. The second answer will only work for IIS

4. For other servers, you need to figure out how they are doing their security and follow those steps.  Different server different method.


>....I just want a similar way of presenting and checking users for valid ID's...but whithout changing any contents in the current viewed pages

What exactly do you mean by that?  You either protect the page or not at all.  When a user arrived at the protected page, they'll be asked to authenticate themselves to the server.  You will not see any content of that protected page before you authenticate yourself.

>and also be able to use it before anyone can see my welcome pages as well.
See answer above?

What am I missing here?


0
 

Accepted Solution

by:
thespis earned 70 total points
Comment Utility
Okay, the previous comments are just way too intense... What if he is not using NT?  Ya know?  Here are a couple of  possibilities...  one for just a window in JavaScript and one for UNIX authentication.  Hopefully one of them will be useful to you.  If you need further info, I will be happy to help.


Method One - New Small Window Only

As for opening a new window, JavaScript will provide you with that.  Simple enough:

     <SCRIPT LANGUAGE="javascript">
     <!--
     window.open ('page.html', 'newwindow', config='height=100,
     width=400, toolbar=no, menubar=no, scrollbars=no,
     resizable=no, location=no, directories=no, status=no')
     -->
     </SCRIPT>  

Obviously, you can customize these settings, but page.html will contain the contents of this window.  You set the height width.  The No tool, No menu, No scroll, No resize, No Location, No Directories & No Status cause it to be just a plain window.  Note: If your page doesn't fit in a window with no scroll, the browser will not care.



METHOD TWO:   UNIX Authentication

This is for use if you have FTP access to a UNIX based server.
This is true username/password authentication used on all the big sites.

1.  Create a text file called ".htaccess"  (Yes, the period is part of the name).  This file should contain:

AuthUserFile /usr/local/etc/htpasswd
AuthGroupFile /dev/null
AuthName Enter Password to Reach My Page
AuthType Basic
<Limit GET PUT POST>
require user pumpkin
</Limit>

In this example, the valid login name is "pumpkin".
After creating this file, you upload it to the directory you wish to secure.  Contact a web administrator and ask where the htpasswd file is located (make sure your string above matches).  Add a line to it:

pumpkin:password   (replace password)
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 

Author Comment

by:erot
Comment Utility
have to go on vacation...untill 20. january.
Will come back laiter on with evaluation of the answers....
0
 
LVL 6

Expert Comment

by:PBall
Comment Utility
> Okay, the previous comments are just way too intense...

How so? They are valid authentications solution on an NT server and IIS.  Beside, taking anonymous access can also work on some other different server such as Netscape (I did administer a Netscape Communication Server at one point)

>What if he is not using NT?  Ya know?

Go read my first post.. I believe I stated that different web server uses different authentication method, did I not?

If you miss it, here it is again:

"The explanation that I gave above will only work on NT Server and IIS.  For other server such as Apache, Netscape, etc.  different method of authentication must be used."

>Method One - New Small Window Only

Heh, you gotta admit this one is so weak.  opening a window by itself will not authenticate user, where is the script to do the authentication? how about the i don't want to show my first page content until the user get authenticated part?  how about i want to give the user x times chances until an access denied box is shown?

>METHOD TWO:   UNIX Authentication
I give you this one.

What if he is not using UNIX?  What if he is using xitami (or _insert other web server name here) web server?


Just reciprocating...
P-Ball X-) hehe



0
 
LVL 6

Expert Comment

by:PBall
Comment Utility
I am sorry erot for using your question as a battleground, but he started it, i didn't hehe.
0
 

Author Comment

by:erot
Comment Utility
At least back from vacation....Thanks for the answer...
You understood my question?  Great.
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

This article describes how to create custom column layout styles for Bootstrap. The article uses 5 columns to illustrate the concept, but the principle can be extended to any number of columns.
This article demonstrates how to create a simple responsive confirmation dialog with Ok and Cancel buttons using HTML, CSS, jQuery and Promises
The viewer will receive an overview of the basics of CSS showing inline styles. In the head tags set up your style tags: (CODE) Reference the nav tag and set your properties.: (CODE) Set the reference for the UL element and styles for it to ensu…
The viewer will learn the basics of jQuery, including how to invoke it on a web page. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery.: (CODE)

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now