Presenting an access control window to the user

 if you enter www.creative-club.com/ then the first thing
  you will see is an access control window.

  It looks like the window presented are caused by some
  network validation things....
  Whatever the reason is for the window to be presented
  on creative-club.com  ....I just want a similar way of
  presenting and checking users for valid ID's...but
  whithout changing any contents in the current viewed
  pages (where ever the user might be in my site),,,and
  also be able to use it before anyone can see my welcome
  pages as well.

  -How can I create a window like this?
  -How do I present it to the user?
  -And how do I still keep window open for more tries
    if the user enters wrong userid and/or password?
 
  Examplecode please.  

  I'm using FrontPage98, ASP, Windows95 and PersonalServer
  and are familar with VBScript and some JavaScript.
erotAsked:
Who is Participating?
 
thespisConnect With a Mentor Commented:
Okay, the previous comments are just way too intense... What if he is not using NT?  Ya know?  Here are a couple of  possibilities...  one for just a window in JavaScript and one for UNIX authentication.  Hopefully one of them will be useful to you.  If you need further info, I will be happy to help.


Method One - New Small Window Only

As for opening a new window, JavaScript will provide you with that.  Simple enough:

     <SCRIPT LANGUAGE="javascript">
     <!--
     window.open ('page.html', 'newwindow', config='height=100,
     width=400, toolbar=no, menubar=no, scrollbars=no,
     resizable=no, location=no, directories=no, status=no')
     -->
     </SCRIPT>  

Obviously, you can customize these settings, but page.html will contain the contents of this window.  You set the height width.  The No tool, No menu, No scroll, No resize, No Location, No Directories & No Status cause it to be just a plain window.  Note: If your page doesn't fit in a window with no scroll, the browser will not care.



METHOD TWO:   UNIX Authentication

This is for use if you have FTP access to a UNIX based server.
This is true username/password authentication used on all the big sites.

1.  Create a text file called ".htaccess"  (Yes, the period is part of the name).  This file should contain:

AuthUserFile /usr/local/etc/htpasswd
AuthGroupFile /dev/null
AuthName Enter Password to Reach My Page
AuthType Basic
<Limit GET PUT POST>
require user pumpkin
</Limit>

In this example, the valid login name is "pumpkin".
After creating this file, you upload it to the directory you wish to secure.  Contact a web administrator and ask where the htpasswd file is located (make sure your string above matches).  Add a line to it:

pumpkin:password   (replace password)
0
 
PBallCommented:
You used to be able to do this with the older PWS, but not anymore.  Now, this is only available on fullblown IIS 4.0.

To present the access control window, simply remove unanymous user access from the web and enable basic authentication.  This will force the web server to authenticate the user (this will work on both FAT and NTFS partitions) but you need NT 4.0 Server for this.

For page level security, you will need NTFS partition on the drive where the web site is located.  You will have to go into the web site directory structure itself and change file security to only allow certain groups/user.  If you take out / set No Access to the IUSR_machinename user, the page will force the web server to authenticate the user.

The explanation that I gave above will only work on NT Server and IIS.  For other server such as Apache, Netscape, etc.  different method of authentication must be used.

0
 
erotAuthor Commented:
My main question is: Is it possible to present an access-window
  similar to the window mentioned in my original Q.

  Please read my question again.
 
0
Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

 
PBallCommented:
OK, you want so when people type in... www.me.com, a login password will pop-up, even before rendering the first page.  correct?

1. If you take out unanonymous access for that particular web, the window will pop-up.

2. If using NTFS, you could do the same thing by taking / not giving any acess from IUSR_machine name for that entire web directory structure and its subdirectories.

3. The second answer will only work for IIS

4. For other servers, you need to figure out how they are doing their security and follow those steps.  Different server different method.


>....I just want a similar way of presenting and checking users for valid ID's...but whithout changing any contents in the current viewed pages

What exactly do you mean by that?  You either protect the page or not at all.  When a user arrived at the protected page, they'll be asked to authenticate themselves to the server.  You will not see any content of that protected page before you authenticate yourself.

>and also be able to use it before anyone can see my welcome pages as well.
See answer above?

What am I missing here?


0
 
erotAuthor Commented:
have to go on vacation...untill 20. january.
Will come back laiter on with evaluation of the answers....
0
 
PBallCommented:
> Okay, the previous comments are just way too intense...

How so? They are valid authentications solution on an NT server and IIS.  Beside, taking anonymous access can also work on some other different server such as Netscape (I did administer a Netscape Communication Server at one point)

>What if he is not using NT?  Ya know?

Go read my first post.. I believe I stated that different web server uses different authentication method, did I not?

If you miss it, here it is again:

"The explanation that I gave above will only work on NT Server and IIS.  For other server such as Apache, Netscape, etc.  different method of authentication must be used."

>Method One - New Small Window Only

Heh, you gotta admit this one is so weak.  opening a window by itself will not authenticate user, where is the script to do the authentication? how about the i don't want to show my first page content until the user get authenticated part?  how about i want to give the user x times chances until an access denied box is shown?

>METHOD TWO:   UNIX Authentication
I give you this one.

What if he is not using UNIX?  What if he is using xitami (or _insert other web server name here) web server?


Just reciprocating...
P-Ball X-) hehe



0
 
PBallCommented:
I am sorry erot for using your question as a battleground, but he started it, i didn't hehe.
0
 
erotAuthor Commented:
At least back from vacation....Thanks for the answer...
You understood my question?  Great.
0
All Courses

From novice to tech pro — start learning today.