Password protecting a directory

 we are running an IIS 4.0 and we have a large web site and there is a members only section which should be accessible to members only.we want this whole directory containing many html files and a couple of asp files accessible through member login only.we dont have a username files but just a member id they enter which is matched with the database table and if matched should be granted access.what are the fifferent ways of doing that?If a member logs in to the members only page and bookmarks a html page in the members only section and later on if he just clicks on the bookmark he shouldnt have access to that unless he goes step by step entering the member id.
Please help me out of this.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

This solution predicates that you can change ALL the (HTML) files in your directory to ASP files.

Probably easiest to define a variable (perhaps even in global.asa), Session("validuser")="false".  When a login has been successfully achieved, change the value to "true".

At the top of each page in the directory, add the following test:

<% if Session("validuser") <> "true" then
response.redirect "login.asp"%>

I think that should get you to where you need to be.

You have two possible ways:
a) Go to MS Console then change the security police of the directory to "Basic Authentication". You may add the user to your system.

b) Use an external ASP control like "AuthenticX", available at


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
"we dont have a username files but just a member id they enter which is matched with the database table and if matched should be granted access."

Enabling Basic Authentication requires a valid NT account (either on the server or on a trusted domain).

While AuthenticX may not require the creation of NT user accounts, it does cost $299.

Using ASP code to protect your files takes advantage of your already created database, and costs nothing more than adding a couple of lines of code to each file and saving them as ASP files.  In the worst case scenario, where all your HTML files are linked together, you could even define .htm (or .html) files as Active Server Pages, so you wouldn't have to recode the links.  Not pretty, but functional.

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.