Solved

login & password code

Posted on 2006-07-21
7
500 Views
Last Modified: 2008-03-10
i'm creating a simple webpage in IIS.... and i'm trying to add a login and password to only allow users to get into a folder...  externally.    

i created a login.asp and a default.asp but they are not currently working... is there anyone out there that could provide me some code to help me get this done.. thanks.
0
Comment
Question by:d01970g
7 Comments
 
LVL 18

Expert Comment

by:ingwa
ID: 17154869
Hi there,

Macromedia Dreamweaver MX has an excellant set of pre-built scripts for your requirements.  In the server behaviours rollout you have scripts to make sure the user is logged in, to log in, log out and to create user logins.  It is also group based should you wish to give various privillages such as admin, user, and guest.  

The check credentials page looks like this:

<%@LANGUAGE="JAVASCRIPT" CODEPAGE="1252"%>
<%
// *** Restrict Access To Page: Grant or deny access to this page
var MM_authorizedUsers="1,2,3";
var MM_authFailedURL="login.asp";
var MM_grantAccess=false;
if (String(Session("MM_Username")) != "undefined") {
  if (false || (String(Session("MM_UserAuthorization"))=="") || (MM_authorizedUsers.indexOf(String(Session("MM_UserAuthorization"))) >=0)) {
    MM_grantAccess = true;
  }
}
if (!MM_grantAccess) {
  var MM_qsChar = "?";
  if (MM_authFailedURL.indexOf("?") >= 0) MM_qsChar = "&";
  var MM_referrer = Request.ServerVariables("URL");
  if (String(Request.QueryString()).length > 0) MM_referrer = MM_referrer + "?" + String(Request.QueryString());
  MM_authFailedURL = MM_authFailedURL + MM_qsChar + "accessdenied=" + Server.URLEncode(MM_referrer);
  Response.Redirect(MM_authFailedURL);
}
%>

<%@LANGUAGE="JAVASCRIPT" CODEPAGE="1252"%>
<!--#include file="/Connections/database.asp" -->
// *** The file in the include statement above is the database connector file.  Dreamweaver creates this automatically for you when you set up your database.
<%
// *** Validate request to log in to this site.
var MM_LoginAction = Request.ServerVariables("URL");
if (Request.QueryString!="") MM_LoginAction += "?" + Server.HTMLEncode(Request.QueryString);
var MM_valUsername=String(Request.Form("uname"));
if (MM_valUsername != "undefined") {
  var MM_fldUserAuthorization="group_id";
  var MM_redirectLoginSuccess="checkout.asp";
  var MM_redirectLoginFailed="login.asp";
  var MM_flag="ADODB.Recordset";
  var MM_rsUser = Server.CreateObject(MM_flag);
  MM_rsUser.ActiveConnection = MM_database_STRING;
  MM_rsUser.Source = "SELECT user_login, user_password";
  if (MM_fldUserAuthorization != "") MM_rsUser.Source += "," + MM_fldUserAuthorization;
  MM_rsUser.Source += " FROM redstone.users WHERE user_login='" + MM_valUsername.replace(/'/g, "''") + "' AND user_password='" + String(Request.Form("pword")).replace(/'/g, "''") + "'";
  MM_rsUser.CursorType = 0;
  MM_rsUser.CursorLocation = 2;
  MM_rsUser.LockType = 3;
  MM_rsUser.Open();
  if (!MM_rsUser.EOF || !MM_rsUser.BOF) {
    // username and password match - this is a valid user
    Session("MM_Username") = MM_valUsername;
    if (MM_fldUserAuthorization != "") {
      Session("MM_UserAuthorization") = String(MM_rsUser.Fields.Item(MM_fldUserAuthorization).Value);
    } else {
      Session("MM_UserAuthorization") = "";
    }
    if (String(Request.QueryString("accessdenied")) != "undefined" && true) {
      MM_redirectLoginSuccess = Request.QueryString("accessdenied");
    }
    MM_rsUser.Close();
    Response.Redirect(MM_redirectLoginSuccess);
  }
  MM_rsUser.Close();
  Response.Redirect(MM_redirectLoginFailed);
}
%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>
<form name="form1" method="POST" action="<%=MM_LoginAction%>">
  <p>Username:
    <input name="uname" type="text" id="uname">
</p>
  <p>Password:
    <input name="pword" type="text" id="pword">
    <input type="submit" name="Submit" value="Submit">
</p>
</form>
</body>
</html>


When you create your database, make sure you have a username, password and group ID fields.  You may even consider an encryption alogrithm for the passwords like md5.  

Hope this helps.

It is worth noting that Macromedia Dreamweaver MX has a 30 day trial whereby you can use the features to fully create your authentication system.  And the scripts are not trial based either.

Hope that this helps.

Mark
0
 

Author Comment

by:d01970g
ID: 17156109
i want to do it in HTML.... how can i have multiple logins?  i was able to create one login and password....
0
 
LVL 2

Accepted Solution

by:
masoncooper earned 250 total points
ID: 17156317
If it's just a single login/password you want, you might want to consider just setting security on the site.  By allowing only one (or a few) Windows accounts to access a portion of the site, you don't even need to write your own login/password script.

Just create a virtual directory in IIS and point that to the protected portion of your site.  Then under "Directory Security", remove Anonymous Access and turn on "Windows Authentication".  Now just create an account you give to web users and you'll be all set!

For additional security, you can modify the folder-level permissions on that directory so that only that web-account and yourself has access to the files contained within.
0
 
LVL 4

Assisted Solution

by:daluu
daluu earned 250 total points
ID: 17158429
masoncooper's suggestion is a good option for limited login accounts. IIS is not as great as Apache where you can use .htaccess & .htpasswd files that are independent of the OS user accounts to provision website access priviledges, however...

For Apache like access in IIS, check out the free IISPassword utility from Troxo at
http://www.troxo.com/products/iispassword/

It's easy to use and worked great when I tried it out.

As for custom coded login validation, this is what you do:

1. create web form with text fields for login, etc. set to send to a script page (e.g. ASP). This assumes you know HTML web forms and stuff.

2. At your script page, you compare the form field content to the login account data stored in either your ASP page, some file, or a database. If ok, allow access via URL redirection or have script load actual content. If no match, then block access via URL redirection or no show content.

NOTE: for security you may wish to encrypt the login data on your login form before it is submitted across the internet to your script page. In this case, you compare the encrypted values to the encrypted values stored in file or database, etc. This is easy to do with Perl or PHP using crypt() or md5() function. With ASP, you can consider using a Javascript MD5 script to do the job for you, sample given here. If you questions about this, let me know.

http://i.1asphost.com/daluu/jshash.htm
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
archiving old posts 9 42
Google maps isn't showing even after API has been entered 12 78
Form Processing in PHP 11 31
remove background quote mark from widget 6 19
Learn by example how to specify CSS selectors for Selenium WebDriver test automation software.
Although it can be difficult to imagine, someday your child will have a career of his or her own. He or she will likely start a family, buy a home and start having their own children. So, while being a kid is still extremely important, it’s also …
Any person in technology especially those working for big companies should at least know about the basics of web accessibility. Believe it or not there are even laws in place that require businesses to provide such means for the disabled and aging p…
Learn how to create flexible layouts using relative units in CSS.  New relative units added in CSS3 include vw(viewports width), vh(viewports height), vmin(minimum of viewports height and width), and vmax (maximum of viewports height and width).

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now