[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

login & password code

Posted on 2006-07-21
7
Medium Priority
?
515 Views
Last Modified: 2008-03-10
i'm creating a simple webpage in IIS.... and i'm trying to add a login and password to only allow users to get into a folder...  externally.    

i created a login.asp and a default.asp but they are not currently working... is there anyone out there that could provide me some code to help me get this done.. thanks.
0
Comment
Question by:d01970g
4 Comments
 
LVL 18

Expert Comment

by:Mark Gilbert
ID: 17154869
Hi there,

Macromedia Dreamweaver MX has an excellant set of pre-built scripts for your requirements.  In the server behaviours rollout you have scripts to make sure the user is logged in, to log in, log out and to create user logins.  It is also group based should you wish to give various privillages such as admin, user, and guest.  

The check credentials page looks like this:

<%@LANGUAGE="JAVASCRIPT" CODEPAGE="1252"%>
<%
// *** Restrict Access To Page: Grant or deny access to this page
var MM_authorizedUsers="1,2,3";
var MM_authFailedURL="login.asp";
var MM_grantAccess=false;
if (String(Session("MM_Username")) != "undefined") {
  if (false || (String(Session("MM_UserAuthorization"))=="") || (MM_authorizedUsers.indexOf(String(Session("MM_UserAuthorization"))) >=0)) {
    MM_grantAccess = true;
  }
}
if (!MM_grantAccess) {
  var MM_qsChar = "?";
  if (MM_authFailedURL.indexOf("?") >= 0) MM_qsChar = "&";
  var MM_referrer = Request.ServerVariables("URL");
  if (String(Request.QueryString()).length > 0) MM_referrer = MM_referrer + "?" + String(Request.QueryString());
  MM_authFailedURL = MM_authFailedURL + MM_qsChar + "accessdenied=" + Server.URLEncode(MM_referrer);
  Response.Redirect(MM_authFailedURL);
}
%>

<%@LANGUAGE="JAVASCRIPT" CODEPAGE="1252"%>
<!--#include file="/Connections/database.asp" -->
// *** The file in the include statement above is the database connector file.  Dreamweaver creates this automatically for you when you set up your database.
<%
// *** Validate request to log in to this site.
var MM_LoginAction = Request.ServerVariables("URL");
if (Request.QueryString!="") MM_LoginAction += "?" + Server.HTMLEncode(Request.QueryString);
var MM_valUsername=String(Request.Form("uname"));
if (MM_valUsername != "undefined") {
  var MM_fldUserAuthorization="group_id";
  var MM_redirectLoginSuccess="checkout.asp";
  var MM_redirectLoginFailed="login.asp";
  var MM_flag="ADODB.Recordset";
  var MM_rsUser = Server.CreateObject(MM_flag);
  MM_rsUser.ActiveConnection = MM_database_STRING;
  MM_rsUser.Source = "SELECT user_login, user_password";
  if (MM_fldUserAuthorization != "") MM_rsUser.Source += "," + MM_fldUserAuthorization;
  MM_rsUser.Source += " FROM redstone.users WHERE user_login='" + MM_valUsername.replace(/'/g, "''") + "' AND user_password='" + String(Request.Form("pword")).replace(/'/g, "''") + "'";
  MM_rsUser.CursorType = 0;
  MM_rsUser.CursorLocation = 2;
  MM_rsUser.LockType = 3;
  MM_rsUser.Open();
  if (!MM_rsUser.EOF || !MM_rsUser.BOF) {
    // username and password match - this is a valid user
    Session("MM_Username") = MM_valUsername;
    if (MM_fldUserAuthorization != "") {
      Session("MM_UserAuthorization") = String(MM_rsUser.Fields.Item(MM_fldUserAuthorization).Value);
    } else {
      Session("MM_UserAuthorization") = "";
    }
    if (String(Request.QueryString("accessdenied")) != "undefined" && true) {
      MM_redirectLoginSuccess = Request.QueryString("accessdenied");
    }
    MM_rsUser.Close();
    Response.Redirect(MM_redirectLoginSuccess);
  }
  MM_rsUser.Close();
  Response.Redirect(MM_redirectLoginFailed);
}
%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>
<form name="form1" method="POST" action="<%=MM_LoginAction%>">
  <p>Username:
    <input name="uname" type="text" id="uname">
</p>
  <p>Password:
    <input name="pword" type="text" id="pword">
    <input type="submit" name="Submit" value="Submit">
</p>
</form>
</body>
</html>


When you create your database, make sure you have a username, password and group ID fields.  You may even consider an encryption alogrithm for the passwords like md5.  

Hope this helps.

It is worth noting that Macromedia Dreamweaver MX has a 30 day trial whereby you can use the features to fully create your authentication system.  And the scripts are not trial based either.

Hope that this helps.

Mark
0
 

Author Comment

by:d01970g
ID: 17156109
i want to do it in HTML.... how can i have multiple logins?  i was able to create one login and password....
0
 
LVL 2

Accepted Solution

by:
masoncooper earned 1000 total points
ID: 17156317
If it's just a single login/password you want, you might want to consider just setting security on the site.  By allowing only one (or a few) Windows accounts to access a portion of the site, you don't even need to write your own login/password script.

Just create a virtual directory in IIS and point that to the protected portion of your site.  Then under "Directory Security", remove Anonymous Access and turn on "Windows Authentication".  Now just create an account you give to web users and you'll be all set!

For additional security, you can modify the folder-level permissions on that directory so that only that web-account and yourself has access to the files contained within.
0
 
LVL 4

Assisted Solution

by:daluu
daluu earned 1000 total points
ID: 17158429
masoncooper's suggestion is a good option for limited login accounts. IIS is not as great as Apache where you can use .htaccess & .htpasswd files that are independent of the OS user accounts to provision website access priviledges, however...

For Apache like access in IIS, check out the free IISPassword utility from Troxo at
http://www.troxo.com/products/iispassword/

It's easy to use and worked great when I tried it out.

As for custom coded login validation, this is what you do:

1. create web form with text fields for login, etc. set to send to a script page (e.g. ASP). This assumes you know HTML web forms and stuff.

2. At your script page, you compare the form field content to the login account data stored in either your ASP page, some file, or a database. If ok, allow access via URL redirection or have script load actual content. If no match, then block access via URL redirection or no show content.

NOTE: for security you may wish to encrypt the login data on your login form before it is submitted across the internet to your script page. In this case, you compare the encrypted values to the encrypted values stored in file or database, etc. This is easy to do with Perl or PHP using crypt() or md5() function. With ASP, you can consider using a Javascript MD5 script to do the job for you, sample given here. If you questions about this, let me know.

http://i.1asphost.com/daluu/jshash.htm
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Dramatic changes are revolutionizing how we build and use technology. Every company is automating, digitizing, and modernizing operations. We need a better, more connected way to work together as teams so we can harness the insights from our system…
Ready to get certified? Check out some courses that help you prepare for third-party exams.
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
Suggested Courses
Course of the Month19 days, 8 hours left to enroll

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question