Solved

How can I protect web forms over the internet by forcing users to sign in to view company data?

Posted on 2007-03-18
6
201 Views
Last Modified: 2010-04-06
Overview
-----------
I have an access 2003 with Access Data Access Pages that are accessed over the Internet.  I would like to Add security to the application.  So, far I I have a Login page that allows the end-user to enter their name and password and when they click login the end-user is forwarded to the application main menu.  The login page was developed in ASP and the on-click event checks the Access database employee table to verify if the end-user exist.

Problem:
-----------
How can I protect the Data Access Pages to prevent someone from just typing in the site URL address and Data Access Page Name?  For example, When a person goes to a web application on-line like experts-exchange .com they have to sign in to view data, a solution, and or ask a question and sign off or just close the web browser when done.  The user can't just go to the question Wizzard without by typing in the URL address, the user has to login.  
0
Comment
Question by:cesemj
  • 3
  • 2
6 Comments
 
LVL 16

Expert Comment

by:golfDoctor
ID: 18745128
Take off anonymous access in IIS, and set up NT Authentication.  This requires that everyone login to access a certain directory.
0
 
LVL 16

Expert Comment

by:golfDoctor
ID: 18745130
0
 
LVL 7

Accepted Solution

by:
Clever_Bob earned 125 total points
ID: 18745146
Gidday cesmi. As I understand it, you want your users to be authenticated before they view the data. And you don't want them surfing directly to www.yoursite.com/answers (for example) without going to www.yoursite.com/signin first.

The answer is that you need some kind of authentication on every page. The normal/std thing to do it do include a file (using the 'include' syntax to check a session variable which makes sure they are signed in. If the are not signed in, you redirect them.
0
U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

 
LVL 7

Assisted Solution

by:Clever_Bob
Clever_Bob earned 125 total points
ID: 18745159
oh and just to be sure about what I'm saying. You should set the session variable when the user signs in and remove all session variables when they log out.

And when I say 'redirect;, I literally mean 'response.redirect' syntax... this will take the user to another page prior to any data being displayed.

Hope this helps!
0
 
LVL 16

Expert Comment

by:golfDoctor
ID: 18745171
Oh, I guess you were not looking for something as finite as NT Authentication.  You'd need to use somehting along the lines of what Clever_Bob said, with session variables to validate login has been done on each page, with include files or a global function.
0
 

Author Comment

by:cesemj
ID: 18745753
Thank you for the direction.
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Add records to a form to a table 11 37
Access Update Query 1 20
DCount Type Mismatch 2 21
Filter a form 8 12
This demonstration started out as a follow up to some recently posted questions on the subject of logging in: http://www.experts-exchange.com/Programming/Languages/Scripting/JavaScript/Q_28634665.html and http://www.experts-exchange.com/Programming/…
Introduction A frequently used term in Object-Oriented design is "SOLID" which is a mnemonic acronym that covers five principles of OO design.  These principles do not stand alone; there is interplay among them.  And they are not laws, merely princ…
This video teaches users how to migrate an existing Wordpress website to a new domain.
In Microsoft Access, learn the trick to repeating sub-report headings at the top of each page. The problem with sub-reports and headings: Add a dummy group to the sub report using the expression =1: Set the “Repeat Section” property of the dummy…

785 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question