How can I protect web forms over the internet by forcing users to sign in to view company data?

Overview
-----------
I have an access 2003 with Access Data Access Pages that are accessed over the Internet.  I would like to Add security to the application.  So, far I I have a Login page that allows the end-user to enter their name and password and when they click login the end-user is forwarded to the application main menu.  The login page was developed in ASP and the on-click event checks the Access database employee table to verify if the end-user exist.

Problem:
-----------
How can I protect the Data Access Pages to prevent someone from just typing in the site URL address and Data Access Page Name?  For example, When a person goes to a web application on-line like experts-exchange .com they have to sign in to view data, a solution, and or ask a question and sign off or just close the web browser when done.  The user can't just go to the question Wizzard without by typing in the URL address, the user has to login.  
cesemjAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

golfDoctorCommented:
Take off anonymous access in IIS, and set up NT Authentication.  This requires that everyone login to access a certain directory.
0
Clever_BobCommented:
Gidday cesmi. As I understand it, you want your users to be authenticated before they view the data. And you don't want them surfing directly to www.yoursite.com/answers (for example) without going to www.yoursite.com/signin first.

The answer is that you need some kind of authentication on every page. The normal/std thing to do it do include a file (using the 'include' syntax to check a session variable which makes sure they are signed in. If the are not signed in, you redirect them.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Newly released Acronis True Image 2019

In announcing the release of the 15th Anniversary Edition of Acronis True Image 2019, the company revealed that its artificial intelligence-based anti-ransomware technology – stopped more than 200,000 ransomware attacks on 150,000 customers last year.

Clever_BobCommented:
oh and just to be sure about what I'm saying. You should set the session variable when the user signs in and remove all session variables when they log out.

And when I say 'redirect;, I literally mean 'response.redirect' syntax... this will take the user to another page prior to any data being displayed.

Hope this helps!
0
golfDoctorCommented:
Oh, I guess you were not looking for something as finite as NT Authentication.  You'd need to use somehting along the lines of what Clever_Bob said, with session variables to validate login has been done on each page, with include files or a global function.
0
cesemjAuthor Commented:
Thank you for the direction.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Web Applications

From novice to tech pro — start learning today.