Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

How can I protect web forms over the internet by forcing users to sign in to view company data?

Posted on 2007-03-18
6
Medium Priority
?
207 Views
Last Modified: 2010-04-06
Overview
-----------
I have an access 2003 with Access Data Access Pages that are accessed over the Internet.  I would like to Add security to the application.  So, far I I have a Login page that allows the end-user to enter their name and password and when they click login the end-user is forwarded to the application main menu.  The login page was developed in ASP and the on-click event checks the Access database employee table to verify if the end-user exist.

Problem:
-----------
How can I protect the Data Access Pages to prevent someone from just typing in the site URL address and Data Access Page Name?  For example, When a person goes to a web application on-line like experts-exchange .com they have to sign in to view data, a solution, and or ask a question and sign off or just close the web browser when done.  The user can't just go to the question Wizzard without by typing in the URL address, the user has to login.  
0
Comment
Question by:cesemj
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 16

Expert Comment

by:golfDoctor
ID: 18745128
Take off anonymous access in IIS, and set up NT Authentication.  This requires that everyone login to access a certain directory.
0
 
LVL 16

Expert Comment

by:golfDoctor
ID: 18745130
0
 
LVL 7

Accepted Solution

by:
Clever_Bob earned 500 total points
ID: 18745146
Gidday cesmi. As I understand it, you want your users to be authenticated before they view the data. And you don't want them surfing directly to www.yoursite.com/answers (for example) without going to www.yoursite.com/signin first.

The answer is that you need some kind of authentication on every page. The normal/std thing to do it do include a file (using the 'include' syntax to check a session variable which makes sure they are signed in. If the are not signed in, you redirect them.
0
Will your db performance match your db growth?

In Percona’s white paper “Performance at Scale: Keeping Your Database on Its Toes,” we take a high-level approach to what you need to think about when planning for database scalability.

 
LVL 7

Assisted Solution

by:Clever_Bob
Clever_Bob earned 500 total points
ID: 18745159
oh and just to be sure about what I'm saying. You should set the session variable when the user signs in and remove all session variables when they log out.

And when I say 'redirect;, I literally mean 'response.redirect' syntax... this will take the user to another page prior to any data being displayed.

Hope this helps!
0
 
LVL 16

Expert Comment

by:golfDoctor
ID: 18745171
Oh, I guess you were not looking for something as finite as NT Authentication.  You'd need to use somehting along the lines of what Clever_Bob said, with session variables to validate login has been done on each page, with include files or a global function.
0
 

Author Comment

by:cesemj
ID: 18745753
Thank you for the direction.
0

Featured Post

Understanding Web Applications

Without even knowing it, most of us are using web applications on a daily basis. Gmail and Yahoo email, Twitter, Facebook, and eBay are used by most of us daily—and they are web applications. We often confuse these web applications tools for websites.  So, what is the difference?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article shows how to get a list of available printers for display in a drop-down list, and then to use the selected printer to print an Access report or a Word document filled with Access data, using different syntax as needed for working with …
Without even knowing it, most of us are using web applications on a daily basis.  In fact, Gmail and Yahoo email, Twitter, Facebook, and eBay are used by most of us daily—and they are web applications. We generally confuse these web applications to…
In Microsoft Access, learn different ways of passing a string value within a string argument. Also learn what a “Type Mis-match” error is about.
Learn how to set-up PayPal payment integration in your Wufoo form. Allow your users to remit payment through PayPal upon completion of your online form. This is helpful for collecting membership payments, customer payments, donations, and more.

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question