Solved

How can I protect web forms over the internet by forcing users to sign in to view company data?

Posted on 2007-03-18
6
203 Views
Last Modified: 2010-04-06
Overview
-----------
I have an access 2003 with Access Data Access Pages that are accessed over the Internet.  I would like to Add security to the application.  So, far I I have a Login page that allows the end-user to enter their name and password and when they click login the end-user is forwarded to the application main menu.  The login page was developed in ASP and the on-click event checks the Access database employee table to verify if the end-user exist.

Problem:
-----------
How can I protect the Data Access Pages to prevent someone from just typing in the site URL address and Data Access Page Name?  For example, When a person goes to a web application on-line like experts-exchange .com they have to sign in to view data, a solution, and or ask a question and sign off or just close the web browser when done.  The user can't just go to the question Wizzard without by typing in the URL address, the user has to login.  
0
Comment
Question by:cesemj
  • 3
  • 2
6 Comments
 
LVL 16

Expert Comment

by:golfDoctor
ID: 18745128
Take off anonymous access in IIS, and set up NT Authentication.  This requires that everyone login to access a certain directory.
0
 
LVL 16

Expert Comment

by:golfDoctor
ID: 18745130
0
 
LVL 7

Accepted Solution

by:
Clever_Bob earned 125 total points
ID: 18745146
Gidday cesmi. As I understand it, you want your users to be authenticated before they view the data. And you don't want them surfing directly to www.yoursite.com/answers (for example) without going to www.yoursite.com/signin first.

The answer is that you need some kind of authentication on every page. The normal/std thing to do it do include a file (using the 'include' syntax to check a session variable which makes sure they are signed in. If the are not signed in, you redirect them.
0
Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

 
LVL 7

Assisted Solution

by:Clever_Bob
Clever_Bob earned 125 total points
ID: 18745159
oh and just to be sure about what I'm saying. You should set the session variable when the user signs in and remove all session variables when they log out.

And when I say 'redirect;, I literally mean 'response.redirect' syntax... this will take the user to another page prior to any data being displayed.

Hope this helps!
0
 
LVL 16

Expert Comment

by:golfDoctor
ID: 18745171
Oh, I guess you were not looking for something as finite as NT Authentication.  You'd need to use somehting along the lines of what Clever_Bob said, with session variables to validate login has been done on each page, with include files or a global function.
0
 

Author Comment

by:cesemj
ID: 18745753
Thank you for the direction.
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

What is Node.js? Node.js is a server side scripting language much like PHP or ASP but is used to implement the complete package of HTTP webserver and application framework. The difference is that Node.js’s execution engine is asynchronous and event…
As tax season makes its return, so does the increase in cyber crime and tax refund phishing that comes with it
Using Microsoft Access, learn some simple rules for how to construct tables in a relational database. Split up all multi-value fields into single values: Split up fields that belong to other things into separate tables: Make sure that all record…
Use Wufoo, an online form creation tool, to make powerful forms. Learn how to selectively show certain fields based on user input using rules to gather relevant information and data from your forms. The rules feature provides you with an opportunity…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question