Solved

How can I protect web forms over the internet by forcing users to sign in to view company data?

Posted on 2007-03-18
6
199 Views
Last Modified: 2010-04-06
Overview
-----------
I have an access 2003 with Access Data Access Pages that are accessed over the Internet.  I would like to Add security to the application.  So, far I I have a Login page that allows the end-user to enter their name and password and when they click login the end-user is forwarded to the application main menu.  The login page was developed in ASP and the on-click event checks the Access database employee table to verify if the end-user exist.

Problem:
-----------
How can I protect the Data Access Pages to prevent someone from just typing in the site URL address and Data Access Page Name?  For example, When a person goes to a web application on-line like experts-exchange .com they have to sign in to view data, a solution, and or ask a question and sign off or just close the web browser when done.  The user can't just go to the question Wizzard without by typing in the URL address, the user has to login.  
0
Comment
Question by:cesemj
  • 3
  • 2
6 Comments
 
LVL 16

Expert Comment

by:golfDoctor
ID: 18745128
Take off anonymous access in IIS, and set up NT Authentication.  This requires that everyone login to access a certain directory.
0
 
LVL 16

Expert Comment

by:golfDoctor
ID: 18745130
0
 
LVL 7

Accepted Solution

by:
Clever_Bob earned 125 total points
ID: 18745146
Gidday cesmi. As I understand it, you want your users to be authenticated before they view the data. And you don't want them surfing directly to www.yoursite.com/answers (for example) without going to www.yoursite.com/signin first.

The answer is that you need some kind of authentication on every page. The normal/std thing to do it do include a file (using the 'include' syntax to check a session variable which makes sure they are signed in. If the are not signed in, you redirect them.
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 7

Assisted Solution

by:Clever_Bob
Clever_Bob earned 125 total points
ID: 18745159
oh and just to be sure about what I'm saying. You should set the session variable when the user signs in and remove all session variables when they log out.

And when I say 'redirect;, I literally mean 'response.redirect' syntax... this will take the user to another page prior to any data being displayed.

Hope this helps!
0
 
LVL 16

Expert Comment

by:golfDoctor
ID: 18745171
Oh, I guess you were not looking for something as finite as NT Authentication.  You'd need to use somehting along the lines of what Clever_Bob said, with session variables to validate login has been done on each page, with include files or a global function.
0
 

Author Comment

by:cesemj
ID: 18745753
Thank you for the direction.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

In a multiple monitor setup, if you don't want to use AutoCenter to position your popup forms, you have a problem: where will they appear?  Sometimes you may have an additional problem: where the devil did they go?  If you last had a popup form open…
Foolproof security solutions has become one of the key necessities of every e-commerce or Internet banking website. If you too own an online shopping site then its vital for you to equip your web portal with customer security features that can allow…
This video teaches users how to migrate an existing Wordpress website to a new domain.
Learn how to set-up custom confirmation messages to users who complete your Wufoo form. Include inputs from fields in your form, webpage redirects, and more with Wufoo’s confirmation options.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now