472,110 Members | 2,053 Online
Bytes | Software Development & Data Engineering Community
Post +

Home Posts Topics Members FAQ

home > topics > asp / active server pages > questions > restrict access problem

Join Bytes to post your question to a community of 472,110 software developers and data experts.

Restrict Access Problem

Hi all, at present I I've built a website which can be updated by admin and
users.

My problem, I've combined "log in" and "access levels" to restrict access to
certain pages, using the built in "log in" and "user authentication,
restrict access to page" features. But I find the after login I constantly
get redirected from the restricted pages.

I.e. admin get redirected even though they meet the security level.

Can anyone help?

Below are portion of the code to help

I'm Using Dreamweaver MX 7.01 an XP SP 2.

Login database

Username password security

Peter bongo Admin

Patrick peach client

"Log in" web page code

*** Validate request to log in to this site.

MM_LoginAction = Request.ServerVariables("URL")

If Request.QueryString<>"" Then MM_LoginAction = MM_LoginAction + "?" +
Server.HTMLEncode(Request.QueryString)

MM_valUsername=CStr(Request.Form("username"))

If MM_valUsername <> "" Then

MM_fldUserAuthorization="security"

MM_redirectLoginSuccess="welldone.asp"

MM_redirectLoginFailed="Login.asp"

MM_flag="ADODB.Recordset"

set MM_rsUser = Server.CreateObject(MM_flag)

MM_rsUser.ActiveConnection = MM_LoginTest_STRING

MM_rsUser.Source = "SELECT username, password"

If MM_fldUserAuthorization <> "" Then MM_rsUser.Source = MM_rsUser.Source
& "," & MM_fldUserAuthorization

MM_rsUser.Source = MM_rsUser.Source & " FROM Login WHERE username='" &
Replace(MM_valUsername,"'","''") &"' AND password='" &
Replace(Request.Form("password"),"'","''") & "'"

MM_rsUser.CursorType = 0

MM_rsUser.CursorLocation = 2

MM_rsUser.LockType = 3

MM_rsUser.Open

If Not MM_rsUser.EOF Or Not MM_rsUser.BOF Then

' username and password match - this is a valid user

Session("MM_Username") = MM_valUsername

If (MM_fldUserAuthorization <> "") Then

Session("MM_UserAuthorization") =
CStr(MM_rsUser.Fields.Item(MM_fldUserAuthorization ).Value)

Else

Session("MM_UserAuthorization") = ""

End If

if CStr(Request.QueryString("accessdenied")) <> "" And false Then

MM_redirectLoginSuccess = Request.QueryString("accessdenied")

End If

MM_rsUser.Close

Response.Redirect(MM_redirectLoginSuccess)

End If

MM_rsUser.Close

Response.Redirect(MM_redirectLoginFailed)

End If

%>





Restricted web page

<%

' *** Restrict Access To Page: Grant or deny access to this page

MM_authorizedUsers="Admin"

MM_authFailedURL="NoPermission.asp"

MM_grantAccess=false

If Session("MM_Username") <> "" Then

If (false Or CStr(Session("MM_UserAuthorization"))="") Or _

(InStr(1,MM_authorizedUsers,Session("MM_UserAuthor ization"))>=1)
Then

MM_grantAccess = true

End If

End If

If Not MM_grantAccess Then

MM_qsChar = "?"

If (InStr(1,MM_authFailedURL,"?") >= 1) Then MM_qsChar = "&"

MM_referrer = Request.ServerVariables("URL")

if (Len(Request.QueryString()) > 0) Then MM_referrer = MM_referrer & "?" &
Request.QueryString()

MM_authFailedURL = MM_authFailedURL & MM_qsChar & "accessdenied=" &
Server.URLEncode(MM_referrer)

Response.Redirect(MM_authFailedURL)

End If

%>
Jul 22 '05 #1
3 2955
I say redirecting users around like that is a bad idea.
You should be dynamically tailoring the content based on who is logged in,
not redirecting people all over the place. It is only going to cause issues
and complicate things because even after the redirect you still need to make
sure the places you send them only allow the intended users. Your basically
doing a lot more work than you need to.

Christopher Williams
www.PowerASP.com
www.CJWSoft.com

"Paul" <de*******@blueyonder.co.uk> wrote in message
news:m0*******************@fe2.news.blueyonder.co. uk...
Hi all, at present I I've built a website which can be updated by admin
and users.

My problem, I've combined "log in" and "access levels" to restrict access
to certain pages, using the built in "log in" and "user authentication,
restrict access to page" features. But I find the after login I constantly
get redirected from the restricted pages.

I.e. admin get redirected even though they meet the security level.

Can anyone help?

Below are portion of the code to help

I'm Using Dreamweaver MX 7.01 an XP SP 2.

Login database

Username password security

Peter bongo Admin

Patrick peach client

"Log in" web page code

*** Validate request to log in to this site.

MM_LoginAction = Request.ServerVariables("URL")

If Request.QueryString<>"" Then MM_LoginAction = MM_LoginAction + "?" +
Server.HTMLEncode(Request.QueryString)

MM_valUsername=CStr(Request.Form("username"))

If MM_valUsername <> "" Then

MM_fldUserAuthorization="security"

MM_redirectLoginSuccess="welldone.asp"

MM_redirectLoginFailed="Login.asp"

MM_flag="ADODB.Recordset"

set MM_rsUser = Server.CreateObject(MM_flag)

MM_rsUser.ActiveConnection = MM_LoginTest_STRING

MM_rsUser.Source = "SELECT username, password"

If MM_fldUserAuthorization <> "" Then MM_rsUser.Source = MM_rsUser.Source
& "," & MM_fldUserAuthorization

MM_rsUser.Source = MM_rsUser.Source & " FROM Login WHERE username='" &
Replace(MM_valUsername,"'","''") &"' AND password='" &
Replace(Request.Form("password"),"'","''") & "'"

MM_rsUser.CursorType = 0

MM_rsUser.CursorLocation = 2

MM_rsUser.LockType = 3

MM_rsUser.Open

If Not MM_rsUser.EOF Or Not MM_rsUser.BOF Then

' username and password match - this is a valid user

Session("MM_Username") = MM_valUsername

If (MM_fldUserAuthorization <> "") Then

Session("MM_UserAuthorization") =
CStr(MM_rsUser.Fields.Item(MM_fldUserAuthorization ).Value)

Else

Session("MM_UserAuthorization") = ""

End If

if CStr(Request.QueryString("accessdenied")) <> "" And false Then

MM_redirectLoginSuccess = Request.QueryString("accessdenied")

End If

MM_rsUser.Close

Response.Redirect(MM_redirectLoginSuccess)

End If

MM_rsUser.Close

Response.Redirect(MM_redirectLoginFailed)

End If

%>





Restricted web page

<%

' *** Restrict Access To Page: Grant or deny access to this page

MM_authorizedUsers="Admin"

MM_authFailedURL="NoPermission.asp"

MM_grantAccess=false

If Session("MM_Username") <> "" Then

If (false Or CStr(Session("MM_UserAuthorization"))="") Or _

(InStr(1,MM_authorizedUsers,Session("MM_UserAuthor ization"))>=1)
Then

MM_grantAccess = true

End If

End If

If Not MM_grantAccess Then

MM_qsChar = "?"

If (InStr(1,MM_authFailedURL,"?") >= 1) Then MM_qsChar = "&"

MM_referrer = Request.ServerVariables("URL")

if (Len(Request.QueryString()) > 0) Then MM_referrer = MM_referrer & "?"
& Request.QueryString()

MM_authFailedURL = MM_authFailedURL & MM_qsChar & "accessdenied=" &
Server.URLEncode(MM_referrer)

Response.Redirect(MM_authFailedURL)

End If

%>

Jul 22 '05 #2
Hi Christopher, at present my admin pages are visible by everybody. I'm
trying to prevent this whilst giving certain users more administrative
features. I'm assuming that I would still use access level if I dynamically
tailored the content? If so there lays my problem. For something which
should seem so simple I'm having a nightmare. I've use the built in "log in"
and "restrict access" features in Dreamweaver but they don't seem to work.
Is there any special preparation, session or something? All I'm using for
login, is a login database containing username, password, accesslevel,
fields, all spelt correctly.

I feel the sessions aren't getting passed from the login paged. Is there any
way of checking this?

' *** Restrict Access To Page: Grant or deny access to this page

MM_authorizedUsers="Admin"

MM_authFailedURL="NoPermission.asp"

MM_grantAccess=false

If Session("MM_Username") <> "" Then

If (false Or CStr(Session("MM_UserAuthorization"))="") Or _

(InStr(1,MM_authorizedUsers,Session("MM_UserAuthor ization"))>=1)
Then

MM_grantAccess = true

End If


"Christopher Williams" <ch***@fixCJWSoft.com> wrote in message
news:%2******************@tk2msftngp13.phx.gbl...
I say redirecting users around like that is a bad idea.
You should be dynamically tailoring the content based on who is logged in,
not redirecting people all over the place. It is only going to cause
issues and complicate things because even after the redirect you still
need to make sure the places you send them only allow the intended users.
Your basically doing a lot more work than you need to.

Christopher Williams
www.PowerASP.com
www.CJWSoft.com

"Paul" <de*******@blueyonder.co.uk> wrote in message
news:m0*******************@fe2.news.blueyonder.co. uk...
Hi all, at present I I've built a website which can be updated by admin
and users.

My problem, I've combined "log in" and "access levels" to restrict access
to certain pages, using the built in "log in" and "user authentication,
restrict access to page" features. But I find the after login I
constantly get redirected from the restricted pages.

I.e. admin get redirected even though they meet the security level.

Can anyone help?

Below are portion of the code to help

I'm Using Dreamweaver MX 7.01 an XP SP 2.

Login database

Username password security

Peter bongo Admin

Patrick peach client

"Log in" web page code

*** Validate request to log in to this site.

MM_LoginAction = Request.ServerVariables("URL")

If Request.QueryString<>"" Then MM_LoginAction = MM_LoginAction + "?" +
Server.HTMLEncode(Request.QueryString)

MM_valUsername=CStr(Request.Form("username"))

If MM_valUsername <> "" Then

MM_fldUserAuthorization="security"

MM_redirectLoginSuccess="welldone.asp"

MM_redirectLoginFailed="Login.asp"

MM_flag="ADODB.Recordset"

set MM_rsUser = Server.CreateObject(MM_flag)

MM_rsUser.ActiveConnection = MM_LoginTest_STRING

MM_rsUser.Source = "SELECT username, password"

If MM_fldUserAuthorization <> "" Then MM_rsUser.Source =
MM_rsUser.Source & "," & MM_fldUserAuthorization

MM_rsUser.Source = MM_rsUser.Source & " FROM Login WHERE username='" &
Replace(MM_valUsername,"'","''") &"' AND password='" &
Replace(Request.Form("password"),"'","''") & "'"

MM_rsUser.CursorType = 0

MM_rsUser.CursorLocation = 2

MM_rsUser.LockType = 3

MM_rsUser.Open

If Not MM_rsUser.EOF Or Not MM_rsUser.BOF Then

' username and password match - this is a valid user

Session("MM_Username") = MM_valUsername

If (MM_fldUserAuthorization <> "") Then

Session("MM_UserAuthorization") =
CStr(MM_rsUser.Fields.Item(MM_fldUserAuthorization ).Value)

Else

Session("MM_UserAuthorization") = ""

End If

if CStr(Request.QueryString("accessdenied")) <> "" And false Then

MM_redirectLoginSuccess = Request.QueryString("accessdenied")

End If

MM_rsUser.Close

Response.Redirect(MM_redirectLoginSuccess)

End If

MM_rsUser.Close

Response.Redirect(MM_redirectLoginFailed)

End If

%>





Restricted web page

<%

' *** Restrict Access To Page: Grant or deny access to this page

MM_authorizedUsers="Admin"

MM_authFailedURL="NoPermission.asp"

MM_grantAccess=false

If Session("MM_Username") <> "" Then

If (false Or CStr(Session("MM_UserAuthorization"))="") Or _

(InStr(1,MM_authorizedUsers,Session("MM_UserAuthor ization"))>=1)
Then

MM_grantAccess = true

End If

End If

If Not MM_grantAccess Then

MM_qsChar = "?"

If (InStr(1,MM_authFailedURL,"?") >= 1) Then MM_qsChar = "&"

MM_referrer = Request.ServerVariables("URL")

if (Len(Request.QueryString()) > 0) Then MM_referrer = MM_referrer & "?"
& Request.QueryString()

MM_authFailedURL = MM_authFailedURL & MM_qsChar & "accessdenied=" &
Server.URLEncode(MM_referrer)

Response.Redirect(MM_authFailedURL)

End If

%>


Jul 22 '05 #3
well, I wont lie to you.
I sell this and it would probably solve all your problems as it takes care
of everything for you.

www.aspprotect.com

You need to ask yourself if all this time you are spending on this is worth
the aggrevation or if it is better to just buy something that takes care of
it and has been time tested.

I don't think you are going to get the answers you are looking for in these
newgroups.

Take Care,
--
Christopher Williams

www.PowerASP.com
www.CJWSoft.com

"Paul" <de*******@blueyonder.co.uk> wrote in message
news:EI*****************@fe3.news.blueyonder.co.uk ...
Hi Christopher, at present my admin pages are visible by everybody. I'm
trying to prevent this whilst giving certain users more administrative
features. I'm assuming that I would still use access level if I
dynamically tailored the content? If so there lays my problem. For
something which should seem so simple I'm having a nightmare. I've use the
built in "log in" and "restrict access" features in Dreamweaver but they
don't seem to work. Is there any special preparation, session or
something? All I'm using for login, is a login database containing
username, password, accesslevel, fields, all spelt correctly.

I feel the sessions aren't getting passed from the login paged. Is there
any way of checking this?

' *** Restrict Access To Page: Grant or deny access to this page

MM_authorizedUsers="Admin"

MM_authFailedURL="NoPermission.asp"

MM_grantAccess=false

If Session("MM_Username") <> "" Then

If (false Or CStr(Session("MM_UserAuthorization"))="") Or _

(InStr(1,MM_authorizedUsers,Session("MM_UserAuthor ization"))>=1)
Then

MM_grantAccess = true

End If


"Christopher Williams" <ch***@fixCJWSoft.com> wrote in message
news:%2******************@tk2msftngp13.phx.gbl...
I say redirecting users around like that is a bad idea.
You should be dynamically tailoring the content based on who is logged
in, not redirecting people all over the place. It is only going to cause
issues and complicate things because even after the redirect you still
need to make sure the places you send them only allow the intended users.
Your basically doing a lot more work than you need to.

Christopher Williams
www.PowerASP.com
www.CJWSoft.com

"Paul" <de*******@blueyonder.co.uk> wrote in message
news:m0*******************@fe2.news.blueyonder.co. uk...
Hi all, at present I I've built a website which can be updated by admin
and users.

My problem, I've combined "log in" and "access levels" to restrict
access to certain pages, using the built in "log in" and "user
authentication, restrict access to page" features. But I find the after
login I constantly get redirected from the restricted pages.

I.e. admin get redirected even though they meet the security level.

Can anyone help?

Below are portion of the code to help

I'm Using Dreamweaver MX 7.01 an XP SP 2.

Login database

Username password security

Peter bongo Admin

Patrick peach client

"Log in" web page code

*** Validate request to log in to this site.

MM_LoginAction = Request.ServerVariables("URL")

If Request.QueryString<>"" Then MM_LoginAction = MM_LoginAction + "?" +
Server.HTMLEncode(Request.QueryString)

MM_valUsername=CStr(Request.Form("username"))

If MM_valUsername <> "" Then

MM_fldUserAuthorization="security"

MM_redirectLoginSuccess="welldone.asp"

MM_redirectLoginFailed="Login.asp"

MM_flag="ADODB.Recordset"

set MM_rsUser = Server.CreateObject(MM_flag)

MM_rsUser.ActiveConnection = MM_LoginTest_STRING

MM_rsUser.Source = "SELECT username, password"

If MM_fldUserAuthorization <> "" Then MM_rsUser.Source =
MM_rsUser.Source & "," & MM_fldUserAuthorization

MM_rsUser.Source = MM_rsUser.Source & " FROM Login WHERE username='" &
Replace(MM_valUsername,"'","''") &"' AND password='" &
Replace(Request.Form("password"),"'","''") & "'"

MM_rsUser.CursorType = 0

MM_rsUser.CursorLocation = 2

MM_rsUser.LockType = 3

MM_rsUser.Open

If Not MM_rsUser.EOF Or Not MM_rsUser.BOF Then

' username and password match - this is a valid user

Session("MM_Username") = MM_valUsername

If (MM_fldUserAuthorization <> "") Then

Session("MM_UserAuthorization") =
CStr(MM_rsUser.Fields.Item(MM_fldUserAuthorization ).Value)

Else

Session("MM_UserAuthorization") = ""

End If

if CStr(Request.QueryString("accessdenied")) <> "" And false Then

MM_redirectLoginSuccess = Request.QueryString("accessdenied")

End If

MM_rsUser.Close

Response.Redirect(MM_redirectLoginSuccess)

End If

MM_rsUser.Close

Response.Redirect(MM_redirectLoginFailed)

End If

%>





Restricted web page

<%

' *** Restrict Access To Page: Grant or deny access to this page

MM_authorizedUsers="Admin"

MM_authFailedURL="NoPermission.asp"

MM_grantAccess=false

If Session("MM_Username") <> "" Then

If (false Or CStr(Session("MM_UserAuthorization"))="") Or _

(InStr(1,MM_authorizedUsers,Session("MM_UserAuthor ization"))>=1)
Then

MM_grantAccess = true

End If

End If

If Not MM_grantAccess Then

MM_qsChar = "?"

If (InStr(1,MM_authFailedURL,"?") >= 1) Then MM_qsChar = "&"

MM_referrer = Request.ServerVariables("URL")

if (Len(Request.QueryString()) > 0) Then MM_referrer = MM_referrer &
"?" & Request.QueryString()

MM_authFailedURL = MM_authFailedURL & MM_qsChar & "accessdenied=" &
Server.URLEncode(MM_referrer)

Response.Redirect(MM_authFailedURL)

End If

%>



Jul 22 '05 #4

This discussion thread is closed

Start new discussion

Replies have been disabled for this discussion.

Similar topics
`restrict' qualifer
4 posts views Thread by Vijay Kumar R Zanvar | last post: by
restrict keyword from ISO C99?
7 posts views Thread by tweak | last post: by
Restrict Access by Application
5 posts views Thread by toddles666 | last post: by
restrict query
2 posts views Thread by pemo | last post: by
'restrict' in plain English?
12 posts views Thread by Me | last post: by
What does 'restrict' mean?
21 posts views Thread by Niu Xiao | last post: by
Trying to understand "restrict"
2 posts views Thread by Frederick Gotham | last post: by
what is restrict keyword used for
23 posts views Thread by raashid bhatt | last post: by
openGauss security policy
reply views Thread by leo001 | last post: by

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2023
About Bytes
Advertise
Terms Of Use
Privacy Policy
Contact Us
Sitemap

Follow us! Get the Latest Bytes Updates