469,903 Members | 2,193 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,903 developers. It's quick & easy.

username and password ....

Hiya
I have to develop a web application for my company in
which I need to have a facility for username and password
for the employees to do certain tasks. How can this be
implemented in ASP. I am thinking of having usernames and
passwards (encrypted) in database and when a person tries
to log in, the script will compare those stored in databse
to the values entered by user. But after the user has
logged in, how can I make sure that the user is always
logged in as user move from one page to another. Also how
I make sure that the user is logged out properly.
Basically my main concern is that no unauthorized user can
access any part of that web app.
Any ideas will be highly appreciated.
Thanks,
Matt.

Jul 19 '05 #1
3 2582
"Matt" <ma**@discussions.microsoft.com> wrote in message
news:04****************************@phx.gbl...
Hiya
I have to develop a web application for my company in
which I need to have a facility for username and password
for the employees to do certain tasks. How can this be
implemented in ASP. I am thinking of having usernames and
passwards (encrypted) in database and when a person tries
to log in, the script will compare those stored in databse
to the values entered by user. But after the user has
logged in, how can I make sure that the user is always
logged in as user move from one page to another. Also how
I make sure that the user is logged out properly.
Basically my main concern is that no unauthorized user can
access any part of that web app.
Any ideas will be highly appreciated.


http://www.aspfaq.com/show.asp?id=2114

Regards,
Peter Foti
Jul 19 '05 #2
Hi Matt,

There are a number of things you can do here. For the login, is it
necessary to give your applications its own user account system? Nothing
frightens users more than yet another username and password to remember. If
you have a domain, I suggest using Windows authentication and managing your
users by their usernames, or better yet, by their SIDs.

As far as keeping unauthorized people out, if you use Windows
authentication, you don't have to worry about people logging in and out and
having sessions. Instead, you have to develop a system by which you can
manage users permissions or access. If your app is as simple as users have
all access or no access, then it's a matter of having a DB with a list of
user accounts that are authorized to the application. Or you can go a
totally different route and have domain group membership determine which
users are authorized to your application. Using group memberships will make
things much simpler to manage, imo.

JoeUser: "Can I have access to this application?"
You: "Yes, one moment."
net group MyApplicationGroup JoeUser /add /domain
You: "Okay, go ahead. You have access now."
And then within your application, create an include file that is in all your
protected pages with a test like so:

<%

If Not IsAuthorized Then Response.Redirect "/notauthorized.asp"
Function IsAuthorized()
Const GROUP_NAME = "YOURDOMAIN/MyApplicationGroup"
Dim sAuthUser
Dim oGroup, oUser

IsAuthorized = False

sAuthUser = Request.ServerVariables("AUTH_USER")
If Len(sAuthUser) > 0 Then
sAuthUser = Replace(sAuthUser, "/", "\")
Set oGroup = GetObject("WinNT://" & GROUP_NAME & ",group")
Set oUser = GetObject("WinNT://" & sAuthUser & ",user")
IsAuthorized = oGroup.IsMember(oUser.ADsPath)
Set oGroup = Nothing
Set oUser = Nothing
End If
End Function

%>
If you put that in an include and include it in all your pages, it will
protect them (assuming I didn't screw up the code). In order for the
AUTH_USER variable to be populated, you have to turn off anonymous access
for your application within IIS. http://www.iisfaq.com/?View=A26 If I
babbled, it's because I thought as I typed.

Ray at work

"Matt" <ma**@discussions.microsoft.com> wrote in message
news:04****************************@phx.gbl...
Hiya
I have to develop a web application for my company in
which I need to have a facility for username and password
for the employees to do certain tasks. How can this be
implemented in ASP. I am thinking of having usernames and
passwards (encrypted) in database and when a person tries
to log in, the script will compare those stored in databse
to the values entered by user. But after the user has
logged in, how can I make sure that the user is always
logged in as user move from one page to another. Also how
I make sure that the user is logged out properly.
Basically my main concern is that no unauthorized user can
access any part of that web app.
Any ideas will be highly appreciated.
Thanks,
Matt.

Jul 19 '05 #3
mat thereis virtually no way of keeping people out of your application if they
really want in it. looks like a training issue to me

Jul 19 '05 #4

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

11 posts views Thread by Kevin O'Brien | last post: by
reply views Thread by Salome Sato | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.