473,390 Members | 1,142 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,390 software developers and data experts.

username and password ....

Hiya
I have to develop a web application for my company in
which I need to have a facility for username and password
for the employees to do certain tasks. How can this be
implemented in ASP. I am thinking of having usernames and
passwards (encrypted) in database and when a person tries
to log in, the script will compare those stored in databse
to the values entered by user. But after the user has
logged in, how can I make sure that the user is always
logged in as user move from one page to another. Also how
I make sure that the user is logged out properly.
Basically my main concern is that no unauthorized user can
access any part of that web app.
Any ideas will be highly appreciated.
Thanks,
Matt.

Jul 19 '05 #1
3 2748
"Matt" <ma**@discussions.microsoft.com> wrote in message
news:04****************************@phx.gbl...
Hiya
I have to develop a web application for my company in
which I need to have a facility for username and password
for the employees to do certain tasks. How can this be
implemented in ASP. I am thinking of having usernames and
passwards (encrypted) in database and when a person tries
to log in, the script will compare those stored in databse
to the values entered by user. But after the user has
logged in, how can I make sure that the user is always
logged in as user move from one page to another. Also how
I make sure that the user is logged out properly.
Basically my main concern is that no unauthorized user can
access any part of that web app.
Any ideas will be highly appreciated.


http://www.aspfaq.com/show.asp?id=2114

Regards,
Peter Foti
Jul 19 '05 #2
Hi Matt,

There are a number of things you can do here. For the login, is it
necessary to give your applications its own user account system? Nothing
frightens users more than yet another username and password to remember. If
you have a domain, I suggest using Windows authentication and managing your
users by their usernames, or better yet, by their SIDs.

As far as keeping unauthorized people out, if you use Windows
authentication, you don't have to worry about people logging in and out and
having sessions. Instead, you have to develop a system by which you can
manage users permissions or access. If your app is as simple as users have
all access or no access, then it's a matter of having a DB with a list of
user accounts that are authorized to the application. Or you can go a
totally different route and have domain group membership determine which
users are authorized to your application. Using group memberships will make
things much simpler to manage, imo.

JoeUser: "Can I have access to this application?"
You: "Yes, one moment."
net group MyApplicationGroup JoeUser /add /domain
You: "Okay, go ahead. You have access now."
And then within your application, create an include file that is in all your
protected pages with a test like so:

<%

If Not IsAuthorized Then Response.Redirect "/notauthorized.asp"
Function IsAuthorized()
Const GROUP_NAME = "YOURDOMAIN/MyApplicationGroup"
Dim sAuthUser
Dim oGroup, oUser

IsAuthorized = False

sAuthUser = Request.ServerVariables("AUTH_USER")
If Len(sAuthUser) > 0 Then
sAuthUser = Replace(sAuthUser, "/", "\")
Set oGroup = GetObject("WinNT://" & GROUP_NAME & ",group")
Set oUser = GetObject("WinNT://" & sAuthUser & ",user")
IsAuthorized = oGroup.IsMember(oUser.ADsPath)
Set oGroup = Nothing
Set oUser = Nothing
End If
End Function

%>
If you put that in an include and include it in all your pages, it will
protect them (assuming I didn't screw up the code). In order for the
AUTH_USER variable to be populated, you have to turn off anonymous access
for your application within IIS. http://www.iisfaq.com/?View=A26 If I
babbled, it's because I thought as I typed.

Ray at work

"Matt" <ma**@discussions.microsoft.com> wrote in message
news:04****************************@phx.gbl...
Hiya
I have to develop a web application for my company in
which I need to have a facility for username and password
for the employees to do certain tasks. How can this be
implemented in ASP. I am thinking of having usernames and
passwards (encrypted) in database and when a person tries
to log in, the script will compare those stored in databse
to the values entered by user. But after the user has
logged in, how can I make sure that the user is always
logged in as user move from one page to another. Also how
I make sure that the user is logged out properly.
Basically my main concern is that no unauthorized user can
access any part of that web app.
Any ideas will be highly appreciated.
Thanks,
Matt.

Jul 19 '05 #3
mat thereis virtually no way of keeping people out of your application if they
really want in it. looks like a training issue to me

Jul 19 '05 #4

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

7
by: Candice | last post by:
Please somebody help! I've deleted my admin username and password which was initially set at test. Now I can't log into my website as the administrator. How do I put Username and Password back so...
1
by: thoducng | last post by:
I am writing some code to access share folder on a remote network. DirectoryInfo dicInfo = new DirectoryInfo("remoteNetwork\shareFolder"); if (dicInfo.Exists) { //application code...
11
by: Kevin O'Brien | last post by:
Hello, I am creating a sign on screen for my application in which I want to store the username and password in a database table. I was thinking of putting a combo box connected to the database...
5
by: libra786 | last post by:
I have created a blog and have added a login box which prompts the user for login and id before posting- The username and password have been stored in the database, however when i enter the username...
0
by: roamnet | last post by:
hi i created database file with .mdf extention ,sql server as a source and use grid view to display data there're no problem in data retrieve and display,but i want to edit it or insert new...
0
by: taylorcarr | last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
0
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
0
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
0
BarryA
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
1
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
0
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
0
marktang
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
0
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
0
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.