I am trying to limit access to certain pages on our intranet, and have been
using the following code to do so,
dim Login, L, LL, StringLen, NTUser
Set Login = Request.ServerVariables("LOGON_USER")
L=Len(Login)
LL=InStr(Login, "\")
StringLen=L-LL
NTUser = (Right(Login, StringLen))
If NTUser <"DLaing" Then
If NTUser <"DLowe" Then
If NTUser <"DWoods" Then
Response.Redirect("http://swvtc06/swvtc/default.asp")
End If
End If
End If
The problem is that if I want to add more users to have access to the page,
then I have to add another IF and END IF line. I would like to implement
some way to do this using an array. For instance put the usernames into the
array and then if it matches then allow access, if not then redirect. I
know this is not a bulletproof way to do this, and there are more robust
methods, but this works very well for our user base and our needs. I am
having a really bad case of brain block, and cannot, for the life of me,
figure this out.
Thanks,
Drew
10  2454 
"Drew" <dr********@swvtc.dmhmrsas.virginia.govwrote in message
news:OZ**************@TK2MSFTNGP05.phx.gbl...
I am trying to limit access to certain pages on our intranet, and have
been
using the following code to do so,
dim Login, L, LL, StringLen, NTUser
Set Login = Request.ServerVariables("LOGON_USER")
L=Len(Login)
LL=InStr(Login, "\")
StringLen=L-LL
NTUser = (Right(Login, StringLen))
If NTUser <"DLaing" Then
If NTUser <"DLowe" Then
If NTUser <"DWoods" Then
Response.Redirect("http://swvtc06/swvtc/default.asp")
End If
End If
End If
The problem is that if I want to add more users to have access to the
page,
then I have to add another IF and END IF line. I would like to implement
some way to do this using an array. For instance put the usernames into
the
array and then if it matches then allow access, if not then redirect. I
know this is not a bulletproof way to do this, and there are more robust
methods, but this works very well for our user base and our needs. I am
having a really bad case of brain block, and cannot, for the life of me,
figure this out.
First lets deal with that user name thing:-
Function GetUser()
sLogon = Request.ServerVariables("LOGON_USER")
GetUser = Mid(sLogon, InStr(sLogon, "\"))
End Function
Note no Set when getting LOGON_USER and Mid third parameter is optional
which when missing means 'to the end of the string'.
Const gcsAllowedUser = "DLang; DLowe; DWood;"
If Instr(gcsAllowedUsers, GetUser() & ";") = 0 Then
Response.Redirect("http://swvtc06/swvtc/default.asp")
End If
If you want to restrict a set of pages then put the above code in an ASP
page of its own, say priviledged.asp in the root of your web then in each
page you want to protect:-
<!-- #include virtual="/priviledged.asp" -->
--
Anthony Jones - MVP ASP/ASP.NET
"Anthony Jones" <An*@yadayadayada.comwrote in message
news:uV*************@TK2MSFTNGP06.phx.gbl...
"Drew" <dr********@swvtc.dmhmrsas.virginia.govwrote in message
news:OZ**************@TK2MSFTNGP05.phx.gbl...
>I am trying to limit access to certain pages on our intranet, and have
been
>using the following code to do so,
dim Login, L, LL, StringLen, NTUser
Set Login = Request.ServerVariables("LOGON_USER")
L=Len(Login)
LL=InStr(Login, "\")
StringLen=L-LL
NTUser = (Right(Login, StringLen))
If NTUser <"DLaing" Then
If NTUser <"DLowe" Then
If NTUser <"DWoods" Then
Response.Redirect("http://swvtc06/swvtc/default.asp")
End If
End If
End If
The problem is that if I want to add more users to have access to the
page,
>then I have to add another IF and END IF line. I would like to implement
some way to do this using an array. For instance put the usernames into
the
>array and then if it matches then allow access, if not then redirect. I
know this is not a bulletproof way to do this, and there are more robust
methods, but this works very well for our user base and our needs. I am
having a really bad case of brain block, and cannot, for the life of me,
figure this out.
First lets deal with that user name thing:-
Function GetUser()
sLogon = Request.ServerVariables("LOGON_USER")
GetUser = Mid(sLogon, InStr(sLogon, "\"))
End Function
Note no Set when getting LOGON_USER and Mid third parameter is optional
which when missing means 'to the end of the string'.
Const gcsAllowedUser = "DLang; DLowe; DWood;"
If Instr(gcsAllowedUsers, GetUser() & ";") = 0 Then
Response.Redirect("http://swvtc06/swvtc/default.asp")
End If
If you want to restrict a set of pages then put the above code in an ASP
page of its own, say priviledged.asp in the root of your web then in each
page you want to protect:-
<!-- #include virtual="/priviledged.asp" -->
--
Anthony Jones - MVP ASP/ASP.NET
Thanks Anthony, that looks to work great... I don't use this on all pages,
just a few and this will work great!
Thanks,
Drew
I would store usernames in a database instead of an array in an ASP page
that you would have to maintain.
Jeff
"Drew" <dr********@swvtc.dmhmrsas.virginia.govwrote in message
news:OZ**************@TK2MSFTNGP05.phx.gbl...
>I am trying to limit access to certain pages on our intranet, and have been
using the following code to do so,
dim Login, L, LL, StringLen, NTUser
Set Login = Request.ServerVariables("LOGON_USER")
L=Len(Login)
LL=InStr(Login, "\")
StringLen=L-LL
NTUser = (Right(Login, StringLen))
If NTUser <"DLaing" Then
If NTUser <"DLowe" Then
If NTUser <"DWoods" Then
Response.Redirect("http://swvtc06/swvtc/default.asp")
End If
End If
End If
The problem is that if I want to add more users to have access to the
page, then I have to add another IF and END IF line. I would like to
implement some way to do this using an array. For instance put the
usernames into the array and then if it matches then allow access, if not
then redirect. I know this is not a bulletproof way to do this, and there
are more robust methods, but this works very well for our user base and
our needs. I am having a really bad case of brain block, and cannot, for
the life of me, figure this out.
Thanks,
Drew
"Jeff Dillon" <je********@hotmailremove.comwrote in message
news:ui**************@TK2MSFTNGP04.phx.gbl...
You could just use NT permissions too, at the IIS or File System level.
Create a local group on the server, and add the appropriate users to it.
Jeff
Very true, but as I said in an earlier message, setting permissions is
easier said than done... the hoops they make me jump through are terrible!
Drew
"Tim Slattery" <Sl********@bls.govwrote in message
news:ti********************************@4ax.com...
"Anthony Jones" <An*@yadayadayada.comwrote:
Where would you suggest the dictionary be stored??
Application object
The application object will not accept Single threaded objects such as the
dictionary object.
--
Anthony Jones - MVP ASP/ASP.NET
Anthony wrote on Wed, 19 Mar 2008 16:41:11 -0000:
"Drew" <dr********@swvtc.dmhmrsas.virginia.govwrote in message
news:OZ**************@TK2MSFTNGP05.phx.gbl...
>I am trying to limit access to certain pages on our intranet, and
have
been
>using the following code to do so,
>dim Login, L, LL, StringLen, NTUser
Set Login = Request.ServerVariables("LOGON_USER")
L=Len(Login)
LL=InStr(Login, "\")
StringLen=L-LL
NTUser = (Right(Login, StringLen))
>If NTUser <"DLaing" Then
If NTUser <"DLowe" Then
If NTUser <"DWoods" Then
Response.Redirect("http://swvtc06/swvtc/default.asp")
End If
End If
End If
>The problem is that if I want to add more users to have access to the
page,
>then I have to add another IF and END IF line. I would like to
implement some way to do this using an array. For instance put the
usernames into
the
>array and then if it matches then allow access, if not then redirect.
I know this is not a bulletproof way to do this, and there are more
robust methods, but this works very well for our user base and our
needs. I am having a really bad case of brain block, and cannot, for
the life of me, figure this out.
First lets deal with that user name thing:-
Function GetUser()
sLogon = Request.ServerVariables("LOGON_USER")
GetUser = Mid(sLogon, InStr(sLogon, "\"))
End Function
Note no Set when getting LOGON_USER and Mid third parameter is optional
which when missing means 'to the end of the string'.
Const gcsAllowedUser = "DLang; DLowe; DWood;"
If Instr(gcsAllowedUsers, GetUser() & ";") = 0 Then
Response.Redirect("http://swvtc06/swvtc/default.asp")
End If
If you want to restrict a set of pages then put the above code in an ASP
page of its own, say priviledged.asp in the root of your web then in each
page you want to protect:-
If a username that is a substring of an allowed name, for example Lowe or
Wood, is added to the system, they'll be allowed access too without being
added to the gcsAllowedUser list ...
While it should work for a simple setup, I just wanted to point out a
possible pitfall of using this method on a wider scale.
--
Dan
Daniel Crichton wrote:
>
>Const gcsAllowedUser = "DLang; DLowe; DWood;"
>If Instr(gcsAllowedUsers, GetUser() & ";") = 0 Then
Response.Redirect("http://swvtc06/swvtc/default.asp")
End If
>If you want to restrict a set of pages then put the above code in an
ASP page of its own, say priviledged.asp in the root of your web
then in each page you want to protect:-
If a username that is a substring of an allowed name, for example
Lowe or Wood, is added to the system, they'll be allowed access too
without being added to the gcsAllowedUser list ...
This modification should remove that problem:
Const gcsAllowedUser = ";DLang;DLowe;DWood;"
If Instr(gcsAllowedUsers, ";" & GetUser() & ";") = 0 Then
Of course, if your network is allowing duplicate user ids, then you have
another problem.
If users from multiple domain names are possible (thus raising the
likelihood of duplicate user ids), then you need to stop removing the
domain from logon_user and include the domains in gcsAllowedUser:
Const gcsAllowedUser = ";dc1\DLang;dc1\DLowe;dc2\DLowe;"
--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.
So you don't have console access to the server?
Jeff
"Drew" <dr********@swvtc.dmhmrsas.virginia.govwrote in message
news:%2****************@TK2MSFTNGP02.phx.gbl...
"Jeff Dillon" <je********@hotmailremove.comwrote in message
news:ui**************@TK2MSFTNGP04.phx.gbl...
>You could just use NT permissions too, at the IIS or File System level.
Create a local group on the server, and add the appropriate users to it.
Jeff
Very true, but as I said in an earlier message, setting permissions is
easier said than done... the hoops they make me jump through are terrible!
Drew
--
Anthony Jones - MVP ASP/ASP.NET
"Daniel Crichton" <ms****@worldofspack.comwrote in message
news:%2****************@TK2MSFTNGP02.phx.gbl...
Anthony wrote on Wed, 19 Mar 2008 16:41:11 -0000:
"Drew" <dr********@swvtc.dmhmrsas.virginia.govwrote in message
news:OZ**************@TK2MSFTNGP05.phx.gbl...
>I am trying to limit access to certain pages on our intranet, and
>have
been
>using the following code to do so,
>dim Login, L, LL, StringLen, NTUser
>Set Login = Request.ServerVariables("LOGON_USER")
>L=Len(Login)
>LL=InStr(Login, "\")
>StringLen=L-LL
>NTUser = (Right(Login, StringLen))
>If NTUser <"DLaing" Then
> If NTUser <"DLowe" Then
> If NTUser <"DWoods" Then
> Response.Redirect("http://swvtc06/swvtc/default.asp")
> End If
> End If
>End If
>The problem is that if I want to add more users to have access to the
page,
>then I have to add another IF and END IF line. I would like to
>implement some way to do this using an array. For instance put the
>usernames into
the
>array and then if it matches then allow access, if not then redirect.
>I know this is not a bulletproof way to do this, and there are more
>robust methods, but this works very well for our user base and our
>needs. I am having a really bad case of brain block, and cannot, for
>the life of me, figure this out.
First lets deal with that user name thing:-
Function GetUser()
sLogon = Request.ServerVariables("LOGON_USER")
GetUser = Mid(sLogon, InStr(sLogon, "\"))
End Function
Note no Set when getting LOGON_USER and Mid third parameter is optional
which when missing means 'to the end of the string'.
Const gcsAllowedUser = "DLang; DLowe; DWood;"
If Instr(gcsAllowedUsers, GetUser() & ";") = 0 Then
Response.Redirect("http://swvtc06/swvtc/default.asp")
End If
If you want to restrict a set of pages then put the above code in an ASP
page of its own, say priviledged.asp in the root of your web then in
each
page you want to protect:-
If a username that is a substring of an allowed name, for example Lowe or
Wood, is added to the system, they'll be allowed access too without being
added to the gcsAllowedUser list ...
While it should work for a simple setup, I just wanted to point out a
possible pitfall of using this method on a wider scale.
Dan, nice catch. Although I wouldn't recommend this sort of thing for a
wider scale anyway. A DB and some form of role based security would be a
better general solution.
--
Anthony Jones - MVP ASP/ASP.NET This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Danny |
last post by:
HI
I am trying to do this:
array4 = split(astring,chr(9))
and it seems the array4 cannot be larger than 256
how can I get around this?
I am trying to read in a file and parse it line by...
|
by: Hannu |
last post by:
Hi.
In the ldb file you can see the users of the mdb-file. If you open the
mdb-file your machine and username will be written in the lbd- file.
Allthough you close the mdb-file your name won't...
|
by: Eigenvector |
last post by:
I've been dinking around with this code for a while now and I can't seem to
figure out where the problem lies. The original problem was that I for some
reason or another couldn't allocate few...
|
by: MrBiggles |
last post by:
Here's the sitch:
I read in a csv file with 60000 lines (20 fields per record), and store
the data to a local array. The file is read in and stored just fine and
pretty quick.
Now, if I try to...
|
by: xhunga |
last post by:
I have try a new version of my work.
I have put the sizes of the matrix into the matrix.
A = number of rows
A = number of columns
The first element of the matrix is A
instead of A.
You...
| | |
by: josh.23.french |
last post by:
Here's the code i have:
$db = array(); //main array
$db = array(); //table `main`
$db = array('id'=>0,
'username'=>'joshfrench','userpass'=>'password','userlevel'=>'admin');
//row
$db =...
|
by: Kavya |
last post by:
int main (){
int a={{1,2,3},{4,5,6}};
int (*ptr)=a;
/* This should be fine and give 3 as output*/
printf("%d\n",(*ptr));
++ptr;
|
by: assgar |
last post by:
Hi
I need help solving a porblem.
I have a form that displays a checkbox, service code, description
and dropdown with fees on each row.
The fee_money and unit array only returns a...
|
by: pereges |
last post by:
Hi, can some one please tell me why this program is not able to
function properly. I have a array a and i am trying to create a
pointer array b which points to elements less than 40 in a.
...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
| | |
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The...
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated ...
| | |
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
