I want to protect my website with a user and password. I have SQL Server
2000 where I want to store the users and passwords and the website is
complete. I just need to add in some security with password protection.
Can anyone help me out? 5 2999
CREATE TABLE User
(
UserID int IDENTITY PRIMARY KEY,
UserName varchar(50) NOT NULL,
UserPwd varchar(15) NOT NULL
)
You can then query this table from your page and use the
FormsAuthentica tion.RedirectFr omLoginPage(use rName, persistCookie) to
redirect them back to the default page.
It is better if you set encryption, but accessing the table to check for a
user is rather simple. For performance you can do the query like:
CREATE PROCEDURE [dbo].[CheckUser]
(
@UserName varchar(50)
, @UserPwd varchar(15)
)
AS
SELECT UserName FROM User
WHERE UserName = @UserName
AND UserPwd = @UserPwd
You can then use ExecuteScalar like so:
string userName = cmd.ExecuteScal ar();
This will reduce the amount of info pulled.
--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA
*************** *************** *************** *************** **********
Think Outside the Box!
*************** *************** *************** *************** **********
"Brent Burkart" <Br***********@ wvmb.com> wrote in message
news:eh******** ******@TK2MSFTN GP09.phx.gbl... I want to protect my website with a user and password. I have SQL Server 2000 where I want to store the users and passwords and the website is complete. I just need to add in some security with password protection.
Can anyone help me out?
Brent,
You should consider storing passwords encrypted:
-- store them in a table (e.g. tblUser) with pwdencrypt
Update tblUser
Set Password = cast(pwdencrypt (@Passwort) as varbinary(256)) ,
ModifyDate = GetDate()
Where UserID = @UserID
-- read the password when you want to validate a user
Declare @password1 varbinary(256)
Select @password1 = Cast(password As varbinary(256)) ,
From tblUser
Where UserID = @UserID
-- and compare the password from your table with the one the user provided
if (isNull(pwdcomp are(@Password,@ Password1,0),0) <> 1)
print 'password is correct'
Hope this helps
Best regards
Daniel Walzenbach
P.S. If you need to contact me simply remove ".NOSPAM" from my email address.
"Cowboy (Gregory A. Beamer)" <No************ @comcast.netNoS pamM> schrieb im Newsbeitrag news:#j******** ******@TK2MSFTN GP11.phx.gbl... CREATE TABLE User ( UserID int IDENTITY PRIMARY KEY, UserName varchar(50) NOT NULL, UserPwd varchar(15) NOT NULL ) You can then query this table from your page and use the FormsAuthentica tion.RedirectFr omLoginPage(use rName, persistCookie) to redirect them back to the default page. It is better if you set encryption, but accessing the table to check for a user is rather simple. For performance you can do the query like: CREATE PROCEDURE [dbo].[CheckUser] ( @UserName varchar(50) , @UserPwd varchar(15) ) AS SELECT UserName FROM User WHERE UserName = @UserName AND UserPwd = @UserPwd You can then use ExecuteScalar like so: string userName = cmd.ExecuteScal ar(); This will reduce the amount of info pulled. -- Gregory A. Beamer MVP; MCP: +I, SE, SD, DBA *************** *************** *************** *************** ********** Think Outside the Box! *************** *************** *************** *************** ********** "Brent Burkart" <Br***********@ wvmb.com> wrote in message news:eh******** ******@TK2MSFTN GP09.phx.gbl... I want to protect my website with a user and password. I have SQL Server 2000 where I want to store the users and passwords and the website is complete. I just need to add in some security with password protection.
Can anyone help me out?
This looks like it will work fine, however, I only want certain people to
have different access to pages within the website. I really don't need to
password protect the first part but I need to password protect the second
part. Is this a possibility or will I need to seperate them into two
different websites?
Thanks,
Brent
"Cowboy (Gregory A. Beamer)" <No************ @comcast.netNoS pamM> wrote in
message news:%2******** ********@TK2MSF TNGP11.phx.gbl. .. CREATE TABLE User ( UserID int IDENTITY PRIMARY KEY, UserName varchar(50) NOT NULL, UserPwd varchar(15) NOT NULL )
You can then query this table from your page and use the FormsAuthentica tion.RedirectFr omLoginPage(use rName, persistCookie) to redirect them back to the default page.
It is better if you set encryption, but accessing the table to check for a user is rather simple. For performance you can do the query like:
CREATE PROCEDURE [dbo].[CheckUser] ( @UserName varchar(50) , @UserPwd varchar(15) ) AS
SELECT UserName FROM User WHERE UserName = @UserName AND UserPwd = @UserPwd
You can then use ExecuteScalar like so:
string userName = cmd.ExecuteScal ar();
This will reduce the amount of info pulled.
-- Gregory A. Beamer MVP; MCP: +I, SE, SD, DBA
*************** *************** *************** *************** ********** Think Outside the Box! *************** *************** *************** *************** ********** "Brent Burkart" <Br***********@ wvmb.com> wrote in message news:eh******** ******@TK2MSFTN GP09.phx.gbl... I want to protect my website with a user and password. I have SQL
Server 2000 where I want to store the users and passwords and the website is complete. I just need to add in some security with password protection.
Can anyone help me out?
"Brent Burkart" <Br***********@ wvmb.com> wrote in message
news:%2******** ********@TK2MSF TNGP09.phx.gbl. .. This looks like it will work fine, however, I only want certain people to have different access to pages within the website. I really don't need to password protect the first part but I need to password protect the second part. Is this a possibility or will I need to seperate them into two different websites?
Have you looked into Forms Authentication?
Also, you can protect different parts of the web site so that only
particular people can access them. Look up the <authentication > and
<authorizatio n> elements in web.config.
--
John Saunders
Internet Engineer jo***********@s urfcontrol.com
This is a half-way solution as the passwords are still sent to the SQL
server unencrypted. It's a lot better solution to create a hash of the
password in the Asp.Net page validating the user (which will always be 16
bytes for MD5 and 20 bytes for SHA1) and compare the hashed values.
Jerry
"Daniel Walzenbach" <da************ **********@freu denberg.de> wrote in
message news:e7******** *****@TK2MSFTNG P11.phx.gbl...
Brent,
You should consider storing passwords encrypted:
-- store them in a table (e.g. tblUser) with pwdencrypt
Update tblUser
Set Password = cast(pwdencrypt (@Passwort) as varbinary(256)) ,
ModifyDate = GetDate()
Where UserID = @UserID
-- read the password when you want to validate a user
Declare @password1 varbinary(256)
Select @password1 = Cast(password As varbinary(256)) ,
From tblUser
Where UserID = @UserID
-- and compare the password from your table with the one the user provided
if (isNull(pwdcomp are(@Password,@ Password1,0),0) <> 1)
print 'password is correct'
Hope this helps
Best regards
Daniel Walzenbach
P.S. If you need to contact me simply remove ".NOSPAM" from my email
address.
"Cowboy (Gregory A. Beamer)" <No************ @comcast.netNoS pamM> schrieb im
Newsbeitrag news:#j******** ******@TK2MSFTN GP11.phx.gbl... CREATE TABLE User ( UserID int IDENTITY PRIMARY KEY, UserName varchar(50) NOT NULL, UserPwd varchar(15) NOT NULL )
You can then query this table from your page and use the FormsAuthentica tion.RedirectFr omLoginPage(use rName, persistCookie) to redirect them back to the default page.
It is better if you set encryption, but accessing the table to check for a user is rather simple. For performance you can do the query like:
CREATE PROCEDURE [dbo].[CheckUser] ( @UserName varchar(50) , @UserPwd varchar(15) ) AS
SELECT UserName FROM User WHERE UserName = @UserName AND UserPwd = @UserPwd
You can then use ExecuteScalar like so:
string userName = cmd.ExecuteScal ar();
This will reduce the amount of info pulled.
-- Gregory A. Beamer MVP; MCP: +I, SE, SD, DBA
*************** *************** *************** *************** ********** Think Outside the Box! *************** *************** *************** *************** ********** "Brent Burkart" <Br***********@ wvmb.com> wrote in message news:eh******** ******@TK2MSFTN GP09.phx.gbl... I want to protect my website with a user and password. I have SQL
Server 2000 where I want to store the users and passwords and the website is complete. I just need to add in some security with password protection.
Can anyone help me out?
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: Wm |
last post by:
Something just occurred to me... <yeah, I know, it scared me too> I just
password-protected a website by including a password authentication script
in each page of a private section. The script checks the login against the
mySQL database. This type of protection will only affect the .php pages,
won't it? The images that are contained in the pages are not protected, as
they would be if I had a .htaccess file on the parent directory..? This...
|
by: Narlen |
last post by:
Hi there,
I don't know much about web design but I proudly managed to password protect
a page on my site. Later I realized that everyone looking at the source in
any web browser can see the password. Is there a way to improve this code so
that instead of the password people viewing the page source would only see
bullets instead of the characters of the password (or hide it alltogether?)
Thank you for your help.
|
by: Guadala Harry |
last post by:
What are my options for *securely* storing/retrieving the ID and password
used by an ASP.NET application for accessing a SQL Server (using SQL Server
authentication)? Please note that this ID and password would be different
than the one the user enters for ASP.NET forms authentication. The
ID/password in question is used by the application, itself, for accessing
the SQL Server.
Thanks in advance.
|
by: Garry Jones |
last post by:
I need to create a page with a password where I show photos. How do I stop
people from accessing the jpgs directly without going through the password
function.
I am using Windows XP and have a website which supports Mysql and php.
The end result should be a page where the user can type in a password and
access a few pages of thumbnails which can be clicked for enlargements.
Garry Jones
|
by: solomon_13000 |
last post by:
I am using ms access database and asp 3.0 as my front end. In my
database there is a table called account and a field called password.
How do I protect the password stored in the database.
| |
by: nick |
last post by:
I need to create a simple asp.net application that use password protect some
html pages. The html page provider doesn't know asp.net. And the host doesn't
allow me to create user accounts.
What's the best way to store users/password except database tables? and to
store html files?
|
by: laredotornado |
last post by:
Hello,
I'm using PHP 4.4.4 with MySQL 5.0. I have a USERS table wher I store
a username and password for each user. I have a directory (containing
both HTML and PHP files) that I would like only logged in users to
access. What is the simplest scheme for password protecting thsi
directory? I would prefer not to touch every page and add access
control logic, but if that's the easiest way, so be it.
Your thoughts are greatly...
|
by: teejayem |
last post by:
Hi,
I am new to programming with databases and was wanting some help.
Is there any way to password protect an access database and access
sent sql commands to it via vb.net code?
Any help would be much appreciated.
Thanks in advanced.
|
by: rgsw |
last post by:
Hi -
I would like user to open Access database and have a choice to either enter a password or click on a button that opens the database in 'read only'. I know this is possible with Excel, but I can't seem to figure out how to do this in Access.
Thanks!
Side Bar: In the past I was able to go to search in this website and it would list info pertaining to my search - I notice it's difficult to do that now. Example - before I would have...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
| |
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |