I need to be able to password protect individual pages.
For instance:
/protected.aspx? id=123
/protected.aspx? id=555
Both would need to be only accessible to two different people (with their
own usr/pwd). What is the most appropriate way to handle this?
Typically, I'd use forms authentication and then protect an entire directory
within my app via the webconfig. In this case, though, I'm not protecting
specific aspx pages, but, rather, specific records in the DB retrieved on
this page.
I was thinking of having a person login, set a cookie with their their
usr/pwd in it, then on page load, check the cookie and match it to the
record I'm retrieving. If there's a match, show it, if not, redirect back to
the login page.
However, that would entail leaving a usr/pwd record in the cookie on their
machine. That seems like a security no-no.
I should mention that this is *not* a high security banking site or anything
of the sort. So, it doesn't have to be that secure...it's mainly being used
to avoid random browsing of some images. However, if I do it, I'd like to do
it 'right'. ;o)
-Darrel
1  1327 
Encrypt the username/password and store it in a cookie or even more simple:
store it in session
Shawn
"darrel" <no*****@nowher e.com> wrote in message
news:eL******** ********@TK2MSF TNGP02.phx.gbl. ..
I need to be able to password protect individual pages.
For instance:
/protected.aspx? id=123
/protected.aspx? id=555
Both would need to be only accessible to two different people (with their
own usr/pwd). What is the most appropriate way to handle this?
Typically, I'd use forms authentication and then protect an entire directory
within my app via the webconfig. In this case, though, I'm not protecting
specific aspx pages, but, rather, specific records in the DB retrieved on
this page.
I was thinking of having a person login, set a cookie with their their
usr/pwd in it, then on page load, check the cookie and match it to the
record I'm retrieving. If there's a match, show it, if not, redirect back to
the login page.
However, that would entail leaving a usr/pwd record in the cookie on their
machine. That seems like a security no-no.
I should mention that this is *not* a high security banking site or anything
of the sort. So, it doesn't have to be that secure...it's mainly being used
to avoid random browsing of some images. However, if I do it, I'd like to do
it 'right'. ;o)
-Darrel
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: nell |
last post by:
Hi all,
I've developed a testing application in python, and should supply it in
a way that no one (lets say they are regular users) will understand it
and edit it.
The application source is all python but we expose a UI written in C#
that go over all our code and expose to user functions (Indicated with
a special prefix).
So the problem on one hand is protecting the source and make it less
accessible ond on the other hand to make it...
|
by: Jonathan Henderson |
last post by:
Obfuscators aren't only used for protecting intellectual property.
See the hacker demo at this link:
http://www.preemptive.com/documentation/NetHackerDemo.html
For those who don't know what an obfuscator is, here's the link that
gives a brief explanation:
http://www.preemptive.com/obfuscator.html
|
by: wallacej |
last post by:
Hi
Is there a way to protect system files, eg .ini files but still allow
access to them from C++ code?
As an example I have a settings file called SIMS.INI. This file is
often accessed through C++ using FILE and fstream. I do not want a
user to be able to open/edit/delete etc. this file.
Thanks
|
by: netsurfer |
last post by:
hi..I'm working on a project that requires files to be password
protected on a UNIX based site. The people that own the web site want
to be able to change the password every so often. Unfortunately, I
have restricted access only to FTP so I really can't log in to any kind
of Administrative Console or Admin Panel and see if there are folders
that can be password protected and then have passwords changed on them.
The people I'm contracted...
|
by: Iain Napier |
last post by:
I'm in the middle of developing a website with a downloads section.
It's a wad of educational software for an LEA which for obvious reasons
needs password protecting. Users have to authenticate before being
allowed to search and getting a link to the download.
Don't want the users to get at the files without logging in first, so I
created a script (filedownload.php) that adds the filename to the URL
query string (e.g.,...
| | |
by: UJ |
last post by:
Folks,
We provide custom content for our customers. Currently we put the files on
our server and people have a program we provide that will download the
files. These files are usually SWF, HTML or JPG files. The problem as I see
it - if you know the name of the file, you could download it off the server
(currently we are using an HTTP/Get but I'm going to be using WebClient in
the new version.)
If there any way to password protect the...
|
by: flit |
last post by:
Hello All,
I have a hard question, every time I look for this answer its get out
from the technical domain and goes on in the moral/social domain.
First, I live in third world with bad gov., bad education, bad police
and a lot of taxes and bills to pay, and yes I live in a democratic
"state" (corrupt, but democratic).
So please, don't try to convince me about the social / economical /
open source / give to all / be open / all people are...
|
by: Porkie999 |
last post by:
-----------------------------------------------------------------------QUESTION
hi i am really stuck with this and its only a small problem.
i want to be able to type .........
dsfsjfjsjjfs in User Box
fjdjskfjds in password box
www.thescripts.com in website box
then i want to have a button which says "save" which then saves the 3 above pieces of text into a notepad file.
So like I said I want to be able to type a login, password and...
|
by: =?Utf-8?B?S2xhdXMgSmVuc2Vu?= |
last post by:
Hi
I have in the past had succes with protecting pdf-files from download by
unauthenticated users by adding an application extension in IIS and mapping
pdf.files to be served by the aspnet-process.
I am currently faced with the same challenge - just for swf-files (shockwave
flash). I need only authenticated users to be able to access them.
However - when I make aspnet_isapi.dll handle swf-files, they are not shown
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
| | |
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| | |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
