By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
425,534 Members | 1,811 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 425,534 IT Pros & Developers. It's quick & easy.

PWD protecting individual files.

P: n/a
I need to be able to password protect individual pages.

For instance:

/protected.aspx?id=123
/protected.aspx?id=555

Both would need to be only accessible to two different people (with their
own usr/pwd). What is the most appropriate way to handle this?

Typically, I'd use forms authentication and then protect an entire directory
within my app via the webconfig. In this case, though, I'm not protecting
specific aspx pages, but, rather, specific records in the DB retrieved on
this page.

I was thinking of having a person login, set a cookie with their their
usr/pwd in it, then on page load, check the cookie and match it to the
record I'm retrieving. If there's a match, show it, if not, redirect back to
the login page.

However, that would entail leaving a usr/pwd record in the cookie on their
machine. That seems like a security no-no.

I should mention that this is *not* a high security banking site or anything
of the sort. So, it doesn't have to be that secure...it's mainly being used
to avoid random browsing of some images. However, if I do it, I'd like to do
it 'right'. ;o)

-Darrel
Jun 19 '06 #1
Share this Question
Share on Google+
1 Reply


P: n/a
Encrypt the username/password and store it in a cookie or even more simple:
store it in session

Shawn
"darrel" <no*****@nowhere.com> wrote in message
news:eL****************@TK2MSFTNGP02.phx.gbl...
I need to be able to password protect individual pages.

For instance:

/protected.aspx?id=123
/protected.aspx?id=555

Both would need to be only accessible to two different people (with their
own usr/pwd). What is the most appropriate way to handle this?

Typically, I'd use forms authentication and then protect an entire directory
within my app via the webconfig. In this case, though, I'm not protecting
specific aspx pages, but, rather, specific records in the DB retrieved on
this page.

I was thinking of having a person login, set a cookie with their their
usr/pwd in it, then on page load, check the cookie and match it to the
record I'm retrieving. If there's a match, show it, if not, redirect back to
the login page.

However, that would entail leaving a usr/pwd record in the cookie on their
machine. That seems like a security no-no.

I should mention that this is *not* a high security banking site or anything
of the sort. So, it doesn't have to be that secure...it's mainly being used
to avoid random browsing of some images. However, if I do it, I'd like to do
it 'right'. ;o)

-Darrel

Jun 20 '06 #2

This discussion thread is closed

Replies have been disabled for this discussion.