Results 1 to 3 of 3

Thread: Authentication

  1. #1
    Join Date
    Dec 1969

    Default Authentication

    I have written a ASP program, which checks for User authentication(User name and password) for logging into a site. This works fine, but when I give the next page name directly in the URL it gives me the access . How to avoid this ? Please suggest.<BR>

  2. #2
    Join Date
    Dec 1969

    Default RE: Authentication

    Use something like redirecting them to a particular file if they don&#039t get the password correct. Don&#039t even allow them to get to the file.<BR>&#060;%<BR>Set Cm = Server.CreateObject("ADODB.Command")<BR>Cm.ActiveC onnection = "PUT YOUR DSN HERE"<BR>Cm.CommandText = "SELECT * FROM Passwordfield WHERE " &_<BR>"UserPassword=&#039" & Request.Form("UserPassword") & "&#039"<BR>Cm.CommandType = 1<BR>Set Rs = Cm.Execute<BR>If Rs.EOF Then<BR>Session("Authenticated") = 0<BR>Response.Redirect("Name of file if Password Not correct.html")<BR>Else<BR>Session("Authenticated") = 1<BR>Response.Redirect("Name of File if Pswd correct.html")<BR>End If<BR>%&#062;

  3. #3
    Mark Guest

    Default RE: Authentication

    With Windows NT 4.0 (IIS 4.0), there are 4 types of user authentication methods:<BR><BR>1. Anonymous Authentication<BR> - IIS doesn&#039t authenticate the web user<BR> - IIS run by impersonating default NT Account "IUSR_machine"<BR><BR>2. Basic Authentication<BR> - IIS authenticates the web user via a dialoge box<BR> - the web user must supply Account Name and Password -unencrypted!<BR> - IIS runs by impersonating the Account of the authenicated web user<BR> - IIS can gain access to resources on other servers on the network because it has user&#039s actual password; not just the user&#039s password hash<BR><BR>3. NT Challenge/Response Authenication (MSIE Browsers only)<BR> - IIS authenticates the web user without a dialoge box<BR> - the users&#039 password hash is sent rather than password itself<BR> - IIS runs by impersonating the Account of the authenicated web user<BR> - IIS is limited to local resources on server because it only has user&#039s password hash; IIS cannot gain access to resources on other servers on the network without the actual user password)<BR><BR>4. ASP Script Authenication<BR> - A user&#039s Account and Password are submitted via an HTML Form<BR> - Once the Account and Password are authenicated against some database, a Session variable can be established;<BR> e.g.<BR> IF user can be authenticated against database THEN<BR> Session("AuthenicatedUser") = "YES"<BR> Else<BR> Session("AuthenicatedUser") = "NO"<BR> End If<BR><BR> The following script needs to be placed at the very beginning of every page in your site where you require authentication:<BR><BR> If session("AuthenicatedUser") = "YES" THEN<BR> &#039---Serve the authenicated user this page-------------<BR> Else<BR> &#039---The web user hasn&#039t yet been authenicated---------<BR> &#039---Do not serve him this page------------------------<BR> &#039---Force him to logon and authenicate himself--------<BR> Response.Redirect ("DefaultLogonPage.asp")<BR> End IF<BR><BR> I usually place the above script in an INCLUDE File<BR><BR>I hope this helps

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts