TAKempis Internet Programming Home
Home Uncle Chutney's Journal Information, Tutorials
Sponsored by my good friends of many years, at iLand Internet Solutions
Start Marquee
Stop Marquee

An ASP Password Protection Tutorial!

A lot of people have the need to protect specific pages in their webs, rather than entire folders. Using web server permissions requires a few things that are out of your hands, and require the cooperation of your hosting service to set up (NT user accounts, etc).

This tutorial, which uses ASP, illustrates using a database (in this case Access) to store User Names and Passwords, and accessing the database to allow or deny access to the pages in question.

If you have Expression Web, creating an ASP page can be simple . All you have to do is create your ADO data objects, run your query, and use Server-Side scripting tags to create your database column values, if/else conditional statements, and whatever else your imagination and the "magic" of ASP leads you to create.

Why don't you start the ball rolling by filling out the form below?

Note: If you've done this tutorial before (and since I added this bit of code), the ID and Password will already be filled in. Why? See the explanation below.

Note: "Uncle Chutney" and "hello" will work.

Please enter your User Name (ID):
Please enter your password:
 

Explanation of filled-in form fields: As an additional bit of information, I've added some "Cookie Dough" to this tutorial. For the convenience of your users, who may forget their passwords, you may want to "save" their password information in a Cookie, then populate your form fields with these. With ASP, this is a simple matter. the Request Object has a Cookies Collection. To populate the form fields with values from this Collection, you will first have to set the Cookie. This is done using the Response Object's Cookies Collection. Important: In the page which sets the Cookie, the code to set the Cookie should appear before any HTML code! In this case, gateway.asp has some ASP code above the HTML code, which I've reproduced here:

<%
Dim id, password, q, rs, d

id = Request.Form("id")
password = Request.Form("password")

' ** Create your Query
q = "SELECT * FROM password WHERE id LIKE '" &_
     id & "' AND password LIKE '" & password & "'"

' ** Create a RecordSet to store the results of the Query
Set rs = Server.CreateObject("ADODB.RecordSet")
rs.Open q, "DSN=xxxxxx;"

' ** check for no records returned (id or password not found)
if NOT rs.EOF then

' ** Set cookies for user's convenience
    d = Date
    Response.Cookies("userid") = id
    Response.Cookies("pword") = password
    Response.Cookies("userid").Expires = DateAdd("yyyy",2,d)
    Response.Cookies("pword").Expires = DateAdd("yyyy",2,d)
end if
%>
<html>

In this page, the form fields are populated with a bit of simple ASP code, an example of which follows:

<input type="text" size="20" name="password" value="<%=Request.Cookies("pword")%>">

Note: for the purposes of security, you may not want to store the password in a Cookie. However, storing the User ID can be convenient. 

Home Uncle Chutney's Journal Information, Tutorials
TAKempis Internet Programming Home
© 1997-2007 by TAKempis - All Rights Reserved