The ASP Emporium - Restricted Access Example

<% @ Language = VBScript %> <% Option Explicit With Response .Buffer = true .Expires = 0 .Clear End With %> <% Dim oAuth, bAuthorized Set oAuth = new DBAuthorization oAuth.ConnString = "provider=microsoft.jet.oledb.4.0;data source=" & server.mappath("./mydata.mdb") oAuth.ConnUser = "" oAuth.ConnPass = "" oAuth.UserName = request.form("user") oAuth.Password = request.form("pass") bAuthorized = oAuth.Authorized() Set oAuth = nothing ' if they want to logout, reset security and redirect to form. If Request.ServerVariables("QUERY_STRING") = "logout" Then Session.Abandon Response.redirect "./restrictedAccessDb.asp" End If if bAuthorized then session("authorized") = 1 ' welcome to the system ' handle any unauthorized usrs who didn't submit the form. If session("authorized") <> 1 then session("authorized") = 0 ' check for authentication for this page and if there is none, display the form ' otherwise display the entire page as it appears below. If session("authorized") <> 1 then Dim pageText ' display form to allow user to enter info pageText = pageText & "" & vbCrLf pageText = pageText & "" & vbCrLf pageText = pageText & "

" & vbCrLf pageText = pageText & "" & vbCrLf pageText = pageText & "" & vbCrLf pageText = pageText & "" & vbCrLf & "" & vbCrLf pageText = pageText & "

" & vbCrLf pageText = pageText & "
" & vbCrLf pageText = pageText & "Please enter a valid user name and password to continue.
" & vbCrLf pageText = pageText & "" & vbCrLf pageText = pageText & "" & vbCrLf & "" & vbCrLf pageText = pageText & "" & vbCrLf & "" & vbCrLf & "" & vbCrLf pageText = pageText & "" & vbCrLf pageText = pageText & "" & vbCrLf & "" & vbCrLf & "" & vbCrLf pageText = pageText & "" & vbCrLf pageText = pageText & "" & vbCrLf pageText = pageText & "" & vbCrLf & "

User ID:
Password:	" pageText = pageText & "
	" & vbCrLf pageText = pageText & "

" & vbCrLf & "
Access to this area is only provided to clients with a specific need for the files enclosed.
Click the MoleSoft logo to return to the main site " pageText = pageText & "

" & vbCrLf & "

" & vbCrLf pageText = pageText & " " & vbCrLf & "" & vbCrLf response.write pageText response.end End If ' everything below this point has been secured by ASP ' and is restricted from casual viewing. ' On any other page, you would use the following block of ' code to check for authentication (remove comments when ' using in another file): ' If session("authorized") <> 1 then ' response.write "You are not allowed to view this page." ' response.end ' End If ' to log someone out, call the ' session.abandon ' method and the user will have to enter their user name and password to ' view the restricted page again. %> The ASP Emporium - Restricted Access Example

Restricting Web Access with ASP using User Names and Passwords

Even better than restricting access by an IP address is restriction using session variables, a user name and password. We ask a client for a user name and a password and if they are verified, the page text is displayed otherwise the page is not allowed to be viewed until proper credentials are entered. To see this system in action, check out the Billyboy day planner example

If you want to test this example again, click here to logout.