Re: Login Page
From: Tom Kaminski [MVP] ((A_at_T))
Date: 03/09/04
- Next message: doug: "localhost not working"
- Previous message: Carl Fenley: "FP Extensions & FTP Publishing Service..."
- In reply to: Nathan Thompson: "Login Page"
- Next in thread: Jerry M. Gartner: "Re: Login Page"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 9 Mar 2004 14:05:21 -0500
"Nathan Thompson" <ngthompson@comcast.net> wrote in message
news:fdd8855c.0403091051.77f13414@posting.google.com...
> I am looking for a way to make my website secure. I use IIS on
> Server 2000 to host my website. I would love to use windows
> authentication tied into a login page. I hope to accomplish a secure
> login page and all the pages after that are secure also. I am using
> Dreamweaver MX currently to design my page. I am open to all
> suggestions. Please help me.
Managing security like this can become rather complex as you're essentially
looking to "roll your own" mechanism. You can use AD code provided below
along with the technique in the aspfaq link, however it won't protect any
static (non-asp) content. To do that you'll have to place those files
outside of your web root (so there's no direct URL to the file) and use an
ASP with ADODB.Stream and Response.BinaryWrite to "serve" the file after you
have checked that the user is authenticated.
http://support.microsoft.com/?kbid=276488
http://www.aspfaq.com/show.asp?id=2114
AD code:
<html>
<head>
</head>
<body>
<form action=authad.asp method=post>
Username: <input type=text name=strUserName><br>
Password: <input type=password name=strPassword><br>
<input type=submit name=btnSubmit>
</form>
<%
If Request.Form("strUsername") <> "" Then
Dim strADsPath
strADsPath = "WinNT://yourdomain"
'userid =
strUserName = "yourdomain\" & Request.Form("strUserName")
strPassword = Request.Form("strPassword")
if (not strADsPath= "") then 'if and ADS Object path has been provided
proceed with authentication
' bind to the ADSI object and authenticate Username and password
Dim oADsObject
Set oADsObject = GetObject(strADsPath)
response.write "Authenticating...<br><br>"
Dim strADsNamespace
Dim oADsNamespace
strADsNamespace = left(strADsPath, instr(strADsPath, ":"))
set oADsNamespace = GetObject(strADsNamespace)
Set oADsObject = oADsNamespace.OpenDSObject(strADsPath, strUserName,
strPassword, 0)
' we're only bound if err.number = 0
if not (Err.number = 0) then
Response.Write "<font color='red'><font size = 5><u><b>Authentication has
failed...<b></u></font></font>"
'Response.Write "Failed to bind to object <b>" & strADsPath & "</b><br>"
'response.write err.description & "<p>"
'Response.write "Error number is " & err.number & "<br>"
Session("Auth") = "NO"
else
Response.Write "<font color='blue'>USER AUTHENTICATED!</font><br>"
'Response.Write "Currently viewing object at <b>" & oADsObject.ADsPath &
"</b><br>"
'Response.Write "Class is " & oADsObject.Class & "<br>"
Session("Auth") = "YES"
end if
'response.write "<p>"
end if
End If
%>
</body>
<html>
Another option if you *must* have ab html form is a 3rd-party application
like Authentix:
http://www.flicks.com/flicks/authx.htm
-- Tom Kaminski IIS MVP http://www.iistoolshed.com/ - tools, scripts, and utilities for running IIS http://mvp.support.microsoft.com/ http://www.microsoft.com/windowsserver2003/community/centers/iis/
- Next message: doug: "localhost not working"
- Previous message: Carl Fenley: "FP Extensions & FTP Publishing Service..."
- In reply to: Nathan Thompson: "Login Page"
- Next in thread: Jerry M. Gartner: "Re: Login Page"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
