ASP/Access Password Protection for Multiple Pages

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • knouphis
    New Member
    • Jul 2008
    • 1
    #1

    ASP/Access Password Protection for Multiple Pages

    Hello,

    First, I apologize for what's probably a novice question, but I haven't been able to find this specific issue previously addressed.

    I've successfully set up a password-protected webpage using ASP and an Access DB, as outlined in MS KB article 825498. I want to repeat this process for another page/subweb in the site referencing a different DB and include file, but the problem is after logging into one of the secure pages that same user session seems to still be good for access to the other page. How can I make them mutually exclusive?

    If anyone can point me in the right direction to resolving this issue I would greatly appreciate it!

    Thanks,
    Knouphis
    Tags: None
    • idsanjeev
      New Member
      • Oct 2007
      • 241
      #2
      Hello knouphis
      welcome to bytes forum
      you try to block user for some pages after login one time your need to repeat this process for another page/subweb in the site referencing a different DB and include file then open a new login page refrencing to databse and store it in different session then chek if session("user2" ) is not null then proceed otherwise redirect to another login page refrencing new database.
      whats you are doing for thats
      Regards
      Jha

        Comment

        • danp129
          Recognized Expert Contributor
          • Jul 2006
          • 323
          #3
          You need to have the access database store permissions for what access that user can do. If you are only going to have a few types such as an admin user and a basic user then I would add a number field called user_type and say if user_type is 1 then they are a basic user, if 255 then they are an admin.

          When the login script is called it checks the field for that user/pass. If it is 1 then set session("blnIsU ser")=true. If it is 255 then set session("blnIsA dmin")=true as well as blnIsUser.

          When you have a page you want to protect that only logged in users can get to, do:
          if not session("blnIsU ser")=true then response.redire ct "logon.asp"

          For pages only an admin should see do
          if not session("blnIsU ser")=true then response.redire ct "logon.asp"



          You may also want to keep track of what they're last page was before redirecting them to the login script, so they can return automatically after they login. You would put something like this in your protected page:

          Code:
          if not session("blnIsUser")=true then 
	session("URL")=Request.ServerVariables("SCRIPT_NAME") & "?" & Request.ServerVariables("QUERY_STRING")
	Response.Redirect "logon.asp"
end if
          Then do this in your login page after you have verified their username/password and set the appropriate session variables:

          Code:
          if session("URL") <> "" then
	response.redirect=session("URL")
else
	response.redirect "/"
end if

            Comment

            Previous template Next
            Working...