Page #44 (Chapter 5 - Securing an IIS Application)

Previous page
Table of content
Next page

Chapter 5 - Securing an IIS Application

Visual Basic Developers Guide to ASP and IIS
A. Russell Jones
  Copyright 1999 SYBEX Inc.
Test the Security
Take one more look at the Signon_frmSignon code. Notice that when the user has successfully signed on, it sets two Session variables—Signon and Password. These variables will always have a value of Empty until the user has successfully signed on. By implementing a check at the beginning of each page request, you can route the user to the Signon screen when Session("Signon") is empty.
In an ASP site, you'd typically do this with an include file. In WebClasses, you can use the BeginRequest event to do the same thing.
Private Sub WebClass_BeginRequest()
    If IsEmpty(Session("Signon")) Then
    Select Case Request("WCI")
        Case "Signon", "Register"
   ' OK, let users see pages in these WebItems
        Case Else
            Session("msg") = "This is a secured " & _
            "site. You must sign in before you may " & _
            "view any of the pages."
            Response.Redirect URLFor(Signon)
        End Select
    End If
End Sub
The BeginRequest routine lets people see pages associated with the Signon and Register WebItems, but restricts all other pages by redirecting to the Signon page if the user has not successfully signed on. Using this method, you may add Web-Items to this WebClass without worrying about whether the user is signed on.
To test the security, you'll need to create another WebItem. The item doesn't need to do anything but write a message to the screen. If you request it, though, you'll need to sign on before you can see it. Right-click the Custom WebItems in the WebClass Designer window and select Add Custom WebItem from the pop-up menu. Name the new item TestSecurity. Double-click the TestSecurity item and add this code to the Respond event:
Private Sub TestSecurity_Respond()
    With Response
        .Write "<center><h2>This page is " & _
            "secured.</h2></center><BR>"
        .Write "To test the security, add a bookmark " & _
            "to your Favorites list or make a note of " & _
            "the URL in the address field. "
        .Write "Close your browser, open a new instance "
        .Write "of the browser, and try to navigate to " & _
"this URL."
    End With
End Sub
Save and then run your project. After you have registered and signed on, you should be able to see the TestSecurity page by typing the URL into your browser. Although your server name and path may be different, the last part of the URL should be the same as the following example:
http://localhost/SecuredSite/Signon.ASP?WCI=TestSecurity
Follow the instructions on the TestSecurity page to see how the security works. You've completed the project, but your site may not be as secure as you think.

Previous page
Table of content
Next page
Visual Basic Developer[ap]s Guide to ASP and IIS
Visual Basic Developer[ap]s Guide to ASP and IIS
ISBN: 782125573
EAN: N/A
Year: 2005
Pages: 98
BUY ON AMAZON
Adobe After Effects 7.0 Studio Techniques
A Practitioners Guide to Software Test Design
Persuasive Technology: Using Computers to Change What We Think and Do (Interactive Technologies)
PMP Practice Questions Exam Cram 2
Extending and Embedding PHP
.NET-A Complete Development Cycle
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy