Front and Center: Password Protecting Pages of Your Choice

Previous page
Table of content
Next page

One of the most common questions from FrontPage users is "how can I password protect one or more pages in my Web site?" It just so happens that the Database Interface Wizard adds the ASP code necessary to handle all this for you as long as you don't mind having a single username and password for all of your users. Only ASP pages can be protected using this method because the protection relies on the ASP code generated by the Database Interface Wizard.

Open the edit.asp page that the Database Interface Wizard generated and switch to Code view. Select the code at the top of the page all the way down to, but not including, the <html> tag. Create a new page and save it in the same folder as the edit.asp. Save the page as protected.asp. Switch to Code view and paste the code that you copied from edit.asp into the page at the top of the page before the <html> tag. Edit the line of code that performs the Response.Redirect and change edit.asp to protected.asp. The code before the <html> tag should now be as follows:

 
 <!-- #include File='login.asa'--> <%     If Session(SiteID) <> true Then         Response.Redirect("Login.asp?requester=protected.asp")     End If %>

Note that the only change made was to the requester query string value. Now change to Design view and type This page is password protected. in to the page. Save the page and preview it in a new browser window. When the page is first requested, you will be prompted to log in. Only after you enter the correct username and password will you be served the protected.asp page.

How does this work? FrontPage stores a long string called SiteID in the login.asa file. This string is a GUID, a string of 32 hexadecimal digits guaranteed to be unique. FrontPage uses the SiteID value to name a specific value associated with your ASP session to the dbase Web site. By using a GUID, FrontPage can be certain that there are no other ASP Session values by that same name.

FrontPage also stores the username and password that you configure for the Database Editor in the login.asa file. It does this so that it can verify them when you enter them on the login page. The first line you pasted into protected.asp tells ASP to stick the contents of login.asa into the protected.asp page. By doing that, you now have access to the correct username and password that are stored in login.asa and you also have access to the unique value for SiteID.

FrontPage then inserts some ASP code to verify if the ASP Session variable for SiteID is equal to true. It will only be equal to true if you have previously logged in successfully. If you haven't logged in successfully, the value represented by the SiteID GUID will not be equal to true and you will be redirected to the Login.asp page.

When you are redirected to the Login.asp page, FrontPage includes a query string parameter called requester that contains the name of the page you originally requested. FrontPage uses this to send you back to that page after you successfully log in. The page responsible for checking the credentials you enter on the Login.asp page is the Login_Validate.asp page. If the username and password you entered are correct, it redirects you to the page passed in the requester query string. If the credentials you entered are not correct, you are notified of that and are not allowed to continue.

So what if you want to password protect some pages, but you don't want to include all the Database Interface Wizard pages in your Web site? The only pages you need to implement password protection are Login.asp, Login_Validate.asp, and login.asa. After you've run the Database Interface Wizard to generate those pages, you can delete all the other pages.

There is one more important consideration when modifying the structure of the Web site. It's important to make sure that the paths in your ASP code are relative to the current page. For example, suppose you want the protected.asp page that you've been working on in this chapter to be located in the root of the dbase Web site. You can't just move the page to the root folder and expect FrontPage to update the links because the links are in ASP code and FrontPage doesn't update links in ASP code. Instead, you have to change the links yourself.

Move the protected.asp page to the root of the dbase Web site and browse to it again. You will get an error message. To correct that error, you have to edit the code so that it appears as follows.

 
[View full width]
 <!-- #include File='Sample_interface/Employees/editor/login.asa'--> <% If Session(SiteID) <> true Then   Response.Redirect("Sample_interface/Employees/editor/Login.asp? requester=/dbase graphics/ccc.gif/protected.asp") End If %>

Now that all the paths are correct, the page will work as expected.


Previous page
Table of content
Next page
Special Edition Using Microsoft Office FrontPage 2003
Special Edition Using Microsoft Office FrontPage 2003
ISBN: 0789729547
EAN: 2147483647
Year: 2003
Pages: 443
Authors: Paul Colligan, Jim Cheshire
BUY ON AMAZON
Lotus Notes and Domino 6 Development (2nd Edition)
Snort Cookbook
Lotus Notes Developers Toolbox: Tips for Rapid and Successful Deployment
Logistics and Retail Management: Emerging Issues and New Challenges in the Retail Supply Chain
Java All-In-One Desk Reference For Dummies
GDI+ Programming with C#
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy