Topic: Password protecting a page in ASP

[Mike]

So today I get asked about how to password protect a page with a username/password combo.  Of course the first thing I think of is to use apache and a htpasswd file.  But they want to put it on the server running IIS which is a royal pain to do that type of protection on.  PHP doesn't work on that server last I checked so it left me with ASP.

I got it working and thought that some of you might have a need for it at sometime when hell freezes over.

I stole most of it from another site and then just editted it to handle a user list and not redirect away but instead just show the good parts of the page.

Code: [Select]

<%
Response.Expires = -1000 'Make sure the browser doesn't cache this page

Dim users(1) 'Change this to the number of users (minus 1)
users(0) = Array("mike", "foo")
users(1) = Array("bob", "bar")
%>

<html>
<head><title>Password Protect your ASP pages</title>
</head>
<body>

<%
If Request.Form("submit") = "Login" Then
CheckLoginForm
Else
If (Session("BlnLoggedIn") = True) Then
ShowPage
Else
ShowLoginForm
End If
End If

Sub CheckLoginForm
Dim valid
valid = False
For Each user In users
If Request.Form("username") = user(0) AND request.Form("password") = user(1) Then
valid = true
Exit For
End If
Next

'check if the value of the text field 'username' and 'password' are correct
If valid = True Then
Session("BlnLoggedIn") = True
ShowPage
Else
'if the values entered are incorrect then display the message below
Response.Write "<div align='center'>You are not logged in.</div><br>"
ShowLoginForm
End If
End Sub

Sub ShowLoginForm %>
<div align='center'>
<!-- start the HTML login form -->
<form name="form" action="pwp.asp" method="post">
<table>
<tr><td>User Name :</td><td><input type="text" name="username"></td></tr>
<tr><td>Password : </td><td><input type="password" name="password"></td></tr>
<tr><td colspan="2"><input type="submit" name="submit" value="Login"></td></tr>
</table>
</form>
<!-- end the HTML login form -->
</div>
<% End Sub

Sub ShowPage %>

<p>Hello</p>

<% End Sub %>

</body>
</html>

[ober]

Ick... I hate ASP.

[Mike]

Same here.  It took me a while to figure out how to do the multidimensional array without having to assign each entry one at a time.  I could have done the users as:

Code: [Select]

Dim users = Array(Array("mike", "foo"), Array("bob", "bar"))But I figured that would get too unweildy (because you can't break it up across lines) for the number of users the person was expecting.

I'm getting kinda tempted to throw up another PHP page just to see if it'll crash the server again.  I might do that right before I leave for the day

[hans]

People still use ASP?

And um, are you planning on putting all of the users/passwords in the login page?

I've run PHP off IIS before, but IIRC (wow that's a lot of acronyms) you need to config the server to pass to the php engine and my guess is you probably won't be able to get the server config changed?

Can't you use an _ to break the lines in an array declaration?

[Mike]

People still use ASP?

For our intranet server most of the pages are asp pages and don't even use a lick of asp.

And um, are you planning on putting all of the users/passwords in the login page?

Yeah, the login page and the data page are the same one.  From what the lady described she wanted high security wasn't an issue.

I've run PHP off IIS before, but IIRC (wow that's a lot of acronyms) you need to config the server to pass to the php engine and my guess is you probably won't be able to get the server config changed?

Oh PHP worked before and then they fucked it up.  And honestly I stopped caring about trying to get it fixed (when they tried to blame me it really pissed me off).

Can't you use an _ to break the lines in an array declaration?

/shrug
Dunno, didn't see any mention of that but I'll take a look tomorrow.

[Mike]

Ok had time and checked and yes _ worked.  Thanks