ASP Help Needed > Authentication

Authentication for Admin Use from Login

Page 1 of 1

1 Replies - 2106 Views - Last Post: 03 May 2002 - 01:03 PM Rate Topic: -----

#1 sawchuk  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 3
  • Joined: 29-April 02

ASP Help Needed > Authentication

Posted 29 April 2002 - 08:51 AM

My first use of the forums here... if anybody can help... a suitable sacrifice will be made in your honour!

I have set up a User Login... and want to protect my admin pages with proper authentication... hence if they try to bypass the login, they get returned to the Login...

My DB is simple... titled: "members"
I have the following columns...
ID
username
password
first_name
last_name
admin_email
group

My functioning Login Page is as follows:
I have it posted at: http://www.itmedia.c...abase/login.asp

<%@ LANGUAGE="VBSCRIPT" %>
<% pageTitle = "Log On" %>
<HTML>
<HEAD>
<TITLE><%= pageTitle %></TITLE>
</HEAD>
<BODY bgcolor="CCCCCC">
<CENTER>
<h1>IT Media Test Page</h1>
<P>
<%
'First check to see if user is already logged in
if Request.cookies("isLoggedInAs") = "" then  
%>
    <H2>Administrator Login</H2>
    <% if Request.querystring("retry") = "password" then %>
         <h3>Invalid Password</h3>
    <% elseif Request.querystring("") = "username" then %>
         <h3>Invalid username</h3>
    <% end if %>
    <FORM ACTION="login_action.asp" METHOD="post">
    Username:  <INPUT TYPE="text" NAME="p_username"><BR>
    Password:  <INPUT TYPE="password" NAME="p_password"><BR>
    <BR>
    <INPUT TYPE="submit" VALUE="Log In">
    </FORM>
    <P>
<% else  %>
<H2>
Exiting Administration Area
</H2>
    Goodby <%= Request.cookies("isLoggedInAs")("first_name") %>
    <br><A HREF="logoff.asp">Continue</a>.
<% end if %>
<P>
</BODY>
</HTML>

and I wish to include an 'include' on the subsequent pages... as follows:

<%    
   Function isAdmin
       set itmediaDB = Server.CreateObject("ADODB.Connection")
       itmediaDB.Open "itmedia"
       
       p_currentuser = Request.ServerVariables("AUTH_USER")
       
       set adminSet = itmediaDB.Execute("select group from "_
            & " members where username='" & p_currentuser & "'" )
       if adminSet.EOF then
            isAdmin = false
       elseif adminSet("group") = "admin" then
            isAdmin = true
       else
            isAdmin = false
       end if
       
       adminSet.Close
       set adminSet = Nothing
       
       itmediaDB.Close
       set itmediaDB = Nothing
   End Function
%>

with this, my admin pages themselves would be as follows...
<%@ Language=VBScript %>

<%
if isAdmin then
%>

<table>
 <tr>
   <td><a href="edit.asp">Delete a Record</a></td>
 </tr>
</table>

<%
   itmediaDB.Close
   set itmediaDB = Nothing
else

   Response.Write "You do not have access to this page."

end if
%>
</BODY>
</HTML>

end if
%>
</BODY>
</HTML>

however in no simple terms... there is something amiss here... as I get the "You do not have access to this page."
hence, it works, but I am not being accepted as an authorized admin person...

Can anybody help me either on this code... or how to set this up?!

Cheers:)


Is This A Good Question/Topic? 0
  • +

Replies To: ASP Help Needed > Authentication

#2 klewlis  Icon User is offline

  • cur tu me vexas?

Reputation: 8
  • View blog
  • Posts: 1,723
  • Joined: 09-November 01

Re: ASP Help Needed > Authentication

Posted 03 May 2002 - 01:03 PM

well, I didn't examine your code fully, but it seems awfully complicated for what you're trying to do.

Generally, this is my method:

1) Use session variables (not cookies, what a pain) to keep track of whether or not they're logged in
2) On each page, find out if they're logged in. If not, redirect to the main page. If they are, continue.
3) On the main page, if they're logged in, give them their options. If not, provide a login form.

So it's as simple as:

(main page)

If Request.Form("login") = "submit" Then
   'process the login form
End If

If Session("login") = "" Then   'provide a login form Else   'give them their admin options End If

(other pages)

If Session("login") = "" Then
    Response.Redirect("mainpage.asp")
End If


Was This Post Helpful? 0
  • +
  • -

Page 1 of 1