Lisa Wollin : ASP.NET

Password Protecting Web Pages

lisawoll — Sat, 25 Jun 2005 01:56:00 GMT

John Jansen, one of the FrontPage testers, sent me these three different ways to password protect pages in FrontPage.

Using a FrontPage site template and ASP
Using Code Snippets
Using ASP.NET

To password protect pages using a FrontPage site template and ASP

Here are specific steps to password protect pages using features built into FrontPage:

From the File menu, click New.
From the Web Site tab, select FrontPage Server Templates from the first list, and then select Database Interface Wizard from the second list.
Type the location where you want to put your password protected page. This must be an Windows Web server running IIS.
Click OK.
In the Wizard…
1. Click Next to create an ASP solution.
2. Click Next to use the default name for the connection.
3. Click Next to use the default columns in the table.
4. Click Next after the DB is created.
5. Click Next to use the default table.
6. Check the box to use a Database Editor.
7. Click Next.
8. Choose a password and enter it.
9. Click Next.
10. Click Finish.
After FrontPage finishes building the site, all of the necessary code for password protecting pages has been generated. In order to protect any new pages, simply put the following code:
```

<%
If Session(SiteId) <> true Then
Response.Redirect(“login.asp?requester=”)
End If
%>
```
above the <HTML> tag on any page and save as .asp.

To password protect pages using Code Snippets

Here are steps to create password protected pages using code snippets:

Create a new site in FrontPage.
Create a new page and switch to Code view.
Delete all the code in the new page.

Paste the following code as a code snippet.

<%
Username="user"
Password="pass"
' if any of the variables do not match, create error message
if Request.Form("login") <> Username or Request.Form("password") <> Password then
    MsgErr = "<h3>Authorization Failed.</h3>"
    Response.Write MsgErr
    ' if correct, set the session variable and proceed
Else
    Session("someStringValue") = true
    ' redirect
    If Len(Request("requester")) > 0 Then
        Response.Redirect (Request("requester"))
    Else
        Response.Redirect "protected.asp"
    End if
End if
%>
<html>
<head>
    <title>Results -- Login</title>
    <meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
    <meta name="GENERATOR" content="Microsoft FrontPage 6.0">
    <meta name="ProgId" content="FrontPage.Editor.Document">
</head>

<body bgcolor="#FFFFFF">
    <FORM ACTION="login.asp" METHOD="post">
    <h3>Login</h3>
        <TABLE BORDER=0> 
            <TR>
                <TD ALIGN="right">User name:</TD>
                <TD><INPUT TYPE="text" NAME="login" size="10" VALUE=''/></TD>
            </TR>
            <TR>
                <TD ALIGN="right">Password:</TD>
                <TD><INPUT TYPE="password" NAME="password" size="10" VALUE=''/></TD>
            </TR>
            <TR>
                <TD><input TYPE="hidden" NAME="requester" VALUE="<%=Server.HtmlEncode(Request("requester"))%>"></TD>
                <TD></TD>
            </TR>
            <TR>
                <TD align="left"><INPUT TYPE="submit" VALUE="Login"/></TD>
                <TD></TD>
            </TR>
        </TABLE>
    </FORM>
</body>
</html>

Save page as login.asp.
Create a new page and switch to Code view (or do this with any page you want to protect with a password).

Above the opening <html> tag, paste in the following snippet.

<%
If Session("someStringValue") <> true Then
    Response.Redirect("Login.asp?requester=protected.asp")
End If
%>

Save this page as protected.asp (or replace the requester text above from protected.asp to the page name you are protecting).
Browse to protected.asp.

To password protect pages using ASP.NET

Here are steps to password protect pages using ASP.NET:

Create a new page in your Web site and switch to code view.
Select and delete all the code in the page.

Paste in the following code.

<html>
<body>
    <h1>Please Log In</h1>
    <hr>
    <form runat="server">
    <table cellpadding="8">
        <tr>
            <td>User Name:</td>
            <td><asp:TextBox ID="UserName" RunAt="server" /></td>
        </tr>
        <tr>
            <td>Password:</td>
            <td><asp:TextBox ID="Password" TextMode="password" RunAt="server" /></td>
        </tr>
        <tr>
            <td><asp:Button Text="Log In" OnClick="OnLogIn" RunAt="server" /></td>
            <td></td>
        </tr>
    </table>
    </form>
    <hr>
    <h3><asp:Label ID="Output" RunAt="server" /></h3>
    </body>
    </html>
    <script language="C#" runat="server">
        void OnLogIn (Object sender, EventArgs e)
        {
            if (FormsAuthentication.Authenticate (UserName.Text, Password.Text))
                FormsAuthentication.RedirectFromLoginPage (UserName.Text, false);
            else
                Output.Text = "Invalid login";
        }
    </script>

Save the page as loginpage.aspx.
Create a new page and switch to code view.
Select and delete the code in the page.

Paste the following code into the new page.

<configuration>
    <system.web>
        <authentication mode="Forms">
        <forms loginUrl="LoginPage.aspx">
        <credentials passwordFormat="Clear">
    <user name="Bruce" password="Batman"/>
    </credentials>
    </forms>
    </authentication>
    <authorization>
    <deny users="?" />
    </authorization>
    </system.web>
</configuration>

Save the page as web.config.

And that’s all there is to that. Any aspx pages in the same folder as the web.config file are protected.

Working with ASP.NET Controls in FrontPage

lisawoll — Fri, 18 Jun 2004 23:45:00 GMT

I wanted to post a quick note about an add-in that one of the FrontPage testers, Harris Chan, developed for working with ASP.NET controls in FrontPage. To be honest, I just installed it, so I haven't had a lot of time to work with it. If you're interested in downloading and installing the add-in, you can find it on the FrontPage Add-in Center

If you have any comments or questions, feel free to post them. I'll forward them onto Harris.

Deploying ASP.NET Applications

lisawoll — Thu, 20 May 2004 00:22:00 GMT

We recently published an article in the MSDN FrontPage portal called Using ASP.NET with FrontPage. The article does well, but there's one complaint from a reader that the article doesn't address how to make an ASP.NET project run on a Web server. I'm not sure the article should, but I remember having that same question with the first ASP.NET app I actually copied to a server. It wouldn't run, and there were no clues as to what I needed to do to make it run. I even tried creating a Web app directly on the server to see if that would help. It didn't.

I was certain it was a server problem and not a code problem, since I could run the application fine on my machine just not on the server. The .NET Framework was, of course, installed and running. So I did some research and what I found was a help topic that said that ASP.NET deployment is as simple as copying the necessary files to the Web server. Okay, I did that without success, so what was I missing?

When I was in college, I had a writing instructor who used the term COIK writing: Clear Only If Known. Many technical writers mistakenly make assumptions about their readers. Now I'm not saying that all assumptions are bad or wrong. For example, as a programmer writer, I have to assume that my readers at least know what code is if they haven't actually written it before. But there are just some assumptions that shouldn't be made.

With the help for deploying ASP.NET applications, the assumption was that I understood what needed to be done on the server in order to make my Web app run, making the additional information unnecessary. Perhaps I should have known; I've certainly worked with IIS, but (as I've said before) servers are not my thing. In the past, I've preferred to leave them to others, but I've realized that if I want to provide server-side anything on my Web sites, I need to know as much as, if not more than, my Web server admins about what the server needs to do and how to do it.

The help for deploying ASP.NET applications wasn't incorrect. You can, in fact, copy ASP.NET files to the server using XCopy or an FTP program, provided you know which files you need to copy. However, deploying a Web app is more than just copying the necessary files to the Web server. So what else needs to be done?

In the IIS Properties pages for a Web site's virtual directory, there is a Directory tab that contains the application settings. By default, when an admin creates an IIS Web site (or virtual directory), the application name is empty or says "Default Application" in greyed text. All you need to do is click Create to tell IIS to run server-side code from the Web sites virtual directory.

The folder into which you copy or FTP the files for an ASP.NET Web application may be a subfolder in your Web site but may not be a virtual directory in IIS. In this case, your Web server admin needs to add it as a virtual directory in IIS. Either way, the admin also needs to set the application settings for the virtual directory.

Of course, this is a simplified version of what needs to be done, and I'm sure there are other settings that Web developers may need to know to effectively deploy ASP.NET applications, but every Web app that I created before knowing this, that previously didn't work, now functions as expected after clicking Create. Isn't it wonderful when things work?