Lisa Wollin : Classic ASP

Password Protecting Web Pages

lisawoll — Sat, 25 Jun 2005 01:56:00 GMT

John Jansen, one of the FrontPage testers, sent me these three different ways to password protect pages in FrontPage.

Using a FrontPage site template and ASP
Using Code Snippets
Using ASP.NET

To password protect pages using a FrontPage site template and ASP

Here are specific steps to password protect pages using features built into FrontPage:

From the File menu, click New.
From the Web Site tab, select FrontPage Server Templates from the first list, and then select Database Interface Wizard from the second list.
Type the location where you want to put your password protected page. This must be an Windows Web server running IIS.
Click OK.
In the Wizard…
1. Click Next to create an ASP solution.
2. Click Next to use the default name for the connection.
3. Click Next to use the default columns in the table.
4. Click Next after the DB is created.
5. Click Next to use the default table.
6. Check the box to use a Database Editor.
7. Click Next.
8. Choose a password and enter it.
9. Click Next.
10. Click Finish.
After FrontPage finishes building the site, all of the necessary code for password protecting pages has been generated. In order to protect any new pages, simply put the following code:
```

<%
If Session(SiteId) <> true Then
Response.Redirect(“login.asp?requester=”)
End If
%>
```
above the <HTML> tag on any page and save as .asp.

To password protect pages using Code Snippets

Here are steps to create password protected pages using code snippets:

Create a new site in FrontPage.
Create a new page and switch to Code view.
Delete all the code in the new page.

Paste the following code as a code snippet.

<%
Username="user"
Password="pass"
' if any of the variables do not match, create error message
if Request.Form("login") <> Username or Request.Form("password") <> Password then
    MsgErr = "<h3>Authorization Failed.</h3>"
    Response.Write MsgErr
    ' if correct, set the session variable and proceed
Else
    Session("someStringValue") = true
    ' redirect
    If Len(Request("requester")) > 0 Then
        Response.Redirect (Request("requester"))
    Else
        Response.Redirect "protected.asp"
    End if
End if
%>
<html>
<head>
    <title>Results -- Login</title>
    <meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
    <meta name="GENERATOR" content="Microsoft FrontPage 6.0">
    <meta name="ProgId" content="FrontPage.Editor.Document">
</head>

<body bgcolor="#FFFFFF">
    <FORM ACTION="login.asp" METHOD="post">
    <h3>Login</h3>
        <TABLE BORDER=0> 
            <TR>
                <TD ALIGN="right">User name:</TD>
                <TD><INPUT TYPE="text" NAME="login" size="10" VALUE=''/></TD>
            </TR>
            <TR>
                <TD ALIGN="right">Password:</TD>
                <TD><INPUT TYPE="password" NAME="password" size="10" VALUE=''/></TD>
            </TR>
            <TR>
                <TD><input TYPE="hidden" NAME="requester" VALUE="<%=Server.HtmlEncode(Request("requester"))%>"></TD>
                <TD></TD>
            </TR>
            <TR>
                <TD align="left"><INPUT TYPE="submit" VALUE="Login"/></TD>
                <TD></TD>
            </TR>
        </TABLE>
    </FORM>
</body>
</html>

Save page as login.asp.
Create a new page and switch to Code view (or do this with any page you want to protect with a password).

Above the opening <html> tag, paste in the following snippet.

<%
If Session("someStringValue") <> true Then
    Response.Redirect("Login.asp?requester=protected.asp")
End If
%>

Save this page as protected.asp (or replace the requester text above from protected.asp to the page name you are protecting).
Browse to protected.asp.

To password protect pages using ASP.NET

Here are steps to password protect pages using ASP.NET:

Create a new page in your Web site and switch to code view.
Select and delete all the code in the page.

Paste in the following code.

<html>
<body>
    <h1>Please Log In</h1>
    <hr>
    <form runat="server">
    <table cellpadding="8">
        <tr>
            <td>User Name:</td>
            <td><asp:TextBox ID="UserName" RunAt="server" /></td>
        </tr>
        <tr>
            <td>Password:</td>
            <td><asp:TextBox ID="Password" TextMode="password" RunAt="server" /></td>
        </tr>
        <tr>
            <td><asp:Button Text="Log In" OnClick="OnLogIn" RunAt="server" /></td>
            <td></td>
        </tr>
    </table>
    </form>
    <hr>
    <h3><asp:Label ID="Output" RunAt="server" /></h3>
    </body>
    </html>
    <script language="C#" runat="server">
        void OnLogIn (Object sender, EventArgs e)
        {
            if (FormsAuthentication.Authenticate (UserName.Text, Password.Text))
                FormsAuthentication.RedirectFromLoginPage (UserName.Text, false);
            else
                Output.Text = "Invalid login";
        }
    </script>

Save the page as loginpage.aspx.
Create a new page and switch to code view.
Select and delete the code in the page.

Paste the following code into the new page.

<configuration>
    <system.web>
        <authentication mode="Forms">
        <forms loginUrl="LoginPage.aspx">
        <credentials passwordFormat="Clear">
    <user name="Bruce" password="Batman"/>
    </credentials>
    </forms>
    </authentication>
    <authorization>
    <deny users="?" />
    </authorization>
    </system.web>
</configuration>

Save the page as web.config.

And that’s all there is to that. Any aspx pages in the same folder as the web.config file are protected.

Creating ASP event handlers

lisawoll — Thu, 22 Jul 2004 22:46:00 GMT

Here's another tip from Rich Klein about how to create event handler for classic ASP code.

If you’ve ever tried to program an event handler for option buttons (also know as radio buttons) in ASP, you know this can be a daunting task. Option buttons do not automatically fire events in a way that can be easily trapped using VBScript. You must specify the event handler for each event when defining the control.

For example, if you want to populate a variable value when a particular option button is clicked, you might try something like this:

<input type="radio" name="rdoButton" OnClick="rdoButton_OnClick('12')">

Because this option button is using a well-defined event tag, including a language attribute is not always necessary, but in other cases, it may be necessary. For example:

input type="radio" name="rdoButton" OnClick="rdoButton_OnClick('12')" language="vbscript">

Using a language attribute ensures the ASP interpreter knows how to handle the event. Without the attribute, the interpreter may try to parse the statement using rules for JavaScript and produce an error when the statement does not conform.

Additionally, option buttons have other quirks. The biggest one I’ve found so far is the fact that if you are creating a dynamic list from a table of data, you would logically place the button in a statement loop. If you define each button with a unique name—for example, the name is terminated by the value of a loop counter—each option button would operate on its own, allowing a user to click more than one button.

If you create each button using the same variable name, then the buttons behave as intended, but now you must access them as an array control, which means that you must use a subscripted reference to the variable name. For example, using the preceding code, "rdoButton(0)" would reference the first option button in the group.

The problem here is that when you are dealing with dynamic data, you won’t always know how many records are returned. This might not be an issue, but in the case in which only one record is returned and there is only one option button, the control cannot be referenced as a control array; it must be referenced as an individual control. Referencing it as an array returns an error because there is no subscript to reference.

To work around this behavior, define the control with a value attribute and a parameter that is passed in the event handler you define.

<input type="radio" name="rdoButton" value="12" OnClick="rdoButton_OnClick('12')" language="vbscript">

Then when creating the event handler in the script, do something like the following:

<script language="vbscript">
   Sub rdoButton_OnClick(varNum)
      If IsNumeric(varNum) then
         form.hCurrentRecord.value = varNum
      Else
         form.hcurrentRecord.value = form.rdoButton.value
      End If
   End Sub
</script>

Note The 'form' designation is the name given to the form object in which the option buttons are contained.

By using this format, you avoid entirely the necessity of finding the array subscript of the option button and the error produced if trying to reference the non-existent array value of a single button. As a side note, if you place an alert in the first line of the sub that displays the value of the variable passed in 'varNum', you will see that, in the case of a single option button, the event fires twice. The first time it displays the proper value passed, and the second time it displays a reference to the object. This is why getting the value from the control is necessary. This technique could probably be simplified further by just ignoring the second event. Then the Else clause would not be required and the value attribute in the option buttons could be eliminated.