Skip Navigation | Groups

This site uses cookies- for more information see the Cookie Policy | Continue


Password Protection with a single userid

Protection with a single userid and password for all users

This shows a "classic" asp version:

In the Protected Page

Before the <html> tag add some script to check whether the user has logged on to the server with userid/password approved for the page. The page mark up will then start like this:

dim logonpage
dim myuserid
dim mypassword
myuserid = "Iamauser" 'Userid used by all users
mypassword = "LetMeIn" 'Password used by all users
logonpage = "/fp/articles/protect-page/logon.asp" 'Address of logon page -
'root relative allows the protected page to be in any folder.
if session("userid") <> myuserid or session("password") <> mypassword then
' userid or password are incorrect
'Create session variable containing this page URL
session("redirect") = request.servervariables("URL")
response.redirect(logonpage)'Open Logon Page
'userid and password are correct - show the contents of this page
end if

The protected page for this example is here. The required userid is Iamauser and the password is LetMeIn - these are case sensitive.

If several pages are to be protected with the same userid and password, the above code can be placed in a Server Side Include (SSI) file and included into the page. The included page (userpass.asp in this example) contains the above script and nothing else. It requires the asp extension so that anyone finding the page cannot open it in a browser - the code will be run on the server and the browser will either be redirected to the logon page, or will render an empty page.

When using the SSI, the protected pages will all start like this:

<!-- #include virtual="/path/userpass.asp" -->

Note that:

  1. "path" in the above code snippet is the path from the root folder to the file "userpass.asp"
  2. all pages will need a .asp (or .aspx if using asp.NET) extension.

In the Logon Page

The Logon Page is a simple form that submits to itself. When the form is submitted, session variables are created which store the userid and password, and then the browser is taken back to the original page.

The server side code required ("classic" asp version) is:

dim myuserid
dim mypassword
dim myredirect
myuserid = trim(request.form("user") & "")
mypassword = trim(request.form("password") & "")
myredirect = session("redirect")
if myuserid <> "" and mypassword <> "" then
session("user") = myuserid
session("password") = mypassword
if myredirect <> "" then
else response.redirect("/")
end if
end if

Again, this goes before the <html> tag in the page.