This shows a "classic" asp version:
In the Protected Page
Before the <html> tag add some script to check whether the user has logged on to the server with userid/password approved for the page. The page mark up will then start like this:
myuserid = "Iamauser" 'Userid used by all users
mypassword = "LetMeIn" 'Password used by all users
logonpage = "/fp/articles/protect-page/logon.asp" 'Address of logon page -
'root relative allows the protected page to be in any folder.
if session("userid") <> myuserid or session("password") <> mypassword then
' userid or password are incorrect
'Create session variable containing this page URL
session("redirect") = request.servervariables("URL")
response.redirect(logonpage)'Open Logon Page
'userid and password are correct - show the contents of this page
The protected page for this example is here. The required userid is Iamauser and the password is LetMeIn - these are case sensitive.
If several pages are to be protected with the same userid and password, the above code can be placed in a Server Side Include (SSI) file and included into the page. The included page (userpass.asp in this example) contains the above script and nothing else. It requires the asp extension so that anyone finding the page cannot open it in a browser - the code will be run on the server and the browser will either be redirected to the logon page, or will render an empty page.
When using the SSI, the protected pages will all start like this:
<!-- #include virtual="/path/userpass.asp" -->
- "path" in the above code snippet is the path from the root folder to the file "userpass.asp"
- all pages will need a .asp (or .aspx if using asp.NET) extension.
In the Logon Page
The Logon Page is a simple form that submits to itself. When the form is submitted, session variables are created which store the userid and password, and then the browser is taken back to the original page.
The server side code required ("classic" asp version) is:
myuserid = trim(request.form("user") & "")
mypassword = trim(request.form("password") & "")
myredirect = session("redirect")
if myuserid <> "" and mypassword <> "" then
session("user") = myuserid
session("password") = mypassword
if myredirect <> "" then
Again, this goes before the <html> tag in the page.