Tags General HTML Security
2012040301	Email to Ronx

User name:

Password:

---

A "classic" ASP page would contain the following code before the <HTML> tag:

<%
dim myuserid
dim mypassword
dim myredirect
myuserid = trim(request.form("user") & "")
mypassword = trim(request.form("password") & "")
myredirect = session("redirect")
if myuserid <> "" and mypassword <> "" then
session("user") = myuserid
session("password") = mypassword
if myredirect <> "" then
response.redirect(myredirect)
else response.redirect("/")
end if
end if
%>

The form above would be coded as (after removing the formatting):

<form action="logon.asp" method="post">
<p>User name: <input name="User" type="text" /></p>
<p>Password: <input name="Password" type="password" /></p>
<p><input name="Submit1" type="submit" value="Submit" /></p>
</form>

For asp.NET pages, the asp.NET Membership is a better, more flexible option, but for a handful of protected pages the above becomes (using vbscript):

<script runat="server">
Protected Sub Page_Load(ByVal sender As Object, ByVal e As EventArgs)
If isPostBack Then
dim myuserid as String = ""
dim mypassword as String = ""
dim myredirect as String = ""
myuserid = user.Text
mypassword = password.Text
myredirect = session("redirect")
if myuserid <> "" and mypassword <> "" then
session("userid") = myuserid
session("password") = mypassword
if myredirect <> "" then
response.redirect(myredirect)
else
response.redirect("~/fp/articles/protect-page/single-userid.aspx")
end if
else 'do nothing
end if
End Sub
</script>

...and the form:

<p>User name:
 <asp:TextBox id="user" runat="server" CssClass="inp"></asp:TextBox></p>
<p>Password:
 <asp:TextBox id="password" runat="server" CssClass="inp" TextMode="Password"></asp:TextBox></p>
<p><asp:Button id="Submit1" runat="server" Text="Submit" CssClass="button" /></p>

The <form> tags in an .aspx page usually encompass the entire page - there is only one <form>.