Security using Access user level security

G

Guest

This is the first time I tried this, so forgive me if
this is a redundant question.

I have an Access 2000 database utilizing user level
security. What I would like to do is have a FrontPage
opening page that asks for the user id and password for
the user on a form, then pass this information to the
Access database for authentification. If it is a valid
user id and password, I would like the site to proceed to
the URL associated for that user in the database. If it
is not valid, I would want to display an error message
asking the user to re-enter his information.

Am I over simplifing this, or is it as simple as I make
it sound. If so, how can this be accomplished.
 
T

TB

Your security should be based on a combination of checking against a list of
users in a table, and then a Session variable, which is checked on all the
pages you want to protect. You could do something along the lines of this:

Login.asp:

<%
Dim UserName
Dim Password
UserName = Request.Form("Username")
Password = Request.Form("Password")
If Len(UserName) > 0 Then
msql = ("SELECT Username, Pw FROM users WHERE Usuario='" & UserName & "'
AND Pw='" & Password & "'")
Set RS = Conn.Execute(msql)
If RS.EOF Then
ErrorMessage = "<P><font color=""red"">Usuario o contraseña
incorrecto</font></P>"
RS.Close
Conn.Close
Set RS = Nothing
Set Conn = Nothing
Else
RS.Close
Conn.Close
Set RS = Nothing
Set Conn = Nothing
Session("SecurityID") = "askljhsdfvljhdsfgkjlh3tkljasdlkskuh"
Response.redirect "yourpage.asp"
End If
End If
%>
<Form Method="Post" Action="login.asp">
User name: <Input Name="Username" size="15"><br>
Password: <Input Type="Password" Name="Password" size="15"><br>
<Input Type="submit" Value="Enter" Name="Login">
</Form>

(If you wan't more security, you should another function which generates
random Session variables for each user.)

On yourpage.asp (and any other page you want to protect, you should add the
following code at the top:

<%
If Session("SecurityID") <> "askljhsdfvljhdsfgkjlh3tkljasdlkskuh" Then
Response.Redirect "editweb.asp"
End If
%>

If you want any further assistance do not hestitate to contact me.

Cheers,

TB
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

User Level Security Enquiry 1
user level security 1
access 2007 user-level security 6
running a compact script, security issue 1
User level security 1
User Level Security & Access 2007 2
no access to website 3
User Level Security 1

Top