login.asa files

P

Paul C

Hi
I noticed that the database results wizard creates a login.asa which
contains a fixed username and password used to enter the access database. I
have two questions
1. I have tried to download the file using a browser and the asa file
displays as blank. Is this a FP extension permission or a general web
permission placed on asa files?
2.If I wanted to set up a fixed password to access a page using asp can I
use an asa file to store the password and username instead of a database?
Thanks
Paul M
 
M

Mark Fitzpatrick

Paul,

1) No. This should actually be the IIS web server itself not wanting to
display the information for a file with that file extensions.

2) Normally not. This is usually just for the editing feature of that
particular database results page. A database is still a better way to go
overall as it is more secure than having it as a simple text file and the
database will scale better and easier to more users than a flat text file.
You can google "login.asa" and see where some people have supplied some code
to try to do this, though the method of storing it in the db has a lot more
examples out there than this one.
 
P

Paul C

Thanks Mark
I am trying to find a secure(ish) system wheras a static login and password
can be utilized to password a few members pages but without the hassle of a
database.
Any suggestion?
Paul M
 
T

Thomas A. Rowe

Here is a simple method:

<% ' This goes at the top of each page to be protected above the opening <html> tag.
Login = LCase(Request.Form("Login"))
If Login = "password" Then
Session("Authenticated") = 1
Else
Session("Authenticated") = 0
End If
%>

<HTML>
<HEAD>
<TITLE>sample</TITLE>
</head>

<BODY>
<% If Session("Authenticated") = 1 Then %>
<p><b><font face="Arial" size="3" color="#000000">Content to see when logged in</font></b></p>
<% End If %>
<P>
<% If Session("Authenticated") = 0 Then %>
<p><b><font face="Arial" size="3" color="#000000">log in box seen when not logged in</font></b></p>
<table border="0" cellpadding="0" cellspacing="0" width="300">
<tr>
<td valign="middle" align="center" width="100%" bgcolor="#800000">
<table border="0" cellpadding="2" cellspacing="1" width="100%">
<form method="POST" action="sample.asp">
<tr>
<td width="100%" valign="middle" align="center" bgcolor="#FFFFFF"
height="50"><b><font face="Arial" size="2" color="#000000">UserID: </font> </b><input type="text"
size="10" name="Login"> <input type="submit" value="Login" name="Login"></td>
</tr>
</form>
</table></td>
</tr>
</table>
<% End If %>
</BODY>
</html>

--
==============================================
Thomas A. Rowe
Microsoft MVP - FrontPage

http://www.Ecom-Data.com
==============================================
 
P

Paul C

Thanks Thomas Great as usual
Paul M

Thomas A. Rowe said:
Here is a simple method:

<% ' This goes at the top of each page to be protected above the opening
<html> tag.
Login = LCase(Request.Form("Login"))
If Login = "password" Then
Session("Authenticated") = 1
Else
Session("Authenticated") = 0
End If
%>

<HTML>
<HEAD>
<TITLE>sample</TITLE>
</head>

<BODY>
<% If Session("Authenticated") = 1 Then %>
<p><b><font face="Arial" size="3" color="#000000">Content to see when
logged in</font></b></p>
<% End If %>
<P>
<% If Session("Authenticated") = 0 Then %>
<p><b><font face="Arial" size="3" color="#000000">log in box seen when not
logged in</font></b></p>
<table border="0" cellpadding="0" cellspacing="0" width="300">
<tr>
<td valign="middle" align="center" width="100%"
bgcolor="#800000">
<table border="0" cellpadding="2" cellspacing="1"
width="100%">
<form method="POST" action="sample.asp">
<tr>
<td width="100%" valign="middle" align="center"
bgcolor="#FFFFFF" height="50"><b><font face="Arial" size="2"
color="#000000">UserID: </font> </b><input type="text" size="10"
name="Login"> <input type="submit" value="Login" name="Login"></td>
</tr>
</form>
</table></td>
</tr>
</table>
<% End If %>
</BODY>
</html>

--
==============================================
Thomas A. Rowe
Microsoft MVP - FrontPage

http://www.Ecom-Data.com
==============================================
Click to expand...
 
P

Paul C

Hi Thomas
I have cut and pasted the code you kindly provided but it is not writing
the session object. I have added
<% Response.Write Session("Authenticated")) %>
at the bottom of the page but nothing is written only the login box with the
words "Login box seen when not logged in"

It is OK to have the head code and the body code on the same page I presume
or am I missing something
Thanks
Paul M
 
T

Thomas A. Rowe

Until you login or attempt to login, the value is null.
--
==============================================
Thomas A. Rowe
Microsoft MVP - FrontPage

http://www.Ecom-Data.com
==============================================
 
D

David Berry

Also, in Tom's code, make sure you change it to whatever your form field
name is and whatever the password is your validating. Ex:

Login = LCase(Request.Form("Login"))

Is "Login" The name of the field?

If Login = "password" Then

Is "password" the actuall password?
 
P

Paul C

Hi Thomas
Ok I have got the session object to display using <% Response.Write
(Session("Authenticated")) %> but the value of the session is still 0 even
when I login

Thanks
paul M
 
P

Paul C

Thanks
here is my code the name of the page is simplelogin1 and the form posts to
itself

<% ' This goes at the top of each page to be protected above the opening
<html> tag.
Login = LCase(Request.Form("Login"))
If Login = "passw" Then
Session("Authenticated") = 1
Else
Session("Authenticated") = 0
End If
%>



<HTML>
<HEAD>
<TITLE>sample</TITLE>
</head>

<BODY>
<% If Session("Authenticated") = 1 Then %>
<p><b><font face="Arial" size="3" color="#000000">Content to see when logged
in</font></b></p>
<% End If %>
<P>
<% If Session("Authenticated") = 0 Then %>
<p><b><font face="Arial" size="3" color="#000000">log in box seen when not
logged in</font></b></p>
<table border="0" cellpadding="0" cellspacing="0" width="300">
<tr>
<td valign="middle" align="center" width="100%"
bgcolor="#800000">
<table border="0" cellpadding="2" cellspacing="1"
width="100%">
<form method="POST" action="simplelogin1.asp">
<tr>
<td width="100%" valign="middle" align="center"
bgcolor="#FFFFFF"
height="50"><b><font face="Arial" size="2" color="#000000">UserID: </font>
</b><input type="text"
size="10" name="Login"> <input type="submit" value="Login"
name="Login"></td>
</tr>
</form>
</table></td>
</tr>
</table>
<% End If %>
<p>&nbsp;<% Response.Write (Session("Authenticated")) %></p>
</BODY>
</html>
 
P

Paul C

Hi
I have sorted it I had to change the form field name from Login to something
else

Thanks for your help
Paul M
 
P

Paul C

Hi Thomas
Thanks again for the code, I was wandering to what level of security can
this method be implimented?
Paul M
 
T

Thomas A. Rowe

You can't, as long as the file has a .asp (or .asa) extension, since the file would be processed on
the server prior to being displayed in a browser.

FYI: The .asa extension is normally associated with the global.asa file, since it is a configuration
file.

--
==============================================
Thomas A. Rowe
Microsoft MVP - FrontPage

http://www.Ecom-Data.com
==============================================
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

DBRW include login.asa 2
Database protection - Login.asa 2
Global asa 3
Security help please 7
What is the global asa? 3
Security chack please 13
FP2003 and Password Protection 2
login.asa modify 2

Top