Hello,

First post here, so sorry if I'm asking irrelevant questions:) .

I have inherited a site which has a lot of database integration and some fairly complicated security around it. I am looking for a way of protecting certain admin pages and showing hyperlinks on some pages, only to privileged users, without non privileged users having to use a login page

Does anybody have a suggestion for a simple way to get around this problem, maybe reading off NT logons, so that I can manage those who have restricted access and unrestricted access fairly simply?

Many thanks

Hey there!

I'm using the Request.ServerVariables("AUTH_USER") to do that very same thing for my website. It's an intranet, so I also set IIS5 to use the Windows authentication info, that way the don't need to logon again for the website (they do if they're using Netscape).

I then created two pages that are the top and bottom of the code necessary to protect the pages and added them into the pages using <!--#include File='topcodefile.asp'-->, so they don't show up when the page is loaded. The code that goes on the top portion file can be something like:

<%
session("UserName") = Request.ServerVariables("AUTH_USER")
Select Case UserName
Case "authorizeduser","anotherauthorizeduser"
%>

Then the code for the bottom page:

<%
Case Else
%>

A BUNCH OF HTML FOR THE "YOU'RE NOT ALLOWED IN HERE" PAGE

<%
End Select
%>


You can also use this in the middle of a page to recognize the user and display a link, like you mentioned. Basically what I'd do is insert similar code into external files and always use <!--#include File='topcodefile.asp'--> in the main file so the code remains hidden.

Did that make sense? Hope so!!! Good luck!

Natalia