First post here, so sorry if I'm asking irrelevant questions .
I have inherited a site which has a lot of database integration and some fairly complicated security around it. I am looking for a way of protecting certain admin pages and showing hyperlinks on some pages, only to privileged users, without non privileged users having to use a login page
Does anybody have a suggestion for a simple way to get around this problem, maybe reading off NT logons, so that I can manage those who have restricted access and unrestricted access fairly simply?
I'm using the Request.ServerVariables("AUTH_USER") to do that very same thing for my website. It's an intranet, so I also set IIS5 to use the Windows authentication info, that way the don't need to logon again for the website (they do if they're using Netscape).
I then created two pages that are the top and bottom of the code necessary to protect the pages and added them into the pages using <!--#include File='topcodefile.asp'-->, so they don't show up when the page is loaded. The code that goes on the top portion file can be something like:
<%
session("UserName") = Request.ServerVariables("AUTH_USER")
Select Case UserName
Case "authorizeduser","anotherauthorizeduser"
%>
Then the code for the bottom page:
<%
Case Else
%>
A BUNCH OF HTML FOR THE "YOU'RE NOT ALLOWED IN HERE" PAGE
<%
End Select
%>
You can also use this in the middle of a page to recognize the user and display a link, like you mentioned. Basically what I'd do is insert similar code into external files and always use <!--#include File='topcodefile.asp'--> in the main file so the code remains hidden.
Security/Administration Access using ASP
.
Reply With Quote
Bookmarks