There is a simple alternative to NT authenication is to cheat. Here's a "no NT involved" version of security.inc; just put
<!--#INCLUDE FILE="security.inc"-->
at the top of each ASP page you want to protect, and put this in
security.inc:
<%
'does the session know the user?
UserID=Session("UserID")
Rejected=False
If IsEmpty(UserID) Or IsNull(UserID) Or UserID="" Then
Attempted=False
'Figure out who we are, for later
URL=Request.ServerVariables("QUERY_STRING")
If IsEmpty(URL) Or URL="" Then
URL="" ' just in case
Else
URL="?" & URL
End If
URL=Request.ServerVariables("SCRIPT_NAME") & URL
'check for POSTed authentication information
UserID=Request.Form("UserID")
UserPWD=Request.Form("UserPWD")
If IsEmpty(UserID) Or IsNull(UserID) Or UserID="" Then
Rejected=True
Else
' insert your own checking here -- this is deliberately lame
If UserID="Foo" AND UserPWD="Foo" Then
'wahoo!
'set the session variable
Session("UserID")=UserID
Rejected=False
Else
Attempted=True
Rejected=True
End If
End If
End If
If Rejected Then
If Attempted Then
Title="Authentication Failure"
Else
Title="Please Authenticate"
End If
%>
<!--#INCLUDE FILE="authentication_form.htm"-->
<%
Response.End 'stop processing before it gets back to your page
End If
' ... otherwise, on with your normal page.
%>
The authentication page (authentication_form.htm) could look like this:
You could just as easily paste this HTML in where the INCLUDE is, but it makes it a little harder to edit using FrontPage. Note that anyone trying to hit authentication_form.htm is going to find it a little...
well, useless. I'll leave it as an exercise to the reader how to get around this.
How does security.inc work?
If the user has authenticated already, security.inc notices that the UserID session variable is set and passes control back to your page. If they haven't, it sends them a form which asks for their username and password. When they submit that information, security.inc checks it and
either gives them the form again or passes control back to your page.
The extra code is there to tweak the form if the user failed
authentication (as opposed to simply not having authenticated yet), and to preserve any query information in the URL.
Note that if the user doesn't accept the ASP cookie (or is using a non-cookie-aware browser), the session variable won't be preserved and they'll be continuously asked to re-authenticate. You should modify the authentication page so that it warns users of this.
This 15 Seconds' issue contains source code and step by step instructions for creating a chat session using Active Server pages, HTML and a standard web browser. Also demonstrated is writing and reading of a file with an Active Server page. [Read This Article][Top]
This issue describes how to make a list server using Active Server, SQL Server, and Stephen Genusa's ASPMail Component. Included are source and instructions for adding the user to the list from a Active Server page, removing the user from the list via a Active Server page, and sending mail to the whole list. [Read This Article][Top]
A rewrite of part one of a four-part series on Active Server objects. A simple example of creating a Active Server Component in Visual Studio 5.0 using the Active Template Library 2.0. The example component retrieves the user's cookie, if not available issues a new 128-bit cookie. Included in the issue is the source code and step by step instructions. This issue has been rewritten to illustrate the use of Visual Studio 5.0 and ATL 2.0 in writing Active Server Components. [Read This Article][Top]
In this issue 15 Seconds implements a catalog site that is build with Active Server pages and SQL Server. Along with the implementation there is source code and a discussion of the advantages and disadvantages of creating a catalog site that gets its content from a database. Included are pages for displaying products, creating a menu page, category page, and running a search across a database. [Read This Article][Top]
A complete discussion of the Last Modified header and the Expires header including the effect they have on Active Server page and various browsers. [Read This Article][Top]
