|
|
I was asked to create a webpage using FrontPage 2002. After completing the webpage I was ask to create a login screen that users would have to Login and be redirected to the corresponding folder. I recently found out that the ISP does not support FrontPage Server Extensions. My webpage looks ok only because its simple and frontpage server extensions were not needed. As for the login in screen I'm not sure how to design it but I am thinking of using ASP pages. I've searched around and lot of people are saying to use SPOOKY but and I not going that route. Can someone point me in another direction?
My idea was to create a "LOGIN.ASP" with 2 text boxes for username and password...and of coarse the submit and reset buttons. Then when logging in it would go to the VALIDATION.ASP to validate the username and password. Then, if successful, and depending on the username...it would redirect the user to the appropriate page.
I am intending on creating multiple folders. For instance "Customer" folder and a "Shipping" folder. If logged in as customer then be redirected to the customer folder...and so on.
Can this be achieved using FrontPage and ASP on a host server that does not support frontpage server extensions?
|
|
|
|
1. What OS is the webserver? (e.g. Windows, Linux)
2. What software is the webserver? (e.g. IIS, Apache)
3. What security-related components/modules are available for your use on the webserver? (You may need to contact your hosting company to find out.)
4. What do you need to protect? (e.g. All content within a folder structure, or simply ASP pages.)
You say FrontPage extensions are NOT supported? If your host supports ASP pages, I'm surprised they don't support FrontPage simply because it's such a common Microsoft supported product. I don't use FrontPage or know much about it. I especially don't know anything about FrontPage's proprietary features and extensions. If FrontPage provides a security/authentication model, and you like to use FrontPage, that's probably the easiest way to go. Perhaps you should consider getting a host that supports FrontPage 100%.
Some stuff to think about:
With standard ASP, you can develop your own security that will protect ASP pages. However, non ASP files available in public-accessible web folders will not be protected this way. For example, if you have a folder with 10 ASP pages, 2 HTML pages, 3 images, and a couple PDF documents, only the 10 ASP pages could include your security control.
To provide true security regardless of file type, you need either a server-side component such as one built as an ISAPI filter or use the built in Windows security -- which means all your usernames and passwords to access your pages would need to be Windows accounts on the webserver (or domain). Chances are, no hosting company is going to setup actual Windows accounts for all your users. You would have no control over your accounts that way anyway.
I have several ASP apps where I use my own ASP-built authentication against a database. This works great, but like I said, only the ASP pages are actually protected from public viewing. All the images, html pages, PDF documents, etc in my "protected" folders can be browsed to IF you know the path. (Security by obscurity!) For my purposes, this level of security is sufficient. If my clients had sensitive PDF documents, Excel spreadsheets, etc in those folders, then I would need a higher level of security.
|
|
|
|
|
|
I just found out that the host server is a Unix Server and does not support ASP. I want a customer to log in and be directed to the customer folder but I don't want the customer to see anyother folders. Does that help?
Thanks
|
|
|
|
When you say you want them directed to a folder, do you mean you just want them to be able to browse the folder? That is, just see a list of all files in the folder?
With Unix/Linux, you should be able to use the .htaccess method explained here.
http://web-bureau.com/modules/bsecure.php
http://www.4webhelp.net/tutorials/misc/htaccess.php
You'll need to be somewhat familiar with at least getting around the filesystem and how to ftp files to the server.
I don't think you'll have an easy way to know WHO the authenticated user is. So you may not be able to easily auto-direct to the correct folder based on the user. Instead, you may need a simple page with a link for each type of user folder, when they click that folder, .htaccess will prompt for username and password.
If somebody could reply that has more experience with .htaccess, I'd love to hear more about this.
By the way, since you are on *NIX rather than Windows, so you have PHP available to you rather than ASP, let me just say that if you are just starting out, you can do anything you want to do with either ASP or PHP. I was 100% hard-core ASP developer for many years before starting with PHP. I quickly become a PHP convert. Today, I still maintain a lot of ASP code, but all new web apps I code with PHP and use MySql for database.
|
|
|
|
|
|
|
|
|
|
Jojo123456789j
Troy Wolf