Wrox Home  
Search P2P Archive for: Go
Shopping CartView Cart  |  My Account  |  Support
Home Browse Titles

P2P Archives
 

Archive Index
Back to Active P2P Forum

 


Wrox Chapters on Demand - Download the chapters you need and take them on the go!
Wrox First - Instant Access online to new Wrox books

New Titles for ASP.NET

Cover image for product 0470190647
DotNetNuke Websites Problem Design Solution
Cover image for product 0470391847
Jumping from ASP to ASP.NET
View Code Camp Videos - Presentations by Wrox Authors
  Return to Index  

asp_web_howto thread: Security and permission issues

Message #1 by achiu@m... on Fri, 15 Jun 2001 16:25:29
Hi there,



Our website has two parts, Part_A is for students(Requires student name 

and id to login. Name and id in sql server DB), Part_B is for the members

(Requires member name and password to login. Name and password in sql 

server DB). We now want to open one section(named Career) of the Part_B to 

the students. The students can go to the Career section of Part_B from 

Part_A where they get access but the students will not have further 

permission to view any other pages of Part_B. Any suggestions and codes 

will be appreciated.



Alan
Message #2 by slau@p... on Tue, 19 Jun 2001 18:41:44
> Hi there,

> 

> Our website has two parts, Part_A is for students(Requires student name 

> and id to login. Name and id in sql server DB), Part_B is for the members

> (Requires member name and password to login. Name and password in sql 

> server DB). We now want to open one section(named Career) of the Part_B 

to 

> the students. The students can go to the Career section of Part_B from 

> Part_A where they get access but the students will not have further 

> permission to view any other pages of Part_B. Any suggestions and codes 

> will be appreciated.





Hello, 



In your DB you'll have their name, ID#. Also put in another field

where you can flag them as members thus eliminating the second need for 

authentication.

ie a record would look like:



Kendra McDaon, 215552, myPass, Member



try this for page A: 



<%

Set objConn = Server.CreateObject("ADODB.Connection")

Set objRS = Server.CreateObject("ADODB.RecordSet")



ObjCon.open [your database connection]

objRS.open select NAME, IDNUM, PASSWD, STATUS from users



%>



Blurb about your page...

Password auth...



Match name entered with one in DB and set the status session variable.



'This saves the status of member/nonmember for the entire session that

'they are logged into the system, including across several pages.

'**********************************

Session("STATUS") = objRS("STATUS")

------------------

Then page B.



Career section.



<% if Session("STATUS") = "Member" %>   

Rest of page B

<%Else%>

Sorry, you do not have access to this page

<%End if%> 



etc...



Hopefully this helps

Sandra

  Return to Index  
About Wrox  |  Contact Us  |  Subscribe to an RSS Feed of New Wrox Titles
Copyright © 2000-2004 by John Wiley & Sons, Inc. or related companies. All rights reserved. Please read our Privacy Policy