The need for a security system is obvious if your pages include sensitive information.

This sample shows you how to setup some of your pages to ask for login if the user has not logged in yet.

2eNetWorX/dev site uses this kind of protection for interactive pages and file downloads.

Let's assume that we have a page where the visitors can ask questions. We want to make sure that the user

has logged in before being able to ask a question.

If the user has not logged in yet, we will ask for a login. After a successful login, we will redirect the

user to the page requested.

First, we will have a common file to check for login. You need to include this file into all the pages

that require login.

security.asp

<%

bLoggedIn = (len(session("UserName")) > 0)

if bRequireLogin then

'Login required

if Not bLoggedIn then

'Not logged in, ask for login

response.redirect "login.asp?comebackto=" & _

request.servervariables("script_name") & "?" & _

server.urlencode(request.querystring)

'Note how we construct the page to come back

end if

end if

%>

login.asp

First thing to do in our login.asp page is to get the page where the user is redirected from. The variable

sReferer is used to redirect back to the page the user has come from.

sGoBackTo variable will used in the

<%

end if

%>

testpage.asp

Now, all you need to do is setting bRequireLogin to True and including the security.asp file.

<%

bRequireLogin = True

%>

Users should be logged in to see this text.

I hope this sample gives you a quick overview of a simple security system implementation with ASP.

You are always welcome to express your feedback!

by Hakan Eskici