If user doesn't have file permission to acceess xyz.asp, redirectthem

D

Devin

Hi

I asked a similar question a while ago, but I need to clarify what I
am doing in order to get clearer response.

When a user attempts to access an asp page, I want to check that they
have permission to access it. If they have permission they should be
able to coast right into the page with out incident. If they do NOT
have file/folder permissions for that page I want to redirect them to
another page gracefully. That is to say I don't want them to get the
default "forbidden" page or what-have-you.

Thanks!


D
 
D

daddywhite

At very top of your restricted ASP page:

<%
If Session("UserAllowed") = True Then 'OR SIMILARLY
SOME CHECK BASED ON IP, OR DATABASE DATA LOGINS OR WHETEVER
Response.Redirect "/sorry_not_allowed.asp"
End If
%>
 
D

Daniel Crichton

Devin wrote on Fri, 24 Oct 2008 08:56:12 -0700 (PDT):
I asked a similar question a while ago, but I need to clarify what I am
doing in order to get clearer response.
When a user attempts to access an asp page, I want to check that they
have permission to access it. If they have permission they should be
able to coast right into the page with out incident. If they do NOT
have file/folder permissions for that page I want to redirect them to
another page gracefully. That is to say I don't want them to get the
default "forbidden" page or what-have-you.

You could set up a custom error page for the specific response code and have
that as your info page, or have it redirect to another page for you.

Alternatively you could do as daddywhite suggests and check inside each page
if the user is allowed to that page - however, as you stated "file
permission" I assumed you meant an NTFS permission which would require using
a custom error page.
 
D

Devin

Devin wrote  on Fri, 24 Oct 2008 08:56:12 -0700 (PDT):


You could set up a custom error page for the specific response code and have
that as your info page, or have it redirect to another page for you.

Alternatively you could do as daddywhite suggests and check inside each page
if the user is allowed to that page - however, as you stated "file
permission" I assumed you meant an NTFS permission which would require using
a custom error page.

Yes, I meant NTFS permissions. I should have been more specific on
that, sorry.
 
D

Devin

Devin wrote  on Fri, 24 Oct 2008 08:56:12 -0700 (PDT):


You could set up a custom error page for the specific response code and have
that as your info page, or have it redirect to another page for you.

Alternatively you could do as daddywhite suggests and check inside each page
if the user is allowed to that page - however, as you stated "file
permission" I assumed you meant an NTFS permission which would require using
a custom error page.

Its a matter of how do I check the NTFS permissions with ASP?
 
D

Daniel Crichton

Devin wrote on Tue, 28 Oct 2008 04:35:09 -0700 (PDT):
Its a matter of how do I check the NTFS permissions with ASP?

The ASP page itself cannot be executed if the user account doesn't have
execute permissions, so you can't use the ASP page itself to check. Set up a
custom error page for the specific 403.X code, that way if that page is
called then you know that the visitor user accounts doesn't have execution
rights for the requested ASP page, and you can handle it accordingly - for
instance redirect to another page that they do have execute permissions for
that will provide more detailed information about why their request wasn't
allowed, or you can do that within the custom error page yourself if you
want.

If you want a different ASP page to check the permissions, that's another
matter. I'm not sure how you'd do it, and as it would likely require the
other ASP page to have admin level permissions to do so I'd highly recommend
against it.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,744
Messages
2,569,482
Members
44,901
Latest member
Noble71S45

Latest Threads

Top