If user doesn't have file permission to acceess xyz.asp, redirectthem

Discussion in 'ASP General' started by Devin, Oct 24, 2008.

  1. Devin

    Devin Guest

    Hi

    I asked a similar question a while ago, but I need to clarify what I
    am doing in order to get clearer response.

    When a user attempts to access an asp page, I want to check that they
    have permission to access it. If they have permission they should be
    able to coast right into the page with out incident. If they do NOT
    have file/folder permissions for that page I want to redirect them to
    another page gracefully. That is to say I don't want them to get the
    default "forbidden" page or what-have-you.

    Thanks!


    D
    Devin, Oct 24, 2008
    #1
    1. Advertising

  2. Devin

    daddywhite Guest

    At very top of your restricted ASP page:

    <%
    If Session("UserAllowed") = True Then 'OR SIMILARLY
    SOME CHECK BASED ON IP, OR DATABASE DATA LOGINS OR WHETEVER
    Response.Redirect "/sorry_not_allowed.asp"
    End If
    %>
    daddywhite, Oct 25, 2008
    #2
    1. Advertising

  3. Re: If user doesn't have file permission to acceess xyz.asp, redirect them

    Devin wrote on Fri, 24 Oct 2008 08:56:12 -0700 (PDT):

    > Hi


    > I asked a similar question a while ago, but I need to clarify what I am
    > doing in order to get clearer response.


    > When a user attempts to access an asp page, I want to check that they
    > have permission to access it. If they have permission they should be
    > able to coast right into the page with out incident. If they do NOT
    > have file/folder permissions for that page I want to redirect them to
    > another page gracefully. That is to say I don't want them to get the
    > default "forbidden" page or what-have-you.


    > Thanks!


    You could set up a custom error page for the specific response code and have
    that as your info page, or have it redirect to another page for you.

    Alternatively you could do as daddywhite suggests and check inside each page
    if the user is allowed to that page - however, as you stated "file
    permission" I assumed you meant an NTFS permission which would require using
    a custom error page.

    --
    Dan
    Daniel Crichton, Oct 27, 2008
    #3
  4. Devin

    Devin Guest

    On Oct 27, 6:30 am, "Daniel Crichton" <> wrote:
    > Devin wrote  on Fri, 24 Oct 2008 08:56:12 -0700 (PDT):
    >
    > > Hi
    > > I asked a similar question a while ago, but I need to clarify what I am
    > > doing in order to get clearer response.
    > > When a user attempts to access an asp page, I want to check that they
    > > have permission to access it.  If they have permission they should be
    > > able to coast right into the page with out incident.  If they do NOT
    > > have file/folder permissions for that page I want to redirect them to
    > > another page gracefully.  That is to say I don't want them to get the
    > > default "forbidden" page or what-have-you.
    > > Thanks!

    >
    > You could set up a custom error page for the specific response code and have
    > that as your info page, or have it redirect to another page for you.
    >
    > Alternatively you could do as daddywhite suggests and check inside each page
    > if the user is allowed to that page - however, as you stated "file
    > permission" I assumed you meant an NTFS permission which would require using
    > a custom error page.
    >
    > --
    > Dan


    Yes, I meant NTFS permissions. I should have been more specific on
    that, sorry.
    Devin, Oct 28, 2008
    #4
  5. Devin

    Devin Guest

    On Oct 27, 6:30 am, "Daniel Crichton" <> wrote:
    > Devin wrote  on Fri, 24 Oct 2008 08:56:12 -0700 (PDT):
    >
    > > Hi
    > > I asked a similar question a while ago, but I need to clarify what I am
    > > doing in order to get clearer response.
    > > When a user attempts to access an asp page, I want to check that they
    > > have permission to access it.  If they have permission they should be
    > > able to coast right into the page with out incident.  If they do NOT
    > > have file/folder permissions for that page I want to redirect them to
    > > another page gracefully.  That is to say I don't want them to get the
    > > default "forbidden" page or what-have-you.
    > > Thanks!

    >
    > You could set up a custom error page for the specific response code and have
    > that as your info page, or have it redirect to another page for you.
    >
    > Alternatively you could do as daddywhite suggests and check inside each page
    > if the user is allowed to that page - however, as you stated "file
    > permission" I assumed you meant an NTFS permission which would require using
    > a custom error page.
    >
    > --
    > Dan


    Its a matter of how do I check the NTFS permissions with ASP?
    Devin, Oct 28, 2008
    #5
  6. Re: If user doesn't have file permission to acceess xyz.asp, redirect them

    Devin wrote on Tue, 28 Oct 2008 04:35:09 -0700 (PDT):

    > On Oct 27, 6:30 am, "Daniel Crichton" <> wrote:
    >> Devin wrote on Fri, 24 Oct 2008 08:56:12 -0700 (PDT):


    >>> Hi
    >>> I asked a similar question a while ago, but I need to clarify what I
    >>> am doing in order to get clearer response.
    >>> When a user attempts to access an asp page, I want to check that
    >>> they have permission to access it. If they have permission they
    >>> should be able to coast right into the page with out incident. If
    >>> they do NOT have file/folder permissions for that page I want to
    >>> redirect them to another page gracefully. That is to say I don't
    >>> want them to get the default "forbidden" page or what-have-you.
    >>> Thanks!


    >> You could set up a custom error page for the specific response code
    >> and have that as your info page, or have it redirect to another page
    >> for you.


    >> Alternatively you could do as daddywhite suggests and check inside
    >> each page if the user is allowed to that page - however, as you
    >> stated "file permission" I assumed you meant an NTFS permission which
    >> would require using a custom error page.


    >> --
    >> Dan


    > Its a matter of how do I check the NTFS permissions with ASP?


    The ASP page itself cannot be executed if the user account doesn't have
    execute permissions, so you can't use the ASP page itself to check. Set up a
    custom error page for the specific 403.X code, that way if that page is
    called then you know that the visitor user accounts doesn't have execution
    rights for the requested ASP page, and you can handle it accordingly - for
    instance redirect to another page that they do have execute permissions for
    that will provide more detailed information about why their request wasn't
    allowed, or you can do that within the custom error page yourself if you
    want.

    If you want a different ASP page to check the permissions, that's another
    matter. I'm not sure how you'd do it, and as it would likely require the
    other ASP page to have admin level permissions to do so I'd highly recommend
    against it.

    --
    Dan
    Daniel Crichton, Oct 28, 2008
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Brent Bigler
    Replies:
    4
    Views:
    2,193
    Morgan
    Dec 20, 2003
  2. Christof Krueger
    Replies:
    1
    Views:
    596
    Christof Krueger
    Dec 19, 2003
  3. ~~~ .NET Ed ~~~
    Replies:
    1
    Views:
    221
    ~~~ .NET Ed ~~~
    Nov 13, 2004
  4. Andyza
    Replies:
    1
    Views:
    856
    Bob Barrows
    Sep 30, 2009
  5. juglesh
    Replies:
    5
    Views:
    209
    Thomas 'PointedEars' Lahn
    May 15, 2005
Loading...

Share This Page