D
darrel
I need to be able to password protect individual pages.
For instance:
/protected.aspx?id=123
/protected.aspx?id=555
Both would need to be only accessible to two different people (with their
own usr/pwd). What is the most appropriate way to handle this?
Typically, I'd use forms authentication and then protect an entire directory
within my app via the webconfig. In this case, though, I'm not protecting
specific aspx pages, but, rather, specific records in the DB retrieved on
this page.
I was thinking of having a person login, set a cookie with their their
usr/pwd in it, then on page load, check the cookie and match it to the
record I'm retrieving. If there's a match, show it, if not, redirect back to
the login page.
However, that would entail leaving a usr/pwd record in the cookie on their
machine. That seems like a security no-no.
I should mention that this is *not* a high security banking site or anything
of the sort. So, it doesn't have to be that secure...it's mainly being used
to avoid random browsing of some images. However, if I do it, I'd like to do
it 'right'. ;o)
-Darrel
For instance:
/protected.aspx?id=123
/protected.aspx?id=555
Both would need to be only accessible to two different people (with their
own usr/pwd). What is the most appropriate way to handle this?
Typically, I'd use forms authentication and then protect an entire directory
within my app via the webconfig. In this case, though, I'm not protecting
specific aspx pages, but, rather, specific records in the DB retrieved on
this page.
I was thinking of having a person login, set a cookie with their their
usr/pwd in it, then on page load, check the cookie and match it to the
record I'm retrieving. If there's a match, show it, if not, redirect back to
the login page.
However, that would entail leaving a usr/pwd record in the cookie on their
machine. That seems like a security no-no.
I should mention that this is *not* a high security banking site or anything
of the sort. So, it doesn't have to be that secure...it's mainly being used
to avoid random browsing of some images. However, if I do it, I'd like to do
it 'right'. ;o)
-Darrel