PWD protecting individual files.

D

darrel

I need to be able to password protect individual pages.

For instance:

/protected.aspx?id=123
/protected.aspx?id=555

Both would need to be only accessible to two different people (with their
own usr/pwd). What is the most appropriate way to handle this?

Typically, I'd use forms authentication and then protect an entire directory
within my app via the webconfig. In this case, though, I'm not protecting
specific aspx pages, but, rather, specific records in the DB retrieved on
this page.

I was thinking of having a person login, set a cookie with their their
usr/pwd in it, then on page load, check the cookie and match it to the
record I'm retrieving. If there's a match, show it, if not, redirect back to
the login page.

However, that would entail leaving a usr/pwd record in the cookie on their
machine. That seems like a security no-no.

I should mention that this is *not* a high security banking site or anything
of the sort. So, it doesn't have to be that secure...it's mainly being used
to avoid random browsing of some images. However, if I do it, I'd like to do
it 'right'. ;o)

-Darrel
 
S

Shawn

Encrypt the username/password and store it in a cookie or even more simple:
store it in session

Shawn


I need to be able to password protect individual pages.

For instance:

/protected.aspx?id=123
/protected.aspx?id=555

Both would need to be only accessible to two different people (with their
own usr/pwd). What is the most appropriate way to handle this?

Typically, I'd use forms authentication and then protect an entire directory
within my app via the webconfig. In this case, though, I'm not protecting
specific aspx pages, but, rather, specific records in the DB retrieved on
this page.

I was thinking of having a person login, set a cookie with their their
usr/pwd in it, then on page load, check the cookie and match it to the
record I'm retrieving. If there's a match, show it, if not, redirect back to
the login page.

However, that would entail leaving a usr/pwd record in the cookie on their
machine. That seems like a security no-no.

I should mention that this is *not* a high security banking site or anything
of the sort. So, it doesn't have to be that secure...it's mainly being used
to avoid random browsing of some images. However, if I do it, I'd like to do
it 'right'. ;o)

-Darrel
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

I need help in understanding these files on my phone, Could someone help me understand these files? Urgent help needed. Please help. 1
password protection - folders/individual files 0
Problem with a login script, SESSION user rights and put this together so it works with the other pages and MySQL. Code examples. 2
how to retrieve windows login/pwd in ASP ? 2
reading individual form elements on a page - please help 3
Protecting ASP code 5
Protecting my page from a block of untrusted HTML 0
OnButtonClick make an individual cell visible/invisible? 8

Members online

No members online now.
Total: 34 (members: 1, guests: 33)
Robots: 192

Forum statistics

Threads
473,763
Messages
2,569,562
Members
45,038
Latest member
OrderProperKetocapsules

Latest Threads

Top