Results 1 to 6 of 6
  1. #1
    Lounger
    Join Date
    Dec 2001
    Location
    Br. Columbia, Canada
    Posts
    28
    Thanks
    0
    Thanked 0 Times in 0 Posts

    restricting access to a page on an intranet

    I also posted this today on the Front Page lounge but am re-posting it here as this might be a more appropriate lounge.

    I have created a web page on an intranet site that I want to restrict to specific users. The following Select Case seems to work intermitently but appears to fail when new users are added. It is based on the user's logon user name and will allow authorized users (listed in the case statement ) to see the page but will otherwise display a shell page with a message saying they don't have access rights.

    <% Select Case Request.ServerVariables("LOGON_USER")
    Case "ABCUSERNAMEA",_
    "ABCUSERNAMEB",_
    "ABCUSERNAMEC",_
    <div align="center">
    more code
    <% Case Else%>
    different code about page and message
    <%
    End Select

    %>

    Is this select case statement formatted correctly? Is the continuation character _ correct?

  2. #2
    Silver Lounger
    Join Date
    Jan 2001
    Location
    Indianapolis, Indiana, USA
    Posts
    1,862
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: restricting access to a page on an intranet

    Hi Mike,

    I've had problems with certain syntax usages of Select Case in ASP. I'm not sure if the ASP.DLL supports limited features of this keyword, but I've noticed similar behavior to yours.

    The only thing that catches my eye is that you may want to insert a space before your underscore.

    Perhaps a better way of achieving the same result would be adding the desired usernames into a simple database (such as Access) and checking against a recordset for access to the page. This would certainly save having to maintain the same list in mulptiple pages, assuming you use this feature more than once....

    Let me know if you are interested in code samples of this technique.

    Hope this helps!

  3. #3
    Star Lounger
    Join Date
    Jan 2001
    Location
    Albuquerque, New Mexico, USA
    Posts
    62
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: restricting access to a page on an intranet

    I haven't used CASE recently so I looked in my ASP book. When you use SELECT CASE, you need to preface each case with the word CASE. For your information, it would be something like this:
    Select Case Request.ServerVariables("LOGON_USER")
    Case "ABCUSERNAMEA":
    Case "ABCUSERNAMEB":
    Case "ABCUSERNAMEC":
    End Select

    Obviously I haven't tested this but this might help.

  4. #4
    Lounger
    Join Date
    Dec 2001
    Location
    Br. Columbia, Canada
    Posts
    28
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: restricting access to a page on an intranet

    Mark, Thank you for your help. Your Access solution sounds a much better approach to the problem. Would you be able to post your example so that others can share this?

    Mike

  5. #5
    Lounger
    Join Date
    Dec 2001
    Location
    Br. Columbia, Canada
    Posts
    28
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: restricting access to a page on an intranet

    Loretta,
    Thank you for your help and your solution which solves my problem.

    Mike.

  6. #6
    Silver Lounger
    Join Date
    Jan 2001
    Location
    Indianapolis, Indiana, USA
    Posts
    1,862
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: restricting access to a page on an intranet

    Hi Mike,

    I'll give a few basic details of the process here. There are a number of ways to accomplish the same thing. I'll just post the quickest and dirtiest.

    Create a database (I'll use Access as an example - anything will work) with a table called "tbl_Users" (or whatever) and add a field called "Username". Add the desired usernames to the tbl_Users.Username field.

    Create a Function in a separate ASP file to be included in any desired ASP page (with the INCLUDE statement). Note: with an included ASP file, you only need the desired ASP code - no HTML tags or Page directives are necessary.

    Here's the code for the Included file (let's call it Authenticate.asp):<pre><%
    Function AuthenticateUser(strUsername)
    'This function will return a Boolean value (True/False) telling whether the user exists in the table or not

    'Create the ADO Connection and Recordset objects
    set cnn = Server.CreateObject("ADODB.Connection")
    set rst = Server.CreateObject("ADODB.Recordset")

    'Open the Connection to the database
    '(db_Users.mdb - located in the same folder as the ASP files)
    cnn.Open "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" _
    & Server.MapPath("db_Users.mdb") & ";"

    'Open Recordset, filtered to the given Username
    rst.Open "SELECT Username FROM tbl_Users WHERE Username='" & strUsername & "'", _
    cnn,adOpenForwardOnly,adLockReadOnly

    'If strUsername is in the table, return True, otherwise False
    If Not rst.BOF AND Not rst.EOF Then
    AuthenticateUser = TRUE
    Else
    AuthenticateUser = FALSE
    End If

    rst.Close
    set rst = nothing
    cnn.Close
    set cnn = nothing

    End Function
    %></pre>

    Next, use an Include statement in any desired ASP file (note: spaces added to prevent problems with display on the Lounge)
    < ! - - #INCLUDE File="Authenticate.asp" - - >

    Now, you can use the AuthenticateUser function in your page's logic to decide whether or not to show content:<pre><%
    If AuthenticateUser(Request.ServerVariables("LOGON_US ER")) Then
    'Show page content
    Else
    'Take other action as needed
    End If
    %></pre>

    Hope this helps!

    (Note: I typed this directly into the Lounge without testing first - you may find typos...sorry <img src=/S/shrug.gif border=0 alt=shrug width=39 height=15>)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •