Hushpappy
August 23rd, 2000, 03:52 PM
is there a better method to make you asp pages secure rather then check the session like if session.name "mynanem" then ...
thanks,
___///___
__(.)-(.)__
ooO(.)Ooo
thanks,
___///___
__(.)-(.)__
ooO(.)Ooo
Click to See Complete Forum and Search --> : Better Then Session
Johnny101
August 24th, 2000, 12:14 PM
What about using NT security on the pages. if you dont want to do that, then how about adding a little something to the session technique? For example, I use both session and querystring values to ensure that my user is where they are supposed to be. someone else can mimic the querystring, but if they dont have the session variable matching it - they dont get in. i use this in situations where i cant use NT security. it seems to work real well for me.
good luck,
John
John Pirkey
MCSD
http://www.ShallowWaterSystems.com
http://www.stlvbug.org
good luck,
John
John Pirkey
MCSD
http://www.ShallowWaterSystems.com
http://www.stlvbug.org
Hushpappy
August 25th, 2000, 02:20 AM
what do you mean by nt security?
and do you have any article on this..
thanks,
___///___
__(.)-(.)__
ooO(.)Ooo
and do you have any article on this..
thanks,
___///___
__(.)-(.)__
ooO(.)Ooo
Johnny101
August 25th, 2000, 10:00 AM
Every IIS server is part of an NT domain. You're familiar with windows NT and logging into the machines right? That's NT security. You can configure sections of the web site to use that exact same security - they get the NT logon box asking for a valid NT username and password. For a quick example, if yuo have access to the IIS box, go into the IIS administration. choose a single asp page on your site (not the default one, make a temp one or use one that isn't hit a lot). right click it and choose properties. when the dialog appears, there will be a tab on the top for security (called Direcotry Security, i think). choose that tab. then in the first frame there's a button captioned with "Edit", click it and new form pops up with three check boxes. one for Allow Anonymous Access, Basic Authentication and NT Challenge Response (if your using IIS4, IIS5 has some other options as well). Unclick the Allow Anonymous Access and click the Basic Authentication. when you click the basic, a message box will pop up informing you that the username and passwords will be sent across the internet, choose yes. click ok to all dialogs until you are back at the IIS admin. then open a browser and navigate to that page yuo just "secured". when you try to access it, you should be prompted for a username and password - these must be valid in the domain that the IIS server is a part of.
MS has a lot of articles on this. also check out www.asp101.com, i remember seeing an article that was pretty good there. and www.asptoday.com - i know they have had some articles on IIS/NT security.
hope this helps,
John
John Pirkey
MCSD
http://www.ShallowWaterSystems.com
http://www.stlvbug.org
MS has a lot of articles on this. also check out www.asp101.com, i remember seeing an article that was pretty good there. and www.asptoday.com - i know they have had some articles on IIS/NT security.
hope this helps,
John
John Pirkey
MCSD
http://www.ShallowWaterSystems.com
http://www.stlvbug.org
codeguru.com
Copyright WebMediaBrands Inc., All Rights Reserved.
Copyright WebMediaBrands Inc., All Rights Reserved.