Hi,

I am quite new to HTML and Scripting, though I have a reasonable amount of experience in VB, and some Java.

I am currently working on a Web app project which connects to an SQL server database. The first page of my app forces the user to log in, and users the security of the database to verify the login. What I want to know is what is the standard way to stop people trying to backdoor you web app and skip the login?

At the moment if the user were to avoid my Login.html and try to go straight to MainFrame.html they would be allowed. They would not be able to access any asp pages however (which do all of the work) because the asp pages look for a specific value of a certain cookie and if it is not there they redirect the user to the login page.

How do I do something similar for my html pages (non-asp)? Should I convert all of my html pages to asp pages, just so I can use the same protection?

Cheers in advance for any help,
Angelus

Do your HTML pages do any remote scripting, access the database or anything? Is any of your data exposed through them? If not, you probably don't need to hide them. You could look into SSL, but the cookies you're using now are probably enough.

Hi

Thanks for the help. My HTML pages don't do any work with the databases, that is all handled through the asp pages.

Cheers for the help,
Angelus

After the successful login make a variable in Login.asp page

Response.Cookies("LoginValid") = "Valid"

use this code in MainFrame.asp page

Response.Buffer = TRUE
if Request.Cookies("LoginValid") <> "Valid" then
Response.Redirect "login.asp"
end if
Response.Flush

i hope this may help u

Hi,

Thanks for all your help. bharadwajrv's answer is pretty much what I had already done after some playing about. Though this only really helps me protect html pages. Though, as I said earlier this doesn't matter too much as all the db work is done in the asp pages.

Cheers
Angelus