1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

asp logon script

Discussion in 'Web Development & Web Hosting' started by Sparky, Feb 28, 2006.

  1. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,190
    296
    319
    Hi all,

    Even though I’m now chasing a career in an IT support I still get some developer projects to do!

    Basically I need to write a small asp.net script for a website that redirects the user to the relevant page depending on the logon credentials. I have this working with a small Access database holding the usernames and passwords.

    The problem is that if a user knows the URL to the Access database they can download it, not good! I have password protected the Access database but this is not an ideal solution.

    I have developed the code on my laptop with IIS running on the laptop as well. I will be moving the code onto a Windows 2003 server this week and I need to find a method to stop users downloading the database, any ideas? Also if there is a better method to authenticate the users (which isn’t too complicated) Id be glad to hear it! :biggrin
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  2. Bluerinse
    Honorary Member

    Bluerinse Exabyte Poster

    8,871
    167
    256
    I am no guru on IIS Sparky but I found this link which does explain what is possible using NTFS, WebDAV and how they interact with each other.

    I think that the answer is to set proper restrictive permissions to the Access database folder.

    http://www.microsoft.com/technet/pr...technologies/iis/deploy/confeat/permmaze.mspx
     
    Certifications: C&G Electronics - MCSA (W2K) MCSE (W2K)
  3. Boycie
    Honorary Member

    Boycie Senior Beer Tester

    6,281
    85
    174
    Certifications: MCSA 2003, MCDST, A+, N+, CTT+, MCT
  4. JonnyMX

    JonnyMX Petabyte Poster

    5,239
    211
    236
    That's really useful, thanks.
    Wish I'd had it a couple of months ago!
     
    Certifications: MCT, MCTS, i-Net+, CIW CI, Prince2, MSP, MCSD
  5. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,190
    296
    319
    Good link that. 8)

    I made a change in the actual asp code. Originally I had the database in a virtual folder in IIS but I took the database out of the folder and put it in a regular windows folder on the D: partition. Therefore the code reads D:\database\users.mdb in the database connection string which isn’t viewable when you click 'view source' in IE. Also you can’t browse to the database directory through a URL so in theory it can’t be downloaded.

    Will hopefully move the code onto the Windows Server box tomorrow and have a beta version online by the end of the week.

    Will have to start wearing my “I am not a software developer” T-shirt to work from now on so I don’t get landed with these projects! :blink
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010

Share This Page

Loading...