asp logon script

Discussion in 'Web Development & Web Hosting' started by Sparky, Feb 28, 2006.

  1. Sparky
    Highly Decorated Member Award 500 Likes Award

    Sparky Zettabyte Poster Moderator

    10,721
    549
    364
    Hi all,

    Even though I’m now chasing a career in an IT support I still get some developer projects to do!

    Basically I need to write a small asp.net script for a website that redirects the user to the relevant page depending on the logon credentials. I have this working with a small Access database holding the usernames and passwords.

    The problem is that if a user knows the URL to the Access database they can download it, not good! I have password protected the Access database but this is not an ideal solution.

    I have developed the code on my laptop with IIS running on the laptop as well. I will be moving the code onto a Windows 2003 server this week and I need to find a method to stop users downloading the database, any ideas? Also if there is a better method to authenticate the users (which isn’t too complicated) Id be glad to hear it! :biggrin
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) MS-900 AZ-900 Security+ Network+ A+
    WIP: Microsoft Certs
  2. Bluerinse
    Honorary Member

    Bluerinse Exabyte Poster

    8,878
    181
    256
    I am no guru on IIS Sparky but I found this link which does explain what is possible using NTFS, WebDAV and how they interact with each other.

    I think that the answer is to set proper restrictive permissions to the Access database folder.

    http://www.microsoft.com/technet/pr...technologies/iis/deploy/confeat/permmaze.mspx
     
    Certifications: C&G Electronics - MCSA (W2K) MCSE (W2K)
  3. Boycie
    Honorary Member

    Boycie Senior Beer Tester

    6,281
    85
    174
    Certifications: MCSA 2003, MCDST, A+, N+, CTT+, MCT
  4. JonnyMX

    JonnyMX Petabyte Poster

    5,257
    220
    236
    That's really useful, thanks.
    Wish I'd had it a couple of months ago!
     
    Certifications: MCT, MCTS, i-Net+, CIW CI, Prince2, MSP, MCSD
  5. Sparky
    Highly Decorated Member Award 500 Likes Award

    Sparky Zettabyte Poster Moderator

    10,721
    549
    364
    Good link that. 8)

    I made a change in the actual asp code. Originally I had the database in a virtual folder in IIS but I took the database out of the folder and put it in a regular windows folder on the D: partition. Therefore the code reads D:\database\users.mdb in the database connection string which isn’t viewable when you click 'view source' in IE. Also you can’t browse to the database directory through a URL so in theory it can’t be downloaded.

    Will hopefully move the code onto the Windows Server box tomorrow and have a beta version online by the end of the week.

    Will have to start wearing my “I am not a software developer” T-shirt to work from now on so I don’t get landed with these projects! :blink
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) MS-900 AZ-900 Security+ Network+ A+
    WIP: Microsoft Certs

Share This Page

Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.