Secure Login Page
How can I secure the pages for login users in a "professional way"? I could set a global variable to true when a user successfully sign in but that's not how the experts do it right?
View RepliesHow can I secure the pages for login users in a "professional way"? I could set a global variable to true when a user successfully sign in but that's not how the experts do it right?
View RepliesI'd like to create a secure login from an ASP page to a specific SQL Server
2000 Db. Is there an accepted methodology for doing this? Are there any
resourses that show how this can be done?
any good tutorial sites that could help me code a members area. In a nut shell what im planning to do is.
member login - 3 attempts at accessing members area.different access levels for different users. i also want to allow admin to upload files [word docs mainly] and allow the members to download them. I have previously built an asp login but it was very basic and had no security put in place.
if you know of more security features i need then please share the knowledge, it has been a while since i coded a dynamic site.
I have researched several login scripts and I have a few questions that I haven't been able to find the answers for.
First if of all, my goal is to create a cookie-based, non-SSL, login system. I have many, many users that are going to be logged in for extremely long periods of time, so I absolutely do not wish to use session variables under any circumstances.
I've come across several great algorithms and one-way hash's that seem to work great for encoding the password. However, they all seem to have one thing in common. Once the user successfully "logs in", the site simply sets a cookie using the User ID of the login account. On all password protected pages, the only check that is made is the User ID stored in the cookie- compared to the value in the database.
I'm curious if it is possible for a hacker to create a false cookie on their system, storing simply the UID. Is it possible to do this, or is there some kind of internal OS security that prevents such an action? In other words, if I go to a co-workers computer, review their temp files, find the cookie for the site they're logged into and take the UID... Could I recreate that cookie on my own computer at a later time and gain entry?
This may not be so much of a security issue on a site that only stores a temporary cookie, but what if when they login, I set the cookie to expire after a year? (so they don't have to login every time they visit the site).
I'm not saying this method isn't secure, I guess I'm looking for an explanation. Also, any ideas on where I can obtain more information about creating a login application that's not based on session variables?
I am building a website to pull data from a remote https site using xmlhttp. The data from the https site is behind a login screen. I can successfully get through the login screen with:
set objXMLHTTP = Server.CreateObject("Msxml2.ServerXMLHTTP")
objXMLHTTP.Open "POST", "https://website.com/validate-login2.asp", false
objXMLHTTP.SetRequestHeader "Content-Type", "application/x-www-form-urlencoded"
objXMLHTTP.Send "Username=uname&password=pwd&company=O"
That works great - but then, when I try to go to the next page (where the data is that I want to pull) - I use the same process and I get kicked back out to the login screen? Could there be some cookies, referer, strings being passed normally that I am not including in my second request - How do i find out for sure?
I have used the software IETrace and it looks like some cookies being passed, but how do I know for sure if (and what exactly) it is using?
I need to secure my web page, when it is reading a file from the
physical folder.
Say for eg.. I have a page Page1.aspx, which displays a list of links
that corresponds to
the available text files in one of the files. All the other pages are
secured except this
page. So when I click the link, it redirects it to for eg..
http://localhost/folder1/one.txt.
But this should not happen. As the user can type this without even
logging into the website.
So I need to know how to stream this file and display it in another
page, rather than just showing it.
Iīve made a loginpage in asp, and a page that receives
the data from the form and logs you in.
But how do i make the loginpage secure?
Do i have to use https, and if so, how do i change from
http to https when the loginpage is included in another
asp-file?I donīt know if i have explained myself correctly
do know how can i prevent my page from cross side
like using <marquee></marquee>
We have a need to allow our users to enter Credit Card #'s on a web page, so we need a secure page (have the little lock at the bottom of the browser) in order to do this.
1) What is this called? (I've heard the term SSL (Secure Socket Layer)tossed around, I don't know if this is the same or something different).
2) If I need a certificate of some sort for our server, how do I get it?
I dont have a secure page for I got this page when after logging in I could still login after using the back button.
View Replies View RelatedI have used the "Microsoft.XMLHTTP" object to successfully download web
pages from other sites.
However, I need to download a page from a secure page. Can anyone point
me to sample code for that? I need to "post" data to a form on that
page, so any sample code for that would also be helpful.
I have used the "Microsoft.XMLHTTP" object to successfully download web pages from other sites. However, I need to download a page from a secure page. point me to sample code for that? I need to "post" data to a form on that page.
View Replies View RelatedI am working on automating a workflow process for my company. Part of the process requires the user to send a snapshot of their benefits from a secure web site to their manager. I am trying to extract the web page using Microsoft.XMLHTTP but am having problems due to user validation which is required to access the benefits web page. There are 2 layers.
First, user is required to login with user name and password, then user is redirected to another page that asks for PIN. Only if both authentications pass, the user is considered validated and is redirected to the benefits page. I am not able to through any of the validation pages. What can I do?
I want to login to a page using MSXML2.ServerXMLHTTP.4.0 or an object like this, I must send the form variables needed to login when I try to login to the page. But the problem is, that the page looks like a exe file (not a asp file or php file or what ever). The name of the page I try to login is something like "/pw?/session/login", nothing more, without extension. I have tried the code with a normal asp file with session registration and login process and it worked, but not with this file.
View Replies View RelatedAny idea's on how to make a PDF secure? I don't want anybody to be able to type in the location to the pdf file in the browser and download it. Suggestions please!!!???
View Replies View RelatedI work for a large chain coporation. My schedule is posted on their secure web site which I have a user name and a password for. I want to create a URL string that can be sent (using VBA inside of Outlook) which contain my username and passsword and allow me access to my schedule information.
I tried: ....
After a number of wrong turns and experiments I need advice on login management system to secure our web pages without inconveniencing our visitors or our internal staff.
i need A system whereby the user only has to register ONCE and he will have automatic entry to ANY page without havinto to RE-LOGIN even if he comes in two weeks later or comes directly to that page via an email link. This scenario seems built on the Amazon model of the 'gold box' which automatically remembers you through cookies.
If the user does not have cookies he has to re-login. help me identify a 3rd party product that does this or a route to achieve this in my code.
I have been working with ASP classic on this current project im involved in. Well the problem im facing now is there is a page where a flash movie should play in a particular section on the page but it wont play on the secure pages, on the unsecure pages it plays fine. I had added an Active X work in accordance with the Lawsuit issue but it still wont play.
View Replies View RelatedI have page for user to update his/her details. What i want is after idle for more than 20 mins, the page will redirect to login page automatically. So that the user knows that his/her session already expired and need to login again.
But it doesn't working. This is because if he/she update the details (after idle more than 20 mins), and click the Submit button, it will go to login page and all the data will be lost. Code:
I had just created a login page called login.asp and proc page login_proc.asp. I'm using MS Access for db. The prob is when I uploaded it into the web, a msg comes up saying 500 Internal Error and could not find login_proc. I have uploaded it dozens of times but it still comes out the same. When I test it in my local server, everything goes smoothly. Can nebody plz help? I'm running out of idea. I feel like jumping off the bridge rite now.
View Replies View RelatedI have existing login page that will check accounts table from my database
if the user is allowed to log on to the system. I use session to save user
variable.
Every page that I will make, I always ask if the session where I
save the user variable exist, and if not, it will redirect to login page. Is
the the best way to control a web application using ASP. If not, can you
give me your thoughts?
I got a web page and I want the user to login everytime he view the page. Something like email where u need to login be4 u can view the inbox. What can I do so that if the user want to go straight into the page I will direct him to the login in page to ask him to login first? Another question is what does this mean?
<!--#include file="setting.asp" -->
Please need your help in writing the cookies code to enter the user automaticly to the comments page with out login if he entered before to the site...
these are the code i wrote but now i need the cookies code to vlaideat if the user enterd before or not (if yes, redirect him to the comments page otherwoise let him login in)
I want to be able to send users links to pages in my website. But if
they arent logged in I want them to first be redirected to the login
page and after they login automatically be redirected to the page i
sent them in the link. How would i accomplish this.
We have a requirement where we have to develop a custom Login Page which
will accept user's NT credentials ( Username , password, domain name).
This then needs to be passed to a website which uses Windows Authentication
my question is how do we pass these credentials to IIS in classic ASP?
I created a Login User page with VBScript in Dreamweaver MX but whenever I preview the page I get the following error:
Microsoft VBScript compilation error '800a0401'
Expected end of statement
/website/TMP2n38d8z06e.asp, line 24
MM_redirectLoginSuccess="customer_section.asp?id=<%=(rsCustomerLogin.Fields.It em("username").Value)
(It's pointing to the beginning of "username.")
Line 24 of my code is:
MM_redirectLoginSuccess="customer_section.asp?id=<%=(rsCustomerLogin.Fields.It em("username").Value)%>
What I'm doing here is trying to pass the corresponding record to the next page for the user that just logged in. If I don't pass the link parameters, I can preview the page and log in with no problems. So the problem only occurs when I try to set those link params.
I noticed that the first quotation mark isn't closed, so I started placing quotation marks in that line trying to close it, but still get the error. I also noticed that under this line of code there was a quotation mark on a line by itself which I removed to see if that would help, but didn't. Code:
I have a login page where i validate my user id and password... this part is done... I need to get the user id to the next page i am showing...
Example like:
-------------------------------
Login Page
userid : abc
pwd : XXXXX
Authentication Successful
---------------------------------
Next Page:
Welcome abc ---> i want it here
----------------------------------
Anyone can show me how shld i do it...
I've tried several users code, and everytime i try to do the redirect part it fails, this webpage at least gave me a confirm that it is the redirect part failing.
View Replies View RelatedI created this logon page that takes a user ID and password and logs in the user. The user Id is the email address of the person loging in.
I also have the reset password option on my page. Here is bug on my page, even if the user's email address doesnt exist in the database as they have not requested access but because they know that the userID is email address they think that because they have email address they should be able to login and when they cant login and get message access denied they try and reset their password which works.
I dont want the reset password option to work if the user has not been provided the access yet.
Here is my login code can anyone tell me how to put a flag to check and see if the user's email address exist. Code:
How to provide remember me check box on login page in asp coding. So that user can be remembered by his local m/c if he wants. Any code support / link in this regard.
View Replies View RelatedI developed a login page and use Access as the database. When I test it using http://localhost, it works perfectly. When I upload it to the web server and click on the link, a file download box pops up asking me if I want to save or open the login.asp file. Why doesn't it work now?
View Replies View Relatedi did not see from that view point of yours. anyway, i guess everyone reading this thread learned something about sessions & querystrings.
View Replies View RelatedI have a login page that Test's for the username and then tests for the password. If these test true then I redirect them to the member area. What I want to test for is if there is 1 user logged in with Session("test") = 1 and another user logs in with the credentials to set Session("Test") = 1 then the first session will terminate. The new user will then be able to navigate the member area.There will also be other user on with a Session("Test") = xxx where xxx is the Primary key of the validation table.
View Replies View Related