Authentication Protection
I have a site that currently is password protected, using a combination of ldap authentication and asp session management.
So for every asp page, I check the session to make sure they're authenticated, if not I send them to the login page.
BUT.... there is a robohelp componenet that is almost a website within this website. All these robohelp files are htm or html based, so I'm unable to put asp scripting (to check for session authentication).
So, my problem is, how do i protect these pages using my existing framework?
View Replies
ADVERTISEMENT
I have a locally hosted (via an executable) asp application. Does anyone know what would be the best (cheapest) way to add copy protection in it?
The application is an exe web server with the asp pages embedded in the executable.
No one can copy the asp pages, but they can copy the executable and distribute it that way. I don't want them to do that.
If there is some sort of wrapper or asp code I could add to it for licensing or registration, please let me know.
View Replies
View Related
I have allways validated user input to pieces prior to integrating it into a SQL statement, in order to avoid SQL Injection attacs. A colleague of mine told me that binding my vars would make them SQL scalar, but I have been left in the dark as to HOW... The web left me none the wiser, as well, so here goes: Anyone got a brief example of binding vars in ASP to get me started?
View Replies
View Related
After trying out 3/4 password scripts which I've used before and won't work today.I've come to the end of my tether! I need a ready made script asap to password protect a set of webpages, something simple with login and p/w for one user.
View Replies
View Related
I have a webpage. However I only want people to access it if they are members of a certain group. When I say group I mean Active Directory group. The log into windows with their Active Directory username and PW, and lets say they are members of 'employee1' group in Active Directory. I'm pretty sure I use ASP, to restrict access to a webpage depending on the users group. how I would go about doing this?
View Replies
View Related
How do people protect input from forms submitted that are
dangerous such as scripts, etc..
View Replies
View Related
help me with asp password protection? I need to have a login and register script as well as complete password protection.
View Replies
View Related
I have a webpage where user upload ms-word doc.. for supervisor, they can d/w the doc and print... but the normal user can just see the doc..
how to make ms-word password protetion only to normal user but not to supervisors?
View Replies
View Related
Can anyone find fault with this code? I wrote in in hopes of preventing users from "breaking" SQL queries and getting places they shouldn't by using SQL Injections.
Code: ....
View Replies
View Related
Can anyone help me with an ASP function to perfom the following:
Series of page like this
item.asp?ItemId=2345
news.asp?NewsId=23456
Sale.asp?SaleId=344444
I need a function i can include in lots of pages that basically says
if query string is "ItemId" then only allow numerics of a maximum of 4
if query string is "NewsId" then only allow numerics of a maximum of 5
if query string is "SaleId" then only allow numerics of a maximum of 6
In all of the above query strings of 1,2,3 etc numerals must also work.
Any help appreciated as I'm in deep "poop" battling Chinese hackers.
View Replies
View Related
we have a folder with pictures of signed up users. we are trying to protect this folder from the public in two ways. hide the relative path
e.g. /welcome/images/544235432.gif
makes it easy for a user to easily download this file . put a password and access the folder through this passwords .
View Replies
View Related
where can I get straightforward step-by-step instructions to password protect part of a site?
View Replies
View Related
I've recently had my ASP site attacked by these stupid bots and have tried a captcha protection, but it doesn't help.
Here's the problem:
I have a form where people send an enquiry to a client from my database (over 5000). After hitting the submit button, an email is posted to the client, a copy is sent to us and the info is published to a database for record / stat keeping.
I have put the captcha protection in the form, but although the tests show that the captcha form works, the emails are still sent off, therefore allowing the bot attacks.
There must be a gap I can plug with the captcha before the email is posted off or info sent to the database.
I have a formchecker running which forces required fields, and that works fine. I'd like the captcha to work the same. Before the form goes to the confirmation page, it must validate the captcha.
What can I do?
View Replies
View Related
Using ASP in a VBScript environment, how can I check the protection on a directory, or a
particular file?
View Replies
View Related
I have been using two forms of password protection:
A) On working web sites I use an ASP script that is included in every page requiring protection: uses session - works fine
B) On quick test sites or temporary stuff I use the Windows Network Authentication provided by my web host. A whole folder is protected at once which is very convenient but it has a problem. If a user types the wrong password and is denied access, the next time they go to type the password, their browser sometimes remembers the wrong password as so they go straight to the 'access denied' 401 page.
How to proceed?
1) Does anyone know of a way of preventing all browsers from cacheing the login info.
2) Is there any way of using ASP to protect whole folders?
View Replies
View Related
I need to be able to secure files on my web server. I am using asp to secure access to links and pages, for example:
<%If Session("manager")=FALSE Then%>
You are not authorized to view this page
<%Else%>
<<<Page Code>>>
<%End If%>
The place I'm running into problems is with files. I have a lot of charts and such in PDF version. I kind of doubt there is a way to secure these files with asp, but I thought it would be worth a try.
My biggest issue is that PDFs are stored in the browser's history, so once the page has been accessed, anyone using the browser can get to thatunsecured PDF. As a brute force fix, is there some way to simply erase the site from the browser history? If not, is there a way to secure the PDF, or does someone know of a better group to post on?
View Replies
View Related
is there any way to protect files or a folder from unauthorised access, i.e.when a variable is false?
e.g.
when variable li = 1 then grant access to folder and files within
when variable li <> 1 then deny access
i have a folder with images and word documents i only want people with the variable set to 1 to be able to access them.is there a way?
View Replies
View Related
how would an intranet user be nt authenticated using asp?
View Replies
View Related
i want users to login to my web application using SQL authentication i.e whenever the page opens, it should display the SQL server login window. i know Login feature is in dreamweaver MX that i use, but unathurized users can lookup the password in your database.
View Replies
View Related
Is it possible to authenticate a user who is trying to access a certain Div on a page???
I know how to authenticate a user accessing a standard ASP page, but is this possible with a Div!
View Replies
View Related
I have a page that authenticates users by reading
Request.ServerVariables("AUTH_USER") and
Request.ServerVariables("AUTH_TYPE"). When users try to access this
page from windows NT/2000, it works fine (prompts them for their
credentials when they're not on the same domain, and then lets them
in). Now, some of the users got XP boxes, and can't get in to the
page. It prompts them for their credentials but when they enter them,
just keeps prompting them. The credentials they are entering are
correct. What is different on XP that is causing this problem and is
there any setting I can modify on the server side to prevent this from
happening.
View Replies
View Related
I have an asp page on IIS 5.0 and I''m trying to get a dialog box to pop up and ask for username password and domain to authenticate against NT. I have anonymous logins unchecked in the IIS properties page and access restricted on everything but it won''t ask for a username and password no matter what
View Replies
View Related
I had to transfer an ASP Web Application (developed by another person) to a different web server. It seems to work but not completely.
I have some problems with authentication: it is based on a username and a password stored in a SQL Server's table. These data are requested via basic authentication (not a IIS level but I think it is used to create the authentication window in which put username and password). The problem is that it doesn't accept username and password and, after three times, it redirect me to a page telling "You don't have rights to see this page". What could I do? .....
View Replies
View Related
I have no problems authenticating via AD and an ASP page. My question is
this - is there any way to 'reverse' the process?
What I mean is the authenticated state remains as long as the browser window
is open. Is there any .asp command I can provide that will revert the
browser session back to IUSR?
View Replies
View Related
I have an intranet asp application that sends emails that contain a link to an intranet page.I have a case where one user is forced to login to the windows domain when he clicks on the link,even though he is within the firewall & his Outlook security settings specify automatic login with the current name & password.
This doesn't happen with any other users unless they go through the firewall.The site is also recorded in the trusted sites section.
View Replies
View Related
I'm developing an Internet site that is going to be password protected. I have one windows 2000 domain on the Internet side of things, and another on an Intranet side.
Is there any way to authenticate a user that hits my Internet pages against the Intranet user database?
I just want users from the Intranet to automatically be able to access the Internet pages without having to create a separate user on the Internet-side domain.
View Replies
View Related
I have written a simple login script that checks a username/password from an Access database. the login.asp page sets a session("loggedin") at zero. The username and password are checked successfully and the user is redirected to admin.asp. The admin.asp page has an if-statement at the top that checks the session variable to 1, which is set after successful dB check.
The problem is that if you go directly to admin.asp without going through the login process, that is, without ever going to the login page.... simple typing something like http://localhost/admin.asp . you are given access to the page and not redirected back to the login page. What could I have missed? It simply checks the session variable....that should never be set to one when all sessions are reset...and the user can still gain access?
View Replies
View Related
I am attempting to access WMI data on a remote machine. I have been able to get this to work, but there has got to be a better way, I hope.
set wmiLocator = CreateObject("WbemScripting.SWbemLocator")
Set WMIServices = GetObject("winmgmts://" & cn & "")
Set objSWbemLocator = CreateObject("WbemScripting.SWbemLocator")
WMIServices.Security_.ImpersonationLevel = 3
Then in my IIS snapin, Directory Security, and then Edit. I have this set Anon Access with my username and password as well as Windows Integrated Authentication checked. It does the job, I can pull the data, but it poses a security risk. I don't want to have my password and username as the authentication options.
View Replies
View Related
I'm using legacy ASP pages on IIS 6.0 to validate users through ADO
Active Directory objects (AdsObject & AdsCommand).
When I use the page from the server itself with "localhost"/page as
servername, it executes fine. But if I call the site with
"servername"/page, the exection fails. AdsObject throws "Table does not
exists" errors.
Currently, the server is configured with Integrated Windows
authentication. I tried changing to Anonymous authentication with
IUSR_machninename user. Again it fails.
View Replies
View Related
I would like to be able to automatically authenticate a registration. Meaning:
A registration occurs
email is sent to registering party
Party clicks a link to authenticates.
or something to that effect.
Does anyone know where I can find something like this?
I would use a forum (i.e. webwiz, phpbb.....) the only problem is they are asking way too many questions for what I need.
I have built a database to hold the party's information, I have built an asp page with form that inputs the info I need into the DB, which all works, but now I would like to be sure that the person registering is a real person and it is a valid email address.
Any Ideas on how to get started?
View Replies
View Related
I'm facing a situation where my team leader wants me to create some ASP code that will pull the user's ID (which is no problem - request the LOGON_USER server variable) and THEN pull that user's NT Permissions to determine what kind of permissions the user will have when he/she comes onto the website. There is to be no logon screen at all. The permissions cannot be determined via a database or through cookies. Only NT Authentication can be used.
I have a small hunch that the HTTP_AUTHORIZATION server variable might provide a clue, but the value of that variable is a bunch of (encrypted?) gibberish that means nothing to me, except probably the NTLM part at the beginning. Is there a way to decode the value of that variable into something coherent that I can use in my code?
View Replies
View Related
I want to get diffrent query from a table .I want that diffrent usernames
can get diffrent queries.How can I do it with asp?
View Replies
View Related
I have an XML file which I access from a remote server like
Set http = CreateObject("MSXML2.ServerXMLHTTP")
http.open "GET","http://www.andrewlouis.co.uk/viewcountries.xml",false
http.send
strXML = http.responseText
The real server is password protected with, I think, with basic
authentication. How do I pass it the username and password.
View Replies
View Related