Velocity Reviews

Velocity Reviews (http://www.velocityreviews.com/forums/index.php)
-   ASP General (http://www.velocityreviews.com/forums/f65-asp-general.html)
-   -   Use array to limit access (http://www.velocityreviews.com/forums/t804125-use-array-to-limit-access.html)

Drew 03-19-2008 04:01 PM

Use array to limit access
 
I am trying to limit access to certain pages on our intranet, and have been
using the following code to do so,

dim Login, L, LL, StringLen, NTUser
Set Login = Request.ServerVariables("LOGON_USER")
L=Len(Login)
LL=InStr(Login, "\")
StringLen=L-LL
NTUser = (Right(Login, StringLen))

If NTUser <> "DLaing" Then
If NTUser <> "DLowe" Then
If NTUser <> "DWoods" Then
Response.Redirect("http://swvtc06/swvtc/default.asp")
End If
End If
End If

The problem is that if I want to add more users to have access to the page,
then I have to add another IF and END IF line. I would like to implement
some way to do this using an array. For instance put the usernames into the
array and then if it matches then allow access, if not then redirect. I
know this is not a bulletproof way to do this, and there are more robust
methods, but this works very well for our user base and our needs. I am
having a really bad case of brain block, and cannot, for the life of me,
figure this out.

Thanks,
Drew



Tim Slattery 03-19-2008 04:19 PM

Re: Use array to limit access
 
"Drew" <drew.laing@swvtc.dmhmrsas.virginia.gov> wrote:

>I am trying to limit access to certain pages on our intranet, and have been
>using the following code to do so,
>
>dim Login, L, LL, StringLen, NTUser
>Set Login = Request.ServerVariables("LOGON_USER")
>L=Len(Login)
>LL=InStr(Login, "\")
>StringLen=L-LL
>NTUser = (Right(Login, StringLen))
>
>If NTUser <> "DLaing" Then
> If NTUser <> "DLowe" Then
> If NTUser <> "DWoods" Then
> Response.Redirect("http://swvtc06/swvtc/default.asp")
> End If
> End If
>End If
>
>The problem is that if I want to add more users to have access to the page,
>then I have to add another IF and END IF line. I would like to implement
>some way to do this using an array. For instance put the usernames into the
>array and then if it matches then allow access, if not then redirect. I
>know this is not a bulletproof way to do this, and there are more robust
>methods, but this works very well for our user base and our needs. I am
>having a really bad case of brain block, and cannot, for the life of me,
>figure this out.


I'd recommend using the Dictionary object (Set xxx =
CreateObject("Scripting.Dictionary"), which is a hash map. Put your
allowed userids in a file. When the application starts, read the file
and use it to load the dictionary. Then when a user comes in, just
check to see if the userid is in the dictionary.

Here's a tutorial: http://www.asptutorial.info/learn/Dictionary.asp

--
Tim Slattery
MS MVP(Shell/User)
Slattery_T@bls.gov
http://members.cox.net/slatteryt

Anthony Jones 03-19-2008 04:32 PM

Re: Use array to limit access
 
"Tim Slattery" <Slattery_T@bls.gov> wrote in message
news:j2f2u3d43knn7mij7mlvvo930mco5lu1ub@4ax.com...
> "Drew" <drew.laing@swvtc.dmhmrsas.virginia.gov> wrote:
>
> >I am trying to limit access to certain pages on our intranet, and have

been
> >using the following code to do so,
> >
> >dim Login, L, LL, StringLen, NTUser
> >Set Login = Request.ServerVariables("LOGON_USER")
> >L=Len(Login)
> >LL=InStr(Login, "\")
> >StringLen=L-LL
> >NTUser = (Right(Login, StringLen))
> >
> >If NTUser <> "DLaing" Then
> > If NTUser <> "DLowe" Then
> > If NTUser <> "DWoods" Then
> > Response.Redirect("http://swvtc06/swvtc/default.asp")
> > End If
> > End If
> >End If
> >
> >The problem is that if I want to add more users to have access to the

page,
> >then I have to add another IF and END IF line. I would like to implement
> >some way to do this using an array. For instance put the usernames into

the
> >array and then if it matches then allow access, if not then redirect. I
> >know this is not a bulletproof way to do this, and there are more robust
> >methods, but this works very well for our user base and our needs. I am
> >having a really bad case of brain block, and cannot, for the life of me,
> >figure this out.

>
> I'd recommend using the Dictionary object (Set xxx =
> CreateObject("Scripting.Dictionary"), which is a hash map. Put your
> allowed userids in a file. When the application starts, read the file
> and use it to load the dictionary. Then when a user comes in, just
> check to see if the userid is in the dictionary.
>


Where would you suggest the dictionary be stored??

--
Anthony Jones - MVP ASP/ASP.NET



Anthony Jones 03-19-2008 04:41 PM

Re: Use array to limit access
 
"Drew" <drew.laing@swvtc.dmhmrsas.virginia.gov> wrote in message
news:OZQKAqdiIHA.4076@TK2MSFTNGP05.phx.gbl...
> I am trying to limit access to certain pages on our intranet, and have

been
> using the following code to do so,
>
> dim Login, L, LL, StringLen, NTUser
> Set Login = Request.ServerVariables("LOGON_USER")
> L=Len(Login)
> LL=InStr(Login, "\")
> StringLen=L-LL
> NTUser = (Right(Login, StringLen))
>
> If NTUser <> "DLaing" Then
> If NTUser <> "DLowe" Then
> If NTUser <> "DWoods" Then
> Response.Redirect("http://swvtc06/swvtc/default.asp")
> End If
> End If
> End If
>
> The problem is that if I want to add more users to have access to the

page,
> then I have to add another IF and END IF line. I would like to implement
> some way to do this using an array. For instance put the usernames into

the
> array and then if it matches then allow access, if not then redirect. I
> know this is not a bulletproof way to do this, and there are more robust
> methods, but this works very well for our user base and our needs. I am
> having a really bad case of brain block, and cannot, for the life of me,
> figure this out.
>



First lets deal with that user name thing:-

Function GetUser()

sLogon = Request.ServerVariables("LOGON_USER")

GetUser = Mid(sLogon, InStr(sLogon, "\"))

End Function

Note no Set when getting LOGON_USER and Mid third parameter is optional
which when missing means 'to the end of the string'.

Const gcsAllowedUser = "DLang; DLowe; DWood;"

If Instr(gcsAllowedUsers, GetUser() & ";") = 0 Then
Response.Redirect("http://swvtc06/swvtc/default.asp")
End If

If you want to restrict a set of pages then put the above code in an ASP
page of its own, say priviledged.asp in the root of your web then in each
page you want to protect:-

<!-- #include virtual="/priviledged.asp" -->


--
Anthony Jones - MVP ASP/ASP.NET



Drew 03-19-2008 04:48 PM

Re: Use array to limit access
 
"Anthony Jones" <Ant@yadayadayada.com> wrote in message
news:uVnTMAeiIHA.484@TK2MSFTNGP06.phx.gbl...
> "Drew" <drew.laing@swvtc.dmhmrsas.virginia.gov> wrote in message
> news:OZQKAqdiIHA.4076@TK2MSFTNGP05.phx.gbl...
>> I am trying to limit access to certain pages on our intranet, and have

> been
>> using the following code to do so,
>>
>> dim Login, L, LL, StringLen, NTUser
>> Set Login = Request.ServerVariables("LOGON_USER")
>> L=Len(Login)
>> LL=InStr(Login, "\")
>> StringLen=L-LL
>> NTUser = (Right(Login, StringLen))
>>
>> If NTUser <> "DLaing" Then
>> If NTUser <> "DLowe" Then
>> If NTUser <> "DWoods" Then
>> Response.Redirect("http://swvtc06/swvtc/default.asp")
>> End If
>> End If
>> End If
>>
>> The problem is that if I want to add more users to have access to the

> page,
>> then I have to add another IF and END IF line. I would like to implement
>> some way to do this using an array. For instance put the usernames into

> the
>> array and then if it matches then allow access, if not then redirect. I
>> know this is not a bulletproof way to do this, and there are more robust
>> methods, but this works very well for our user base and our needs. I am
>> having a really bad case of brain block, and cannot, for the life of me,
>> figure this out.
>>

>
>
> First lets deal with that user name thing:-
>
> Function GetUser()
>
> sLogon = Request.ServerVariables("LOGON_USER")
>
> GetUser = Mid(sLogon, InStr(sLogon, "\"))
>
> End Function
>
> Note no Set when getting LOGON_USER and Mid third parameter is optional
> which when missing means 'to the end of the string'.
>
> Const gcsAllowedUser = "DLang; DLowe; DWood;"
>
> If Instr(gcsAllowedUsers, GetUser() & ";") = 0 Then
> Response.Redirect("http://swvtc06/swvtc/default.asp")
> End If
>
> If you want to restrict a set of pages then put the above code in an ASP
> page of its own, say priviledged.asp in the root of your web then in each
> page you want to protect:-
>
> <!-- #include virtual="/priviledged.asp" -->
>
>
> --
> Anthony Jones - MVP ASP/ASP.NET


Thanks Anthony, that looks to work great... I don't use this on all pages,
just a few and this will work great!

Thanks,
Drew



Jeff Dillon 03-19-2008 05:58 PM

Re: Use array to limit access
 
I would store usernames in a database instead of an array in an ASP page
that you would have to maintain.

Jeff

"Drew" <drew.laing@swvtc.dmhmrsas.virginia.gov> wrote in message
news:OZQKAqdiIHA.4076@TK2MSFTNGP05.phx.gbl...
>I am trying to limit access to certain pages on our intranet, and have been
>using the following code to do so,
>
> dim Login, L, LL, StringLen, NTUser
> Set Login = Request.ServerVariables("LOGON_USER")
> L=Len(Login)
> LL=InStr(Login, "\")
> StringLen=L-LL
> NTUser = (Right(Login, StringLen))
>
> If NTUser <> "DLaing" Then
> If NTUser <> "DLowe" Then
> If NTUser <> "DWoods" Then
> Response.Redirect("http://swvtc06/swvtc/default.asp")
> End If
> End If
> End If
>
> The problem is that if I want to add more users to have access to the
> page, then I have to add another IF and END IF line. I would like to
> implement some way to do this using an array. For instance put the
> usernames into the array and then if it matches then allow access, if not
> then redirect. I know this is not a bulletproof way to do this, and there
> are more robust methods, but this works very well for our user base and
> our needs. I am having a really bad case of brain block, and cannot, for
> the life of me, figure this out.
>
> Thanks,
> Drew
>




Drew 03-19-2008 06:15 PM

Re: Use array to limit access
 
I agree, although this is just for testing, after I have already assigned
permissions to the DB, and I want to allow a few users to test the
application before releasing it. The process to assign permissions is out
of my hands, and takes a lot longer than it should (I have to submit form
after form to do it, and I would rather not do that for testing)...

Thanks,
Drew

"Jeff Dillon" <jeffdillon@hotmailremove.com> wrote in message
news:uEgsUreiIHA.4076@TK2MSFTNGP05.phx.gbl...
>I would store usernames in a database instead of an array in an ASP page
>that you would have to maintain.
>
> Jeff
>
> "Drew" <drew.laing@swvtc.dmhmrsas.virginia.gov> wrote in message
> news:OZQKAqdiIHA.4076@TK2MSFTNGP05.phx.gbl...
>>I am trying to limit access to certain pages on our intranet, and have
>>been using the following code to do so,
>>
>> dim Login, L, LL, StringLen, NTUser
>> Set Login = Request.ServerVariables("LOGON_USER")
>> L=Len(Login)
>> LL=InStr(Login, "\")
>> StringLen=L-LL
>> NTUser = (Right(Login, StringLen))
>>
>> If NTUser <> "DLaing" Then
>> If NTUser <> "DLowe" Then
>> If NTUser <> "DWoods" Then
>> Response.Redirect("http://swvtc06/swvtc/default.asp")
>> End If
>> End If
>> End If
>>
>> The problem is that if I want to add more users to have access to the
>> page, then I have to add another IF and END IF line. I would like to
>> implement some way to do this using an array. For instance put the
>> usernames into the array and then if it matches then allow access, if not
>> then redirect. I know this is not a bulletproof way to do this, and
>> there are more robust methods, but this works very well for our user base
>> and our needs. I am having a really bad case of brain block, and cannot,
>> for the life of me, figure this out.
>>
>> Thanks,
>> Drew
>>

>
>




Jeff Dillon 03-19-2008 06:38 PM

Re: Use array to limit access
 
You could just use NT permissions too, at the IIS or File System level.

Create a local group on the server, and add the appropriate users to it.

Jeff

"Drew" <drew.laing@swvtc.dmhmrsas.virginia.gov> wrote in message
news:eoTOY0eiIHA.2268@TK2MSFTNGP02.phx.gbl...
>I agree, although this is just for testing, after I have already assigned
>permissions to the DB, and I want to allow a few users to test the
>application before releasing it. The process to assign permissions is out
>of my hands, and takes a lot longer than it should (I have to submit form
>after form to do it, and I would rather not do that for testing)...
>
> Thanks,
> Drew
>
> "Jeff Dillon" <jeffdillon@hotmailremove.com> wrote in message
> news:uEgsUreiIHA.4076@TK2MSFTNGP05.phx.gbl...
>>I would store usernames in a database instead of an array in an ASP page
>>that you would have to maintain.
>>
>> Jeff
>>
>> "Drew" <drew.laing@swvtc.dmhmrsas.virginia.gov> wrote in message
>> news:OZQKAqdiIHA.4076@TK2MSFTNGP05.phx.gbl...
>>>I am trying to limit access to certain pages on our intranet, and have
>>>been using the following code to do so,
>>>
>>> dim Login, L, LL, StringLen, NTUser
>>> Set Login = Request.ServerVariables("LOGON_USER")
>>> L=Len(Login)
>>> LL=InStr(Login, "\")
>>> StringLen=L-LL
>>> NTUser = (Right(Login, StringLen))
>>>
>>> If NTUser <> "DLaing" Then
>>> If NTUser <> "DLowe" Then
>>> If NTUser <> "DWoods" Then
>>> Response.Redirect("http://swvtc06/swvtc/default.asp")
>>> End If
>>> End If
>>> End If
>>>
>>> The problem is that if I want to add more users to have access to the
>>> page, then I have to add another IF and END IF line. I would like to
>>> implement some way to do this using an array. For instance put the
>>> usernames into the array and then if it matches then allow access, if
>>> not then redirect. I know this is not a bulletproof way to do this, and
>>> there are more robust methods, but this works very well for our user
>>> base and our needs. I am having a really bad case of brain block, and
>>> cannot, for the life of me, figure this out.
>>>
>>> Thanks,
>>> Drew
>>>

>>
>>

>
>




Drew 03-19-2008 07:42 PM

Re: Use array to limit access
 
"Jeff Dillon" <jeffdillon@hotmailremove.com> wrote in message
news:uivIzBfiIHA.5968@TK2MSFTNGP04.phx.gbl...
> You could just use NT permissions too, at the IIS or File System level.
>
> Create a local group on the server, and add the appropriate users to it.
>
> Jeff


Very true, but as I said in an earlier message, setting permissions is
easier said than done... the hoops they make me jump through are terrible!

Drew



Tim Slattery 03-19-2008 08:07 PM

Re: Use array to limit access
 
"Anthony Jones" <Ant@yadayadayada.com> wrote:


>Where would you suggest the dictionary be stored??


Application object

--
Tim Slattery
MS MVP(Shell/User)
Slattery_T@bls.gov
http://members.cox.net/slatteryt


All times are GMT. The time now is 11:29 PM.

Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.