Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP General > Use array to limit access

Reply
Thread Tools

Use array to limit access

 
 
Drew
Guest
Posts: n/a
 
      03-19-2008
I am trying to limit access to certain pages on our intranet, and have been
using the following code to do so,

dim Login, L, LL, StringLen, NTUser
Set Login = Request.ServerVariables("LOGON_USER")
L=Len(Login)
LL=InStr(Login, "\")
StringLen=L-LL
NTUser = (Right(Login, StringLen))

If NTUser <> "DLaing" Then
If NTUser <> "DLowe" Then
If NTUser <> "DWoods" Then
Response.Redirect("http://swvtc06/swvtc/default.asp")
End If
End If
End If

The problem is that if I want to add more users to have access to the page,
then I have to add another IF and END IF line. I would like to implement
some way to do this using an array. For instance put the usernames into the
array and then if it matches then allow access, if not then redirect. I
know this is not a bulletproof way to do this, and there are more robust
methods, but this works very well for our user base and our needs. I am
having a really bad case of brain block, and cannot, for the life of me,
figure this out.

Thanks,
Drew


 
Reply With Quote
 
 
 
 
Tim Slattery
Guest
Posts: n/a
 
      03-19-2008
"Drew" <(E-Mail Removed)> wrote:

>I am trying to limit access to certain pages on our intranet, and have been
>using the following code to do so,
>
>dim Login, L, LL, StringLen, NTUser
>Set Login = Request.ServerVariables("LOGON_USER")
>L=Len(Login)
>LL=InStr(Login, "\")
>StringLen=L-LL
>NTUser = (Right(Login, StringLen))
>
>If NTUser <> "DLaing" Then
> If NTUser <> "DLowe" Then
> If NTUser <> "DWoods" Then
> Response.Redirect("http://swvtc06/swvtc/default.asp")
> End If
> End If
>End If
>
>The problem is that if I want to add more users to have access to the page,
>then I have to add another IF and END IF line. I would like to implement
>some way to do this using an array. For instance put the usernames into the
>array and then if it matches then allow access, if not then redirect. I
>know this is not a bulletproof way to do this, and there are more robust
>methods, but this works very well for our user base and our needs. I am
>having a really bad case of brain block, and cannot, for the life of me,
>figure this out.


I'd recommend using the Dictionary object (Set xxx =
CreateObject("Scripting.Dictionary"), which is a hash map. Put your
allowed userids in a file. When the application starts, read the file
and use it to load the dictionary. Then when a user comes in, just
check to see if the userid is in the dictionary.

Here's a tutorial: http://www.asptutorial.info/learn/Dictionary.asp

--
Tim Slattery
MS MVP(Shell/User)
http://www.velocityreviews.com/forums/(E-Mail Removed)
http://members.cox.net/slatteryt
 
Reply With Quote
 
 
 
 
Anthony Jones
Guest
Posts: n/a
 
      03-19-2008
"Tim Slattery" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> "Drew" <(E-Mail Removed)> wrote:
>
> >I am trying to limit access to certain pages on our intranet, and have

been
> >using the following code to do so,
> >
> >dim Login, L, LL, StringLen, NTUser
> >Set Login = Request.ServerVariables("LOGON_USER")
> >L=Len(Login)
> >LL=InStr(Login, "\")
> >StringLen=L-LL
> >NTUser = (Right(Login, StringLen))
> >
> >If NTUser <> "DLaing" Then
> > If NTUser <> "DLowe" Then
> > If NTUser <> "DWoods" Then
> > Response.Redirect("http://swvtc06/swvtc/default.asp")
> > End If
> > End If
> >End If
> >
> >The problem is that if I want to add more users to have access to the

page,
> >then I have to add another IF and END IF line. I would like to implement
> >some way to do this using an array. For instance put the usernames into

the
> >array and then if it matches then allow access, if not then redirect. I
> >know this is not a bulletproof way to do this, and there are more robust
> >methods, but this works very well for our user base and our needs. I am
> >having a really bad case of brain block, and cannot, for the life of me,
> >figure this out.

>
> I'd recommend using the Dictionary object (Set xxx =
> CreateObject("Scripting.Dictionary"), which is a hash map. Put your
> allowed userids in a file. When the application starts, read the file
> and use it to load the dictionary. Then when a user comes in, just
> check to see if the userid is in the dictionary.
>


Where would you suggest the dictionary be stored??

--
Anthony Jones - MVP ASP/ASP.NET


 
Reply With Quote
 
Anthony Jones
Guest
Posts: n/a
 
      03-19-2008
"Drew" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> I am trying to limit access to certain pages on our intranet, and have

been
> using the following code to do so,
>
> dim Login, L, LL, StringLen, NTUser
> Set Login = Request.ServerVariables("LOGON_USER")
> L=Len(Login)
> LL=InStr(Login, "\")
> StringLen=L-LL
> NTUser = (Right(Login, StringLen))
>
> If NTUser <> "DLaing" Then
> If NTUser <> "DLowe" Then
> If NTUser <> "DWoods" Then
> Response.Redirect("http://swvtc06/swvtc/default.asp")
> End If
> End If
> End If
>
> The problem is that if I want to add more users to have access to the

page,
> then I have to add another IF and END IF line. I would like to implement
> some way to do this using an array. For instance put the usernames into

the
> array and then if it matches then allow access, if not then redirect. I
> know this is not a bulletproof way to do this, and there are more robust
> methods, but this works very well for our user base and our needs. I am
> having a really bad case of brain block, and cannot, for the life of me,
> figure this out.
>



First lets deal with that user name thing:-

Function GetUser()

sLogon = Request.ServerVariables("LOGON_USER")

GetUser = Mid(sLogon, InStr(sLogon, "\"))

End Function

Note no Set when getting LOGON_USER and Mid third parameter is optional
which when missing means 'to the end of the string'.

Const gcsAllowedUser = "DLang; DLowe; DWood;"

If Instr(gcsAllowedUsers, GetUser() & ";") = 0 Then
Response.Redirect("http://swvtc06/swvtc/default.asp")
End If

If you want to restrict a set of pages then put the above code in an ASP
page of its own, say priviledged.asp in the root of your web then in each
page you want to protect:-

<!-- #include virtual="/priviledged.asp" -->


--
Anthony Jones - MVP ASP/ASP.NET


 
Reply With Quote
 
Drew
Guest
Posts: n/a
 
      03-19-2008
"Anthony Jones" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> "Drew" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> I am trying to limit access to certain pages on our intranet, and have

> been
>> using the following code to do so,
>>
>> dim Login, L, LL, StringLen, NTUser
>> Set Login = Request.ServerVariables("LOGON_USER")
>> L=Len(Login)
>> LL=InStr(Login, "\")
>> StringLen=L-LL
>> NTUser = (Right(Login, StringLen))
>>
>> If NTUser <> "DLaing" Then
>> If NTUser <> "DLowe" Then
>> If NTUser <> "DWoods" Then
>> Response.Redirect("http://swvtc06/swvtc/default.asp")
>> End If
>> End If
>> End If
>>
>> The problem is that if I want to add more users to have access to the

> page,
>> then I have to add another IF and END IF line. I would like to implement
>> some way to do this using an array. For instance put the usernames into

> the
>> array and then if it matches then allow access, if not then redirect. I
>> know this is not a bulletproof way to do this, and there are more robust
>> methods, but this works very well for our user base and our needs. I am
>> having a really bad case of brain block, and cannot, for the life of me,
>> figure this out.
>>

>
>
> First lets deal with that user name thing:-
>
> Function GetUser()
>
> sLogon = Request.ServerVariables("LOGON_USER")
>
> GetUser = Mid(sLogon, InStr(sLogon, "\"))
>
> End Function
>
> Note no Set when getting LOGON_USER and Mid third parameter is optional
> which when missing means 'to the end of the string'.
>
> Const gcsAllowedUser = "DLang; DLowe; DWood;"
>
> If Instr(gcsAllowedUsers, GetUser() & ";") = 0 Then
> Response.Redirect("http://swvtc06/swvtc/default.asp")
> End If
>
> If you want to restrict a set of pages then put the above code in an ASP
> page of its own, say priviledged.asp in the root of your web then in each
> page you want to protect:-
>
> <!-- #include virtual="/priviledged.asp" -->
>
>
> --
> Anthony Jones - MVP ASP/ASP.NET


Thanks Anthony, that looks to work great... I don't use this on all pages,
just a few and this will work great!

Thanks,
Drew


 
Reply With Quote
 
Jeff Dillon
Guest
Posts: n/a
 
      03-19-2008
I would store usernames in a database instead of an array in an ASP page
that you would have to maintain.

Jeff

"Drew" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>I am trying to limit access to certain pages on our intranet, and have been
>using the following code to do so,
>
> dim Login, L, LL, StringLen, NTUser
> Set Login = Request.ServerVariables("LOGON_USER")
> L=Len(Login)
> LL=InStr(Login, "\")
> StringLen=L-LL
> NTUser = (Right(Login, StringLen))
>
> If NTUser <> "DLaing" Then
> If NTUser <> "DLowe" Then
> If NTUser <> "DWoods" Then
> Response.Redirect("http://swvtc06/swvtc/default.asp")
> End If
> End If
> End If
>
> The problem is that if I want to add more users to have access to the
> page, then I have to add another IF and END IF line. I would like to
> implement some way to do this using an array. For instance put the
> usernames into the array and then if it matches then allow access, if not
> then redirect. I know this is not a bulletproof way to do this, and there
> are more robust methods, but this works very well for our user base and
> our needs. I am having a really bad case of brain block, and cannot, for
> the life of me, figure this out.
>
> Thanks,
> Drew
>



 
Reply With Quote
 
Drew
Guest
Posts: n/a
 
      03-19-2008
I agree, although this is just for testing, after I have already assigned
permissions to the DB, and I want to allow a few users to test the
application before releasing it. The process to assign permissions is out
of my hands, and takes a lot longer than it should (I have to submit form
after form to do it, and I would rather not do that for testing)...

Thanks,
Drew

"Jeff Dillon" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>I would store usernames in a database instead of an array in an ASP page
>that you would have to maintain.
>
> Jeff
>
> "Drew" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>>I am trying to limit access to certain pages on our intranet, and have
>>been using the following code to do so,
>>
>> dim Login, L, LL, StringLen, NTUser
>> Set Login = Request.ServerVariables("LOGON_USER")
>> L=Len(Login)
>> LL=InStr(Login, "\")
>> StringLen=L-LL
>> NTUser = (Right(Login, StringLen))
>>
>> If NTUser <> "DLaing" Then
>> If NTUser <> "DLowe" Then
>> If NTUser <> "DWoods" Then
>> Response.Redirect("http://swvtc06/swvtc/default.asp")
>> End If
>> End If
>> End If
>>
>> The problem is that if I want to add more users to have access to the
>> page, then I have to add another IF and END IF line. I would like to
>> implement some way to do this using an array. For instance put the
>> usernames into the array and then if it matches then allow access, if not
>> then redirect. I know this is not a bulletproof way to do this, and
>> there are more robust methods, but this works very well for our user base
>> and our needs. I am having a really bad case of brain block, and cannot,
>> for the life of me, figure this out.
>>
>> Thanks,
>> Drew
>>

>
>



 
Reply With Quote
 
Jeff Dillon
Guest
Posts: n/a
 
      03-19-2008
You could just use NT permissions too, at the IIS or File System level.

Create a local group on the server, and add the appropriate users to it.

Jeff

"Drew" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>I agree, although this is just for testing, after I have already assigned
>permissions to the DB, and I want to allow a few users to test the
>application before releasing it. The process to assign permissions is out
>of my hands, and takes a lot longer than it should (I have to submit form
>after form to do it, and I would rather not do that for testing)...
>
> Thanks,
> Drew
>
> "Jeff Dillon" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>>I would store usernames in a database instead of an array in an ASP page
>>that you would have to maintain.
>>
>> Jeff
>>
>> "Drew" <(E-Mail Removed)> wrote in message
>> news:(E-Mail Removed)...
>>>I am trying to limit access to certain pages on our intranet, and have
>>>been using the following code to do so,
>>>
>>> dim Login, L, LL, StringLen, NTUser
>>> Set Login = Request.ServerVariables("LOGON_USER")
>>> L=Len(Login)
>>> LL=InStr(Login, "\")
>>> StringLen=L-LL
>>> NTUser = (Right(Login, StringLen))
>>>
>>> If NTUser <> "DLaing" Then
>>> If NTUser <> "DLowe" Then
>>> If NTUser <> "DWoods" Then
>>> Response.Redirect("http://swvtc06/swvtc/default.asp")
>>> End If
>>> End If
>>> End If
>>>
>>> The problem is that if I want to add more users to have access to the
>>> page, then I have to add another IF and END IF line. I would like to
>>> implement some way to do this using an array. For instance put the
>>> usernames into the array and then if it matches then allow access, if
>>> not then redirect. I know this is not a bulletproof way to do this, and
>>> there are more robust methods, but this works very well for our user
>>> base and our needs. I am having a really bad case of brain block, and
>>> cannot, for the life of me, figure this out.
>>>
>>> Thanks,
>>> Drew
>>>

>>
>>

>
>



 
Reply With Quote
 
Drew
Guest
Posts: n/a
 
      03-19-2008
"Jeff Dillon" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> You could just use NT permissions too, at the IIS or File System level.
>
> Create a local group on the server, and add the appropriate users to it.
>
> Jeff


Very true, but as I said in an earlier message, setting permissions is
easier said than done... the hoops they make me jump through are terrible!

Drew


 
Reply With Quote
 
Tim Slattery
Guest
Posts: n/a
 
      03-19-2008
"Anthony Jones" <(E-Mail Removed)> wrote:


>Where would you suggest the dictionary be stored??


Application object

--
Tim Slattery
MS MVP(Shell/User)
(E-Mail Removed)
http://members.cox.net/slatteryt
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Wireless Access Point which can limit access to a server adamgilldo@hotmail.com Wireless Networking 4 10-12-2007 09:11 AM
Some shareware has a time limit and the software will not work after the time limit has expired. anthony crowder Computer Support 20 01-16-2007 10:01 AM
Requested array size exceeds VM limit... aa@dsa-ac.de Java 5 11-28-2006 09:29 AM
(question) How to use python get access to google search without query quota limit Per Python 4 05-06-2006 02:06 AM
c program, file size limit, how to solve? 2G bytes limit. guru.slt@gmail.com C++ 1 06-27-2005 11:05 PM



Advertisments