Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP General > Log in and security with classic asp

Reply
Thread Tools

Log in and security with classic asp

 
 
Jan T.
Guest
Posts: n/a
 
      09-09-2008
I wonder if anybody know a web site that has a good tutorial on this
subject.

What I want to do, is make a log in Page, and make sure that all my
pages is validating that the user is loged in until he or she logs out.

May be someone would like to give an example in this news group too?
Thank you for any help!

BTW, I am using Access 2000 and classic ASP.

Regards
Jan


 
Reply With Quote
 
 
 
 
Mike Brind [MVP]
Guest
Posts: n/a
 
      09-09-2008

"Jan T." <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>I wonder if anybody know a web site that has a good tutorial on this
>subject.
>
> What I want to do, is make a log in Page, and make sure that all my
> pages is validating that the user is loged in until he or she logs out.
>
> May be someone would like to give an example in this news group too?
> Thank you for any help!
>
> BTW, I am using Access 2000 and classic ASP.
>


You should be able to find enough help here:
http://msconline.maconstate.edu/tuto...SP/default.htm

Look specifically at the Database Access section (use the OleDb Provider)
and the Using Session Variables chapter.

--
Mike Brind
MVP - ASP/ASP.NET


 
Reply With Quote
 
 
 
 
Jan T.
Guest
Posts: n/a
 
      09-13-2008
Thank you very much. I have been reading most of it by now, but are still
wondering
if the system is safe enough? What I mean is, will it be enough to just
check the session
variable to verify that it is a valid user?

I am a newbie with asp, so in such times as now, I am interested to know
what the
chances are for unauthorized to get in where it should only be for loged in
persons.
And the best way to stop unauthorized to get in.

Thank you for any help or suggestions.

Regards
Jan




"Mike Brind [MVP]" <(E-Mail Removed)> skrev i melding
news:(E-Mail Removed)...
>
> "Jan T." <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>>I wonder if anybody know a web site that has a good tutorial on this
>>subject.
>>
>> What I want to do, is make a log in Page, and make sure that all my
>> pages is validating that the user is loged in until he or she logs out.
>>
>> May be someone would like to give an example in this news group too?
>> Thank you for any help!
>>
>> BTW, I am using Access 2000 and classic ASP.
>>

>
> You should be able to find enough help here:
> http://msconline.maconstate.edu/tuto...SP/default.htm
>
> Look specifically at the Database Access section (use the OleDb Provider)
> and the Using Session Variables chapter.
>
> --
> Mike Brind
> MVP - ASP/ASP.NET
>



 
Reply With Quote
 
Mike Brind [MVP]
Guest
Posts: n/a
 
      09-14-2008
Yes - checking the session variable is enough. That is the defacto method
for authentication.

On a bit of a side note, you mention that you are new to ASP. I have no
idea what the circumstances are that led you to beginning with ASP, but if
you have a choice in the technology you can learn, you might want to
consider ASP.NET (which is Microsoft's replacement for "classic ASP"). More
can be found at www.asp.net/learn

--
Mike Brind
MVP - ASP/ASP.NET

"Jan T." <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Thank you very much. I have been reading most of it by now, but are still
> wondering
> if the system is safe enough? What I mean is, will it be enough to just
> check the session
> variable to verify that it is a valid user?
>
> I am a newbie with asp, so in such times as now, I am interested to know
> what the
> chances are for unauthorized to get in where it should only be for loged
> in persons.
> And the best way to stop unauthorized to get in.
>
> Thank you for any help or suggestions.
>
> Regards
> Jan
>
>
>
>
> "Mike Brind [MVP]" <(E-Mail Removed)> skrev i melding
> news:(E-Mail Removed)...
>>
>> "Jan T." <(E-Mail Removed)> wrote in message
>> news:(E-Mail Removed)...
>>>I wonder if anybody know a web site that has a good tutorial on this
>>>subject.
>>>
>>> What I want to do, is make a log in Page, and make sure that all my
>>> pages is validating that the user is loged in until he or she logs out.
>>>
>>> May be someone would like to give an example in this news group too?
>>> Thank you for any help!
>>>
>>> BTW, I am using Access 2000 and classic ASP.
>>>

>>
>> You should be able to find enough help here:
>> http://msconline.maconstate.edu/tuto...SP/default.htm
>>
>> Look specifically at the Database Access section (use the OleDb Provider)
>> and the Using Session Variables chapter.
>>
>> --
>> Mike Brind
>> MVP - ASP/ASP.NET
>>

>
>



 
Reply With Quote
 
Jan T.
Guest
Posts: n/a
 
      09-16-2008
Well, I know vbscript and have tried to make a few sample asp applications,
like
a telephone cataloge an so on. I know a little Java but are unfamiliar to
C#.
In am experienced in vba, so I figured that classic asp was the easiest way?

However, after having watch the first video, I am exited and I might just
watch some
more before desiding. I really liked what I saw. So thank you for a good
tip!!

Regards
Jan



"Mike Brind [MVP]" <(E-Mail Removed)> skrev i melding
news:(E-Mail Removed)...
> Yes - checking the session variable is enough. That is the defacto method
> for authentication.
>
> On a bit of a side note, you mention that you are new to ASP. I have no
> idea what the circumstances are that led you to beginning with ASP, but if
> you have a choice in the technology you can learn, you might want to
> consider ASP.NET (which is Microsoft's replacement for "classic ASP").
> More can be found at www.asp.net/learn
>
> --
> Mike Brind
> MVP - ASP/ASP.NET
>
> "Jan T." <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> Thank you very much. I have been reading most of it by now, but are still
>> wondering
>> if the system is safe enough? What I mean is, will it be enough to just
>> check the session
>> variable to verify that it is a valid user?
>>
>> I am a newbie with asp, so in such times as now, I am interested to know
>> what the
>> chances are for unauthorized to get in where it should only be for loged
>> in persons.
>> And the best way to stop unauthorized to get in.
>>
>> Thank you for any help or suggestions.
>>
>> Regards
>> Jan
>>
>>
>>
>>
>> "Mike Brind [MVP]" <(E-Mail Removed)> skrev i melding
>> news:(E-Mail Removed)...
>>>
>>> "Jan T." <(E-Mail Removed)> wrote in message
>>> news:(E-Mail Removed)...
>>>>I wonder if anybody know a web site that has a good tutorial on this
>>>>subject.
>>>>
>>>> What I want to do, is make a log in Page, and make sure that all my
>>>> pages is validating that the user is loged in until he or she logs out.
>>>>
>>>> May be someone would like to give an example in this news group too?
>>>> Thank you for any help!
>>>>
>>>> BTW, I am using Access 2000 and classic ASP.
>>>>
>>>
>>> You should be able to find enough help here:
>>> http://msconline.maconstate.edu/tuto...SP/default.htm
>>>
>>> Look specifically at the Database Access section (use the OleDb
>>> Provider) and the Using Session Variables chapter.
>>>
>>> --
>>> Mike Brind
>>> MVP - ASP/ASP.NET
>>>

>>
>>

>
>



 
Reply With Quote
 
Phillip Windell
Guest
Posts: n/a
 
      09-17-2008
"Mike Brind [MVP]" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Yes - checking the session variable is enough. That is the defacto method
> for authentication.
>
> On a bit of a side note, you mention that you are new to ASP. I have no
> idea what the circumstances are that led you to beginning with ASP, but if
> you have a choice in the technology you can learn, you might want to
> consider ASP.NET (which is Microsoft's replacement for "classic ASP").
> More can be found at www.asp.net/learn


Hi, Mike

(As a little "testimonial" if you will) Not being a real developer I am sort
of in a constant state of being "new" to ASP, most of my ASP stuff at work
is just sort of side-projects and not part of my real job,...but there is no
one else around here to do those, so there I am. I chose ASP Classic
originally because ASP.Net had not come out yet,..but I have stayed with
Classic because you don't have to buy anything,...you can just use Notepad
to write it if you want to,...I couldn't afford the .Net Suite. I've been
told you can do ASP.Net with Notepad,..but if it is as hard as it is with
the Suite, it can't be "easier" with Notepad. Since then I have the Suite
via an MSDN Subscritpion when I was an MVP, but that is getting about 2
years old now (not an MVP now). I worked a little with ASP.Net but found it
a whole lot harder to deal with and even the simplest things seem overly
complex. Then the database access in the Suite is so heavily geared towards
the SQL Express that is packaged with it that it became a complete mess to
try to do anything with Access MDB files that I always use. SQL Express (or
Full) just is not an option in most of my situations.

So I will probably use ASP Classic for as long as IIS supports it,..and when
it no longer supports it I will probably not do anything at all any longer.
Then I'll just tell people,.."Don't look at me,...I'm not a developer".

I do get tempted to "piddle" with the Suite from time to time (both VB.Net
and ASP.net) but I don't see it ever becomming more than than. I don't
currently have the Suite loaded on anything, but if I do it will probably be
in a an XP virtual machine (Virtual PC) because the suite is so huge and
intrusive that I don't want it on my machine I use all the time.

Anyway, that is my little story. I don't post much in this group since my
ASP skills aren't that high, but I like reading the answers people get and
try to learn from them. My main area is the Networking Groups with a
particular forcus on MS ISA Server (former ISA MVP).

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------


 
Reply With Quote
 
Mike Brind [MVP]
Guest
Posts: n/a
 
      09-17-2008

"Phillip Windell" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> "Mike Brind [MVP]" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> Yes - checking the session variable is enough. That is the defacto
>> method for authentication.
>>
>> On a bit of a side note, you mention that you are new to ASP. I have no
>> idea what the circumstances are that led you to beginning with ASP, but
>> if you have a choice in the technology you can learn, you might want to
>> consider ASP.NET (which is Microsoft's replacement for "classic ASP").
>> More can be found at www.asp.net/learn

>
> Hi, Mike
>
> (As a little "testimonial" if you will) Not being a real developer I am
> sort of in a constant state of being "new" to ASP, most of my ASP stuff at
> work is just sort of side-projects and not part of my real job,...but
> there is no one else around here to do those, so there I am. I chose ASP
> Classic originally because ASP.Net had not come out yet,..but I have
> stayed with Classic because you don't have to buy anything,...you can just
> use Notepad to write it if you want to,...I couldn't afford the .Net
> Suite. I've been told you can do ASP.Net with Notepad,..but if it is as
> hard as it is with the Suite, it can't be "easier" with Notepad. Since
> then I have the Suite via an MSDN Subscritpion when I was an MVP, but that
> is getting about 2 years old now (not an MVP now). I worked a little with
> ASP.Net but found it a whole lot harder to deal with and even the simplest
> things seem overly complex. Then the database access in the Suite is so
> heavily geared towards the SQL Express that is packaged with it that it
> became a complete mess to try to do anything with Access MDB files that I
> always use. SQL Express (or Full) just is not an option in most of my
> situations.
>
> So I will probably use ASP Classic for as long as IIS supports it,..and
> when it no longer supports it I will probably not do anything at all any
> longer. Then I'll just tell people,.."Don't look at me,...I'm not a
> developer".
>
> I do get tempted to "piddle" with the Suite from time to time (both VB.Net
> and ASP.net) but I don't see it ever becomming more than than. I don't
> currently have the Suite loaded on anything, but if I do it will probably
> be in a an XP virtual machine (Virtual PC) because the suite is so huge
> and intrusive that I don't want it on my machine I use all the time.
>
> Anyway, that is my little story. I don't post much in this group since my
> ASP skills aren't that high, but I like reading the answers people get and
> try to learn from them. My main area is the Networking Groups with a
> particular forcus on MS ISA Server (former ISA MVP).
>


Circumstances drove me to learn classic ASP, although ASP.NET was in v1.0 at
the time. I looked at 1.1 and even bought VS2003, but just couldn't get on
with it. When v2.0 came out, I downloaded the free Visual Web Developer,
and had another look at ASP.NET, and got hooked. The (then) new Access- and
SqlDataSource controls made things dead simple (although I use the
ObjectDataSource now). I'm totally self-taught. Well, that's not strictly
true - I got loads of free lessons from people like Bob Barrows, Aaron
Bertrand, Anthony Jones, Dave Anderson and other regular contributors here.
But the point is, if I can do it, then anyone with the will can do it.

Microsoft (understandably) would prefer people to use SQL Server (Express),
so they don't offer anything really in terms of help with using Access.
I've tried to address that on my little site, and posted some items on the
most common problems that people using Access with ASP.NET experience,
although I haven't used Access myself for a couple of years in anger.

Visual Web Developer is completely free, and its footprint is about a third
that of Team Suite (from memory). Might be worth a look...

--
Mike Brind
MVP - ASP/ASP.NET


 
Reply With Quote
 
Phillip Windell
Guest
Posts: n/a
 
      09-17-2008

"Mike Brind [MVP]" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>
> Circumstances drove me to learn classic ASP, although ASP.NET was in v1.0
> at the time. I looked at 1.1 and even bought VS2003, but just couldn't
> get on with it. When v2.0 came out, I downloaded the free Visual Web
> Developer, and had another look at ASP.NET, and got hooked. The (then)
> new Access- and SqlDataSource controls made things dead simple (although I
> use the ObjectDataSource now). I'm totally self-taught. Well, that's not
> strictly true - I got loads of free lessons from people like Bob Barrows,
> Aaron Bertrand, Anthony Jones, Dave Anderson and other regular
> contributors here.


Yep familar names Although I haven't seen Aarons Bertand's name around
much anymore. I had breakfast with Bob Barrows one morning at one of the
previous MVP Summits, but I don't know if he remembers me. Curt Christianson
may have been at the table too, but its all getting a little fuzzy now. I
have not been in the MVP program for about a year and a half now.

> Visual Web Developer is completely free, and its footprint is about a
> third that of Team Suite (from memory). Might be worth a look...


Yea, I may have to check that out. Especially if they have improved things
with more/better data access controls.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------


 
Reply With Quote
 
Bob Barrows [MVP]
Guest
Posts: n/a
 
      09-17-2008
Phillip Windell wrote:
> "Mike Brind [MVP]" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...


> Yep familar names Although I haven't seen Aarons Bertand's name
> around much anymore. I had breakfast with Bob Barrows one morning at
> one of the previous MVP Summits, but I don't know if he remembers me.
> Curt Christianson may have been at the table too, but its all getting
> a little fuzzy now. I have not been in the MVP program for about a
> year and a half now.

Your memory is fine, i would say
--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so I
don't check it very often. If you must reply off-line, then remove the
"NO SPAM"


 
Reply With Quote
 
Dave Anderson
Guest
Posts: n/a
 
      09-17-2008
"Mike Brind [MVP]" wrote:
> Visual Web Developer is completely free, and its footprint is about
> a third that of Team Suite (from memory). Might be worth a look...


Unless things have changed from the last time I used it, Visual Web
Developer 2008 has dropped support (Intellisense, code formatting, etc.) for
classic ASP. This is a real shame, because VWB 2005 was a great IDE for
classic ASP work. The full Visual Studio 2008 seems to have no such
problems.



--
Dave Anderson

Unsolicited commercial email will be read at a cost of $500 per message. Use
of this email address implies consent to these terms.

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Classic asp security question Atlbike ASP .Net 0 02-21-2007 04:28 PM
ASP Problem: "IIS log failed to write entry" in Event Log cherryparadise001@gmail.com ASP General 0 05-26-2006 01:52 AM
My.Log.WriteException not writing to Event Log with ASP.Net 2.0 Tom Wingert ASP .Net Web Services 0 01-12-2006 06:46 PM
ASP.NET /Classic ASP Security Mix =?Utf-8?B?Sg==?= ASP .Net 1 07-13-2004 08:40 PM
Need help on the Permissions needed to log to Event Log from ASP.NET? Henrik_the_boss ASP .Net 0 11-05-2003 10:14 AM



Advertisments