Using ASP to encrypt one of the homepage

Use ASP to encrypt home page

Active Server Pages (Dynamic Server home page, ASP) enables us to produce dynamic, interactive, and high-performance Web applications that enable us to query and modify the database in a very simple way, and are now accepted by more and more web designers. But we often encounter situations in development where we want some pages to be protected, access only by authorized users, and deny access to ordinary users.

Let me tell you how to use ASP to create a simple, but quite effective login scheme, so as to ensure the security of the Web application. As long as you follow the following steps, you will have a secure user login system.

Step 1: Create a user table

First we want to create a table that records the information of the authorized user. In this example, I used ACCESS97 to create a database called Userinfo.mdb, which contains information about authorized users with two fields-user name and user password, where the user name is the primary keyword. (Access is selected because it is widely known, easy to use, and suitable for most small and medium sized programs.) ）

Step 2: Set the default validation status

We will complete these settings in the Global.asa file and set a dialog variable for the default "not authenticated" status. After doing so, when the user wants to visit the protected pages, only if you have checked their ID card, they will be able to access them. The default state setting ensures that everyone is authenticated before entering the Web page.

In the Global.asa file, in the Session_OnStart event, fill in the following code

In the Global.asa file, in the Session_OnStart event, fill in the following code

< SCRIPT Language=vbscript runat=server>

SUB Session_OnStart

......

......

' This is the ' Default authentication status

Session ("authenticated") = 0

End SUB

</script>

Remember that verifying identity status settings is a very important thing, please do not forget.

Step 3: Create a User login page

This is an ASP page, which is the content of HTML. We named this page Login.asp, and for convenience, here's the sample code:

< html>

< body bgcolor=ffffff>

< FORM action= "verify.asp" method=post>

Name:

< INPUT type=text size=20 name=username>

Password:

< INPUT Type=password size=20 name=userpassword>

< INPUT type=submit value= "Login Now" >

</body>

It contains 1 tables with 2 input boxes. These input boxes are used to collect the user's username and user password. The information we have collected is presented to verify.asp for processing so that we can verify that the user has not been authorized.

Step 4: Create a system-ODBC data source (DSN) for this database

To access the Userinfo.mdb database, we need to create a system-type ODBC data source (DSN). If you are familiar with ASP, you can choose your own data source (DSN) project. To create a system-type ODBC data source (DSN), you need to do the following:

* Open the Control Panel in your computer (beginning in windows95/nt). Settings menu)

* Select "32-bit ODBC"

* Select "System DSN"

* Select "Add". Select Microsoft Access Database Driver and click Finish

* Give the data source (DSN) a name, in the database setting named "Logindsn", click "Select" to indicate the exact path of the Userinfo.mdb database.

* Click OK button

With this step, you create a system ODBC data source (DSN) named "Logindsn" in your computer and indicate the exact location of the selected Userinfo.mdb database.

Step 5: Create a validation page

This is the Verify.asp page that we saw in step 3. On this page, we will verify that the user is valid. We get the user's information from the Login.asp page (Do you remember the form for those input boxes?)