SHARE THIS PAGE

ASP Classic - Adding Security

« Previous

Next Chapter »

Learn ASP Classic by building a web site from scratch.

Part V: Adding Security.

What We Will Do

In this chapter we will:

Add access restriction security to a web page

Membership, Login, and Security

In the previous chapter we added a registration page and a login page to the web site.

When a membership is registered, the user can login, with his email address and password.

However, user membership and login functions do not automatically restrict (or open) any access to the web site.

Security (access restrictions) has to be added to each of the web pages.

Adding Security to Pages

Access restrictions (security) can easily be added to any web page.

Just put the following code inside the page:

Security Code:

if Session("username")="" then
Response.Redirect("Login.asp")
end if

The code above executes an if test, asking if the user is logged in. If not, the user is redirected to the login page.

Preventing Access to the Database

In our example, the page Customers.asp, lists customers from the "Northwind" database.

Add the security code at the beginning of the page:

Customers.asp

<%
if Session("username")="" then
Response.Redirect("Login.asp")
end if
%>
var db = Database.Open("Northwind");
var query = db.Query("SELECT CompanyName,City,Country FROM Customers");
}
<html>
<body>
<h1>Customers</h1>
<table>
<tr>
<th>Name</th>
<th>City</th>
<th>Country</th>
</tr>
@foreach(var row in query)
{
<tr>
<td>@row.CompanyName</td>
<td>@row.City</td>
<td>@row.Country</td>
</tr>
}
</table>
</body>
</html>

The Customers page above, is a copy of the page from the previous chapter about databases. The security code (added at the beginning) is marked red.