Web Development

General discussion


How to add logins to a web page?

By evin.hill ·
I need to know how to add or change the number of users that can log in to a website. We are using IIS to host the site. I did not develope the login, it is using an If then statement but using a set user name and password. I tried copying the if then statement and changing the username and password but it does not work. Is there another part of the page I should look at for the code? I'm not too familiar with websites requiring a login. It's a hardcoded index page that when you go to the url, you have to log in on that page and then it takes you to the rest of the site. Please drop any suggestions. Thanks!

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

scant data

by apotheon In reply to How to add logins to a we ...

There is not NEARLY enough information here to even begin to help you with this. You probably need someone that can look over your shoulder to figure out what's going on in person, because it doesn't look like you're equipped to provide useful information on your problem.

The first question for which I'd need an answer is this: In what language is this "if/then" statement?

If you want programming help on server-side web development, and you know little enough about what you're doing to have posted this as you have, I rather suspect you'd need to post the entirety of the login code to this discussion in order to get any useful help. I rather suspect that would be out of the question.

Collapse -

ought to be posted in technical Q&A but...

by CG IT In reply to scant data

in IIS, expand web sites, in the right pane, right click on the respective web site and choose properties. Click on the directory security tab. click on the authentication and access control edit radio button. this will bring up the authentication methods properties page. you should have intergrated Windows authentication or whatever authentication package your using checked. If you want anonymous access [no user name and passwrod required] check the anonymous access check box and specify the IUSER_<server name> account and password.

Authentication methods are always if this then that statement [a rule] e.g. [set of criteria matches, allow or deny access] you set the authentication methods you want and the criteria for allowing access. Users must meet that criteria [user name and password]to be granted access otherwise the default rule is deny access.

If your using server extensions [frontpage server extensions] you can set administration by opening the default web site properties, click the server extensions tab and click the settings radio button. this will open up the server extensions properties page.

Collapse -

holy cow

by apotheon In reply to ought to be posted in tec ...

After reading that, I'm glad I haven't had to deal with IIS in about six years. That's just asinine.

What is that, a graphical .htaccess editor?

No wonder IIS is so bad at authenticated access security.

Collapse -

Got a feeling

by Tony Hopkinson In reply to ought to be posted in tec ...

this is an adhoc security mechanism on top of an anonymous login. If you used IIS's integrated security, no if/then testing would be necessary. If the web server is in a domain you've even more problems.

Collapse -

I apologize for the lack of info.

by evin.hill In reply to Got a feeling

I did not know where to post this, but basically, from what I gathered, like I said I'm knew here and the managers just asked if/how to do this. The site is hosted on an in house IIS server. When you type in the URL you get an page that asks you to log in. Once you log in, you are then taken to the actual site. We want to give all employees individual access to this website under their own user name. When I looked at the page in Frontpage, the login button had an onClick statement, but I could not view the statement. I got the If/Then statement when I opened it up in Dreamweaver. I just need to know how add or create other user name and passwords that will be valid for logging in. I guess I'm looking for the theory behind how the page was set up so I can understand it better to ask the correct question.

Collapse -

A bit of info so you can find out more

by Tony Hopkinson In reply to I apologize for the lack ...

Well if you were using intergeated security you would have tio do nothing on your page as the NT login to the domain would take care of the login. The files would then be setup so the individual users had access. Essentially exactly the same process as you would use to let them see them via network places in explorer.
More likely the security mechanism is an add on on top of anonymous access. There arecmany ways of doing that though. If you use google to search for password on a web page with (asp, javascript, vbscript) ?? you might be able to relate an example to waht you appear to have.

Collapse -

here's what I think is going on

by apotheon In reply to A bit of info so you can ...

From what has been posted so far, it sounds like authentication on the website is handled by way of Javascript authentication. This, my friends, is a very BAD idea. Javascript authentication is worse than no user/password security at all.

Javascript runs client-side. This means that a visitor to the page can use View Source to at least get clues to where the authentication data is located, if not to directly access the authentication data itself. Thus, Javascript authentication provides an illusion of security without any actual security at all.

Worse, if the usernames and passwords match up with the usernames and passwords for employees on the company network, by exploiting this vulnerable "security" setup, a malicious cracker can gain the employee usernames and passwords for the network itself. This is a VERY BAD THING.

If that's what's going on with the website authentication, the only good option is to change it NOW. Almost any alternative is better than that "security" scheme.

It's possible, however, that it's not Javascript authentication. It could be that all the Javascript is doing is prompting a secure page to load in a new window, or something to that effect. This is something you'll probably have to sort out for yourself, basically.

Good luck.

Collapse -

Had same feeling

by Tony Hopkinson In reply to here's what I think is go ...

could still be asp I suppose, but a lot of people who do that forget https anyway, which is a wax padlock solution.
A quick bit of googling should come up with a number of possibilities though, then rip out the old method and use something that you understand instead. Major documentation failure happening anway. Scripted solutions are always messy, documentation isn't optional.

Collapse -

In defense of posting it here

by wordworker In reply to ought to be posted in tec ...

Some people don't realize TechQ&A is the best place to post these questions because they're new here and they don't know the lay of the land. They're stressed out and need help. Plus, if you're new to TR, you don't have a whole heck of a lot of points to offer up in the first place. That said, if someone consistently posts questions in Discussions after they know better, then they deserve some shredding. Otherwise, one dip in the Q&A pool with a tech question should be allowed, imo.

Collapse -

by evin.hill In reply to In defense of posting it ...

Sorry guys, I am new to using the tech republic discussion and Q&A forums. I do apologize.

Related Discussions

Related Forums