General discussion

Locked

Log in form and permissions

By davoud ·
Hi all,
I am trying to design a sample website(a newbie, learning and practicing) which will have different parts. Users will have different permissions to access to those parts. In other words if we refer to the different parts of the website as A,B,C,D..., user 1 might have permission to access to part A and C, user 2 might have permission to access to part B, and so forth.

Now, I know that I can put a link to each part on Home page and ask user to click on the link and then it will bring up a page that the user can enter user name and password to log in but to be more convenient for all users, I was thinking about a way to put the log in form on the Home page and make the procedure of the loging in automatic for all users, which means after inserting the log in information and submitting them, then the log in form automatically directs the user to the related part of the web site. Could you advice on how I can do this please?

Second question is that, is there any way to set just one password for user 1 to access to part A and C and still make the loging in procedure automatic?

Thanks very much for your input.

This conversation is currently closed to new comments.

4 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Something to think about

by jsiatkowski In reply to Log in form and permissio ...

I'm fairly new at this as well, but I do have some suggestions. You can handle security/authentication in different ways, and I want to address two of them.

1) In your test application, you may have the user information stored in the database. So, you could conceivably create a lookup table that holds user permissions to sections of your application. When a user logs onto your app, you could store that user's app permissions in the session or business object and set visibility of the controls on your web page based on this.

2) You can use Windows authentication and NT groups for security. In your web config, you can authorize and deny users and roles (nt groups) and in your code behind for the web page, you can access the server variables for the user and use the InIsRole property to handle access to the sections of your page.

Read up a little bit on the authorization and impersonation sections of the web config. I developed a small application here that allows only users from an NT group to use it. My web config allows only that role and denies all others. Additionally, because my application itself required access to a remote database, I was able to use impersonation to define a user account in that group to use so the web server could access that database. Good luck!

Collapse -

by davoud In reply to Something to think about

Long way to go for me...:) I guess I need to read some.

Thanks very much for your message.

Collapse -

Interesting......

by lawrencem In reply to

I am persueing the same effect for a website I am building. Also a newbie to building dynamic pages and to top it off also new to PHP and MySQL!
Tell me, what application are you using to build your pages and what kind of server you are using to serve those pages?
For me I am using Dreamweaver MX 2004 to build thwe application and PHP4/MySQL 4.3 to store the login and registration information.
What I did was create a database in MySQL then created registration and login pages using Dreamweaver and PHP.
Now when a user registers, their information is assessed, (manually) and then assigned a level of access.
Then on my website I have categories A, B, C,and D.
An A category user can access the whole site.
The rest of categories are restricted from certain pages.
On these pages I created a restrict access to page server behavior in dreamweaver inspecting for username, password and userLevel fields.
The userLevel is a hidden dynamic filed that compares the entered username to the access level in the database.
So far the concept is working fine, but I have to improve my PHP and MySQL skills!
Hope this helps.
Best regards,
lawrencem

Collapse -

Well,

by davoud In reply to Interesting......

I do not have a website and I am not creating a website. I am in the process of learning researching. Right now I am doing research on different issues. I have Microsoft FrontPage 2003 and I will use it in the future.

Quote by lawrencem
For me I am using Dreamweaver MX 2004 to build thwe application and PHP4/MySQL 4.3 to store the login and registration information.


Yes You are just doing fine.

Quote by lawrencem
Now when a user registers, their information is assessed, (manually) and then assigned a level of access.


How do you assess the information manually? Could you explain it in detail with an example please? What if there are lots of users, How would you handle it manually? Is it practical?

I am looking for a way to make the procedure automatic.

Quote by lawrencem
Then on my website I have categories A, B, C,and D.
An A category user can access the whole site.
The rest of categories are restricted from certain pages.


O.K Are these categories and restrictions built by PHP?


Quote by lawrencem
On these pages I created a restrict access to page server behavior in dreamweaver inspecting for username, password and userLevel fields.


Well I just started to learn FrontPage and I guess I can do the same thing with Microsoft FrontPage. Am I correct?

Thanks very much for your message. Sorry if you find my questions very simple. I am just a newbie :)
Back to Web Development Forum
4 total posts (Page 1 of 1)  

Related Discussions

Related Forums