General discussion

Locked

Secure Web Site

By Jeremy The IT Guy ·
I have developed an ASP logon for "Client Access". Once a client is authenticated, they will be redirected to their own company page. Well, this is susposed to be secure and if someone were to just type in the URL for the client's page, they can go there without any authentication. Can some one help? Here is the scenerio. If you go to http://www.myweb.com and click client access, then authenticate, the url looks like this: http://www.myweb.com/clientaccess/company.html. Well, if you wereto bypass the authentication and just type in the url above, you could get to this page. Thanks for the help, Jeremy

This conversation is currently closed to new comments.

7 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Secure Web Site

by Gigelul In reply to Secure Web Site

You don't say how is built your Web server (OS, IIS, etc) but generaly you must check Directory security options (for folder structure of your web) and disable anonymous access and allow only Athentication control method for these folders.

Collapse -

Secure Web Site

by Jeremy The IT Guy In reply to Secure Web Site

My setup is IIS 5.0 on a Windows 2000 Pro machine but I can easily switch it to 2000 Server. If I were to disable anonymous connections, how can I use my ASP page for authentication? Can I? I have tried the directory security but I haven't tried to disable anonymous connections yet because I don't know how to make my ASP page my authorization page. Could you help? Thanks, Jeremy
If you help, I'll give you the points.

Collapse -

Secure Web Site

by Jay Eckles In reply to Secure Web Site

One possibility is to make each company page part of the same ASP application, you can use the sessino variable to hold an "authenticated" flag. You could then check that before displaying the company page. However, using authentication from the web server is a better choice.

Good luck.

Jay Eckles

Collapse -

Secure Web Site

by Jeremy The IT Guy In reply to Secure Web Site

Could you give me an example? I would like to do the web server authentication too but then don't I have to have an NT username and password for each person viewing the page? Thanks, Jeremy

Collapse -

Secure Web Site

by iht4 In reply to Secure Web Site

One simple solution (although not fully secure)would be to control the referring page for your company sites. If this was restricted to only allowing people who have come from your client access page to continue, all other direct url requests couldthen be redirected to the logon page.

for example, http://javascript.internet.com/user-details/referrer-redirect.html demonstrates this functionality.

rgds
Iain

Collapse -

Secure Web Site

by Jeremy The IT Guy In reply to Secure Web Site

I went with session IDs and I forgot to close this question. I got every page that I want to secure requesting 2 sessionIDs and if they aren't there, they are redirected to the logon page. Thanks for yout help though, Jeremy

Collapse -

Secure Web Site

by Jeremy The IT Guy In reply to Secure Web Site

This question was closed by the author

Back to Web Development Forum
7 total posts (Page 1 of 1)  

Related Discussions

Related Forums