Use array to limit access
in [ASP]
|
From: Jeff Dillon on 19 Mar 2008 14:38 You could just use NT permissions too, at the IIS or File System level. Create a local group on the server, and add the appropriate users to it. Jeff "Drew" <drew.laing(a)swvtc.dmhmrsas.virginia.gov> wrote in message news:eoTOY0eiIHA.2268(a)TK2MSFTNGP02.phx.gbl... >I agree, although this is just for testing, after I have already assigned >permissions to the DB, and I want to allow a few users to test the >application before releasing it. The process to assign permissions is out >of my hands, and takes a lot longer than it should (I have to submit form >after form to do it, and I would rather not do that for testing)... > > Thanks, > Drew > > "Jeff Dillon" <jeffdillon(a)hotmailremove.com> wrote in message > news:uEgsUreiIHA.4076(a)TK2MSFTNGP05.phx.gbl... >>I would store usernames in a database instead of an array in an ASP page >>that you would have to maintain. >> >> Jeff >> >> "Drew" <drew.laing(a)swvtc.dmhmrsas.virginia.gov> wrote in message >> news:OZQKAqdiIHA.4076(a)TK2MSFTNGP05.phx.gbl... >>>I am trying to limit access to certain pages on our intranet, and have >>>been using the following code to do so, >>> >>> dim Login, L, LL, StringLen, NTUser >>> Set Login = Request.ServerVariables("LOGON_USER") >>> L=Len(Login) >>> LL=InStr(Login, "\") >>> StringLen=L-LL >>> NTUser = (Right(Login, StringLen)) >>> >>> If NTUser <> "DLaing" Then >>> If NTUser <> "DLowe" Then >>> If NTUser <> "DWoods" Then >>> Response.Redirect("http://swvtc06/swvtc/default.asp") >>> End If >>> End If >>> End If >>> >>> The problem is that if I want to add more users to have access to the >>> page, then I have to add another IF and END IF line. I would like to >>> implement some way to do this using an array. For instance put the >>> usernames into the array and then if it matches then allow access, if >>> not then redirect. I know this is not a bulletproof way to do this, and >>> there are more robust methods, but this works very well for our user >>> base and our needs. I am having a really bad case of brain block, and >>> cannot, for the life of me, figure this out. >>> >>> Thanks, >>> Drew >>> >> >> > >
From: Drew on 19 Mar 2008 15:42 "Jeff Dillon" <jeffdillon(a)hotmailremove.com> wrote in message news:uivIzBfiIHA.5968(a)TK2MSFTNGP04.phx.gbl... > You could just use NT permissions too, at the IIS or File System level. > > Create a local group on the server, and add the appropriate users to it. > > Jeff Very true, but as I said in an earlier message, setting permissions is easier said than done... the hoops they make me jump through are terrible! Drew
From: Tim Slattery on 19 Mar 2008 16:07 "Anthony Jones" <Ant(a)yadayadayada.com> wrote: >Where would you suggest the dictionary be stored?? Application object -- Tim Slattery MS MVP(Shell/User) Slattery_T(a)bls.gov http://members.cox.net/slatteryt
From: Anthony Jones on 19 Mar 2008 16:18 "Tim Slattery" <Slattery_T(a)bls.gov> wrote in message news:tis2u3lqdqqmkpfa72q73ri0q40gbo5kcn(a)4ax.com... > "Anthony Jones" <Ant(a)yadayadayada.com> wrote: > > > >Where would you suggest the dictionary be stored?? > > Application object > The application object will not accept Single threaded objects such as the dictionary object. -- Anthony Jones - MVP ASP/ASP.NET
From: Daniel Crichton on 20 Mar 2008 10:20 Anthony wrote on Wed, 19 Mar 2008 16:41:11 -0000: > "Drew" <drew.laing(a)swvtc.dmhmrsas.virginia.gov> wrote in message > news:OZQKAqdiIHA.4076(a)TK2MSFTNGP05.phx.gbl... >> I am trying to limit access to certain pages on our intranet, and >> have > been >> using the following code to do so, >> dim Login, L, LL, StringLen, NTUser >> Set Login = Request.ServerVariables("LOGON_USER") >> L=Len(Login) >> LL=InStr(Login, "\") >> StringLen=L-LL >> NTUser = (Right(Login, StringLen)) >> If NTUser <> "DLaing" Then >> If NTUser <> "DLowe" Then >> If NTUser <> "DWoods" Then >> Response.Redirect("http://swvtc06/swvtc/default.asp") >> End If >> End If >> End If >> The problem is that if I want to add more users to have access to the > page, >> then I have to add another IF and END IF line. I would like to >> implement some way to do this using an array. For instance put the >> usernames into > the >> array and then if it matches then allow access, if not then redirect. >> I know this is not a bulletproof way to do this, and there are more >> robust methods, but this works very well for our user base and our >> needs. I am having a really bad case of brain block, and cannot, for >> the life of me, figure this out. > First lets deal with that user name thing:- > Function GetUser() > sLogon = Request.ServerVariables("LOGON_USER") > GetUser = Mid(sLogon, InStr(sLogon, "\")) > End Function > Note no Set when getting LOGON_USER and Mid third parameter is optional > which when missing means 'to the end of the string'. > Const gcsAllowedUser = "DLang; DLowe; DWood;" > If Instr(gcsAllowedUsers, GetUser() & ";") = 0 Then > Response.Redirect("http://swvtc06/swvtc/default.asp") > End If > If you want to restrict a set of pages then put the above code in an ASP > page of its own, say priviledged.asp in the root of your web then in each > page you want to protect:- If a username that is a substring of an allowed name, for example Lowe or Wood, is added to the system, they'll be allowed access too without being added to the gcsAllowedUser list ... While it should work for a simple setup, I just wanted to point out a possible pitfall of using this method on a wider scale. -- Dan
First
|
Prev
|
Next
|
Last
Pages: 1 2 3 Prev: How to setup a HTTP Server in the PC Next: How to use HTTP protocol to get documents ? |