Use array to limit access
in [ASP]
|
From: Drew on 19 Mar 2008 12:01 I am trying to limit access to certain pages on our intranet, and have been using the following code to do so, dim Login, L, LL, StringLen, NTUser Set Login = Request.ServerVariables("LOGON_USER") L=Len(Login) LL=InStr(Login, "\") StringLen=L-LL NTUser = (Right(Login, StringLen)) If NTUser <> "DLaing" Then If NTUser <> "DLowe" Then If NTUser <> "DWoods" Then Response.Redirect("http://swvtc06/swvtc/default.asp") End If End If End If The problem is that if I want to add more users to have access to the page, then I have to add another IF and END IF line. I would like to implement some way to do this using an array. For instance put the usernames into the array and then if it matches then allow access, if not then redirect. I know this is not a bulletproof way to do this, and there are more robust methods, but this works very well for our user base and our needs. I am having a really bad case of brain block, and cannot, for the life of me, figure this out. Thanks, Drew
From: Anthony Jones on 19 Mar 2008 12:41 "Drew" <drew.laing(a)swvtc.dmhmrsas.virginia.gov> wrote in message news:OZQKAqdiIHA.4076(a)TK2MSFTNGP05.phx.gbl... > I am trying to limit access to certain pages on our intranet, and have been > using the following code to do so, > > dim Login, L, LL, StringLen, NTUser > Set Login = Request.ServerVariables("LOGON_USER") > L=Len(Login) > LL=InStr(Login, "\") > StringLen=L-LL > NTUser = (Right(Login, StringLen)) > > If NTUser <> "DLaing" Then > If NTUser <> "DLowe" Then > If NTUser <> "DWoods" Then > Response.Redirect("http://swvtc06/swvtc/default.asp") > End If > End If > End If > > The problem is that if I want to add more users to have access to the page, > then I have to add another IF and END IF line. I would like to implement > some way to do this using an array. For instance put the usernames into the > array and then if it matches then allow access, if not then redirect. I > know this is not a bulletproof way to do this, and there are more robust > methods, but this works very well for our user base and our needs. I am > having a really bad case of brain block, and cannot, for the life of me, > figure this out. > First lets deal with that user name thing:- Function GetUser() sLogon = Request.ServerVariables("LOGON_USER") GetUser = Mid(sLogon, InStr(sLogon, "\")) End Function Note no Set when getting LOGON_USER and Mid third parameter is optional which when missing means 'to the end of the string'. Const gcsAllowedUser = "DLang; DLowe; DWood;" If Instr(gcsAllowedUsers, GetUser() & ";") = 0 Then Response.Redirect("http://swvtc06/swvtc/default.asp") End If If you want to restrict a set of pages then put the above code in an ASP page of its own, say priviledged.asp in the root of your web then in each page you want to protect:- <!-- #include virtual="/priviledged.asp" --> -- Anthony Jones - MVP ASP/ASP.NET
From: Drew on 19 Mar 2008 12:48 "Anthony Jones" <Ant(a)yadayadayada.com> wrote in message news:uVnTMAeiIHA.484(a)TK2MSFTNGP06.phx.gbl... > "Drew" <drew.laing(a)swvtc.dmhmrsas.virginia.gov> wrote in message > news:OZQKAqdiIHA.4076(a)TK2MSFTNGP05.phx.gbl... >> I am trying to limit access to certain pages on our intranet, and have > been >> using the following code to do so, >> >> dim Login, L, LL, StringLen, NTUser >> Set Login = Request.ServerVariables("LOGON_USER") >> L=Len(Login) >> LL=InStr(Login, "\") >> StringLen=L-LL >> NTUser = (Right(Login, StringLen)) >> >> If NTUser <> "DLaing" Then >> If NTUser <> "DLowe" Then >> If NTUser <> "DWoods" Then >> Response.Redirect("http://swvtc06/swvtc/default.asp") >> End If >> End If >> End If >> >> The problem is that if I want to add more users to have access to the > page, >> then I have to add another IF and END IF line. I would like to implement >> some way to do this using an array. For instance put the usernames into > the >> array and then if it matches then allow access, if not then redirect. I >> know this is not a bulletproof way to do this, and there are more robust >> methods, but this works very well for our user base and our needs. I am >> having a really bad case of brain block, and cannot, for the life of me, >> figure this out. >> > > > First lets deal with that user name thing:- > > Function GetUser() > > sLogon = Request.ServerVariables("LOGON_USER") > > GetUser = Mid(sLogon, InStr(sLogon, "\")) > > End Function > > Note no Set when getting LOGON_USER and Mid third parameter is optional > which when missing means 'to the end of the string'. > > Const gcsAllowedUser = "DLang; DLowe; DWood;" > > If Instr(gcsAllowedUsers, GetUser() & ";") = 0 Then > Response.Redirect("http://swvtc06/swvtc/default.asp") > End If > > If you want to restrict a set of pages then put the above code in an ASP > page of its own, say priviledged.asp in the root of your web then in each > page you want to protect:- > > <!-- #include virtual="/priviledged.asp" --> > > > -- > Anthony Jones - MVP ASP/ASP.NET Thanks Anthony, that looks to work great... I don't use this on all pages, just a few and this will work great! Thanks, Drew
From: Jeff Dillon on 19 Mar 2008 13:58 I would store usernames in a database instead of an array in an ASP page that you would have to maintain. Jeff "Drew" <drew.laing(a)swvtc.dmhmrsas.virginia.gov> wrote in message news:OZQKAqdiIHA.4076(a)TK2MSFTNGP05.phx.gbl... >I am trying to limit access to certain pages on our intranet, and have been >using the following code to do so, > > dim Login, L, LL, StringLen, NTUser > Set Login = Request.ServerVariables("LOGON_USER") > L=Len(Login) > LL=InStr(Login, "\") > StringLen=L-LL > NTUser = (Right(Login, StringLen)) > > If NTUser <> "DLaing" Then > If NTUser <> "DLowe" Then > If NTUser <> "DWoods" Then > Response.Redirect("http://swvtc06/swvtc/default.asp") > End If > End If > End If > > The problem is that if I want to add more users to have access to the > page, then I have to add another IF and END IF line. I would like to > implement some way to do this using an array. For instance put the > usernames into the array and then if it matches then allow access, if not > then redirect. I know this is not a bulletproof way to do this, and there > are more robust methods, but this works very well for our user base and > our needs. I am having a really bad case of brain block, and cannot, for > the life of me, figure this out. > > Thanks, > Drew >
From: Drew on 19 Mar 2008 14:15 I agree, although this is just for testing, after I have already assigned permissions to the DB, and I want to allow a few users to test the application before releasing it. The process to assign permissions is out of my hands, and takes a lot longer than it should (I have to submit form after form to do it, and I would rather not do that for testing)... Thanks, Drew "Jeff Dillon" <jeffdillon(a)hotmailremove.com> wrote in message news:uEgsUreiIHA.4076(a)TK2MSFTNGP05.phx.gbl... >I would store usernames in a database instead of an array in an ASP page >that you would have to maintain. > > Jeff > > "Drew" <drew.laing(a)swvtc.dmhmrsas.virginia.gov> wrote in message > news:OZQKAqdiIHA.4076(a)TK2MSFTNGP05.phx.gbl... >>I am trying to limit access to certain pages on our intranet, and have >>been using the following code to do so, >> >> dim Login, L, LL, StringLen, NTUser >> Set Login = Request.ServerVariables("LOGON_USER") >> L=Len(Login) >> LL=InStr(Login, "\") >> StringLen=L-LL >> NTUser = (Right(Login, StringLen)) >> >> If NTUser <> "DLaing" Then >> If NTUser <> "DLowe" Then >> If NTUser <> "DWoods" Then >> Response.Redirect("http://swvtc06/swvtc/default.asp") >> End If >> End If >> End If >> >> The problem is that if I want to add more users to have access to the >> page, then I have to add another IF and END IF line. I would like to >> implement some way to do this using an array. For instance put the >> usernames into the array and then if it matches then allow access, if not >> then redirect. I know this is not a bulletproof way to do this, and >> there are more robust methods, but this works very well for our user base >> and our needs. I am having a really bad case of brain block, and cannot, >> for the life of me, figure this out. >> >> Thanks, >> Drew >> > >
|
Next
|
Last
Pages: 1 2 3 Prev: How to setup a HTTP Server in the PC Next: How to use HTTP protocol to get documents ? |