Click here to Skip to main content
11,813,557 members (66,533 online)
Click here to Skip to main content

Protecting pages with include files

, 14 Sep 2000 CPOL 120.4K 1.2K 34
Rate this:
Please Sign up or sign in to vote.
An article on how to easily password protect a site using include files


In this article I will show you how to authenticate users so as to protect pages from being seen without permission. It uses a set of ASP files that will be included to each page that needs protection.

In the example the authetication occurs with a couple of StrComp comparsions, but in real world it should be done using a table or a COM component.

These are the necessary asp files with a explanation of its use:

Login.asp This file ask for the userID and password
LoginCheck.asp This file checks if the userID and password are OK. If so it redirects to the correct page, otherwise it redirects to the Access Denied page
AcessDenied.asp This is the file with the Access Denied message, nothing more
Pages.asp To be able to redirect to the right page after the login I gave each page a unique identifier. So this file has the list of pages and it's identifier. The URL is retrieved from the function GetURLFromNumber
Protector.asp This file must be included in each page that needs protection. Before its inclusion an identifier called nURLID must be declared with the value of the identifier for this page (see Pages.asp).

To see it working click here

More information about include files can be found typing "#include" on the Index page of MSDN.


This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)


About the Author

Architect VisionOne AG
Switzerland Switzerland
XicoLoko is a brazilian developer based in Switzerland.

You may also be interested in...

Comments and Discussions

GeneralTwo Comments Pin
James Curran 23-Aug-00 7:59
sussJames Curran 23-Aug-00 7:59 
First, the Pages.asp file is unnecessary. The name of the ASP page being executed is available via Request.ServerVariables("SCRIPT_NAME"). This can then be passed on the request line as ID is now, or stored in a session variable.

Also, it's probably not a good idea to store the password as a cookie. (security breach) It would be better create some unique code which the ASP page can read as "User is successfully loged on", but give no information about the actual password
GeneralRe: Two Comments Pin
xicololoko23-Aug-00 10:31
sussxicololoko23-Aug-00 10:31 
GeneralRe: Two Comments Pin
James Curran23-Aug-00 17:52
sussJames Curran23-Aug-00 17:52 
GeneralRe: Two Comments Pin
Tom Wellige23-Aug-00 22:25
sussTom Wellige23-Aug-00 22:25 
GeneralRe: Two Comments Pin
James Curran 24-Aug-00 10:56
sussJames Curran 24-Aug-00 10:56 
GeneralRe: Two Comments Pin
Uwe Keim24-Aug-00 19:40
sussUwe Keim24-Aug-00 19:40 
GeneralRe: Two Comments Pin
Tom Wellige24-Aug-00 21:01
sussTom Wellige24-Aug-00 21:01 
GeneralRe: Two Comments Pin
Claude Vedovini28-Aug-00 7:18
sussClaude Vedovini28-Aug-00 7:18 
GeneralRe: Two Comments Pin
Tom Wellige29-Aug-00 10:19
sussTom Wellige29-Aug-00 10:19 
GeneralRe: Two Comments Pin
karthik18-Sep-00 7:25
susskarthik18-Sep-00 7:25 
GeneralRe: Two Comments Pin
shabbir karim25-Dec-02 23:59
sussshabbir karim25-Dec-02 23:59 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

| Advertise | Privacy | Terms of Use | Mobile
Web02 | 2.8.151002.1 | Last Updated 15 Sep 2000
Article Copyright 2000 by xicoloko
Everything else Copyright © CodeProject, 1999-2015
Layout: fixed | fluid