restricting access to a page on an intranet

Topic

New Reply

I also posted this today on the Front Page lounge but am re-posting it here as this might be a more appropriate lounge.

I have created a web page on an intranet site that I want to restrict to specific users. The following Select Case seems to work intermitently but appears to fail when new users are added. It is based on the user’s logon user name and will allow authorized users (listed in the case statement ) to see the page but will otherwise display a shell page with a message saying they don’t have access rights.

<% Select Case Request.ServerVariables("LOGON_USER")
Case "ABCUSERNAMEA",_
"ABCUSERNAMEB",_
"ABCUSERNAMEC",_

more code

different code about page and message

Is this select case statement formatted correctly? Is the continuation character _ correct?

Reply | Quote

Replies

Hi Mike,

I’ve had problems with certain syntax usages of Select Case in ASP. I’m not sure if the ASP.DLL supports limited features of this keyword, but I’ve noticed similar behavior to yours.

The only thing that catches my eye is that you may want to insert a space before your underscore.

Perhaps a better way of achieving the same result would be adding the desired usernames into a simple database (such as Access) and checking against a recordset for access to the page. This would certainly save having to maintain the same list in mulptiple pages, assuming you use this feature more than once….

Let me know if you are interested in code samples of this technique.

Hope this helps!

Reply | Quote

Mark, Thank you for your help. Your Access solution sounds a much better approach to the problem. Would you be able to post your example so that others can share this?

Mike

Reply | Quote

Hi Mike,

I’ll give a few basic details of the process here. There are a number of ways to accomplish the same thing. I’ll just post the quickest and dirtiest.

Create a database (I’ll use Access as an example – anything will work) with a table called “tbl_Users” (or whatever) and add a field called “Username”. Add the desired usernames to the tbl_Users.Username field.

Create a Function in a separate ASP file to be included in any desired ASP page (with the INCLUDE statement). Note: with an included ASP file, you only need the desired ASP code – no HTML tags or Page directives are necessary.

Here’s the code for the Included file (let’s call it Authenticate.asp):

Next, use an Include statement in any desired ASP file (note: spaces added to prevent problems with display on the Lounge)

Now, you can use the AuthenticateUser function in your page’s logic to decide whether or not to show content:

Hope this helps!

(Note: I typed this directly into the Lounge without testing first – you may find typos…sorry )

Reply | Quote

I haven’t used CASE recently so I looked in my ASP book. When you use SELECT CASE, you need to preface each case with the word CASE. For your information, it would be something like this:
Select Case Request.ServerVariables(“LOGON_USER”)
Case “ABCUSERNAMEA”:
Case “ABCUSERNAMEB”:
Case “ABCUSERNAMEC”:
End Select

Obviously I haven’t tested this but this might help.

Reply | Quote

Loretta,
Thank you for your help and your solution which solves my problem.

Mike.

Reply | Quote