Entry

Where can I download some sort of low-medium security login screen for ASP?

Jun 26th, 2000 07:28
unknown unknown, Ben Nelson

I'm sure there are plenty around, but most of them are being used by
people who designed their own.  If you're only after low-medium 
security, just use a form and then validate it against a database.  I'd 
rather not reveal my login code for security reasons, and a login form 
is such a key entry point to a web site that I don't want to share that 
either.  After all, being unique helps with recognition.  I think you 
will find most people feel the same way about the visible portions of 
their sites.  However, so that I don't leave you totally hanging, here's 
a general summary that you can start with: The basic idea is to store 
the account info in a database table with the Username as the primary 
key.  To check the username, do "SELECT Password WHERE Username ='" & 
Username & "'" and see if it returns any records.  If it does, then 
check the password against the one returned from the database.  If it 
doesn't, then you have an invalid Username.  Return the appropriate 
message for each case.
On the login form you need two form fields for Username and for 
Password, each labelled appropriately, and "Login" and "Reset" buttons. 
 Use tables to line up the buttons and text.  To return error messages, 
store the message in a session variable (say "message", for example) and 
then put:

<%=Session("message")%>

into your HTML at the place where you want the message to appear.  
Displaying the message is as simple as saving the appropriate message to 
the session variable and redirecting back to the login page.

P.S.  If you need more security and have access to Windows NT / 2000 
Server, then read up on NT challenge response and/or SSL.