Password Protecting Web Pages


John Jansen, one of the FrontPage testers, sent me these three different ways to password protect pages in FrontPage.


Using a FrontPage site template and ASP
Using Code Snippets
Using ASP.NET


To password protect pages using a FrontPage site template and ASP


Here are specific steps to password protect pages using features built into FrontPage:



  1. From the File menu, click New.
  2. From the Web Site tab, select FrontPage Server Templates from the first list, and then select Database Interface Wizard from the second list.
  3. Type the location where you want to put your password protected page. This must be an Windows Web server running IIS.
  4. Click OK.
  5. In the Wizard…

    1. Click Next to create an ASP solution.
    2. Click Next to use the default name for the connection.
    3. Click Next to use the default columns in the table.
    4. Click Next after the DB is created.
    5. Click Next to use the default table.
    6. Check the box to use a Database Editor.
    7. Click Next.
    8. Choose a password and enter it.
    9. Click Next.
    10. Click Finish.

  6. After FrontPage finishes building the site, all of the necessary code for password protecting pages has been generated. In order to protect any new pages, simply put the following code:
    <!-- #include file=”login.asa” -->
    <%
    If Session(SiteId) <> true Then
    Response.Redirect(“login.asp?requester=<!--insert page name here-->”)
    End If
    %>
    above the <HTML> tag on any page and save as .asp.

To password protect pages using Code Snippets


Here are steps to create password protected pages using code snippets:



  1. Create a new site in FrontPage.
  2. Create a new page and switch to Code view.
  3. Delete all the code in the new page.
  4. Paste the following code as a code snippet.
    <%
    Username="user"
    Password="pass"
    ' if any of the variables do not match, create error message
    if Request.Form("login") <> Username or Request.Form("password") <> Password then
    MsgErr = "<h3>Authorization Failed.</h3>"
    Response.Write MsgErr
    ' if correct, set the session variable and proceed
    Else
    Session("someStringValue") = true
    ' redirect
    If Len(Request("requester")) > 0 Then
    Response.Redirect (Request("requester"))
    Else
    Response.Redirect "protected.asp"
    End if
    End if
    %>
    <html>
    <head>
    <title>Results -- Login</title>
    <meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
    <meta name="GENERATOR" content="Microsoft FrontPage 6.0">
    <meta name="ProgId" content="FrontPage.Editor.Document">
    </head>

    <body bgcolor="#FFFFFF">
    <FORM ACTION="login.asp" METHOD="post">
    <h3>Login</h3>
    <TABLE BORDER=0>
    <TR>
    <TD ALIGN="right">User name:</TD>
    <TD><INPUT TYPE="text" NAME="login" size="10" VALUE=''/></TD>
    </TR>
    <TR>
    <TD ALIGN="right">Password:</TD>
    <TD><INPUT TYPE="password" NAME="password" size="10" VALUE=''/></TD>
    </TR>
    <TR>
    <TD><input TYPE="hidden" NAME="requester" VALUE="<%=Server.HtmlEncode(Request("requester"))%>"></TD>
    <TD></TD>
    </TR>
    <TR>
    <TD align="left"><INPUT TYPE="submit" VALUE="Login"/></TD>
    <TD></TD>
    </TR>
    </TABLE>
    </FORM>
    </body>
    </html>


  5. Save page as login.asp.
  6. Create a new page and switch to Code view (or do this with any page you want to protect with a password).
  7. Above the opening <html> tag, paste in the following snippet.
    <%
    If Session("someStringValue") <> true Then
    Response.Redirect("Login.asp?requester=protected.asp")
    End If
    %>

  8. Save this page as protected.asp (or replace the requester text above from protected.asp to the page name you are protecting).
  9. Browse to protected.asp.

To password protect pages using ASP.NET


Here are steps to password protect pages using ASP.NET:



  1. Create a new page in your Web site and switch to code view.
  2. Select and delete all the code in the page.
  3. Paste in the following code.
    <html>
    <body>
    <h1>Please Log In</h1>
    <hr>
    <form runat="server">
    <table cellpadding="8">
    <tr>
    <td>User Name:</td>
    <td><asp:TextBox ID="UserName" RunAt="server" /></td>
    </tr>
    <tr>
    <td>Password:</td>
    <td><asp:TextBox ID="Password" TextMode="password" RunAt="server" /></td>
    </tr>
    <tr>
    <td><asp:Button Text="Log In" OnClick="OnLogIn" RunAt="server" /></td>
    <td></td>
    </tr>
    </table>
    </form>
    <hr>
    <h3><asp:Label ID="Output" RunAt="server" /></h3>
    </body>
    </html>
    <script language="C#" runat="server">
    void OnLogIn (Object sender, EventArgs e)
    {
    if (FormsAuthentication.Authenticate (UserName.Text, Password.Text))
    FormsAuthentication.RedirectFromLoginPage (UserName.Text, false);
    else
    Output.Text = "Invalid login";
    }
    </script>

  4. Save the page as loginpage.aspx.
  5. Create a new page and switch to code view.
  6. Select and delete the code in the page.
  7. Paste the following code into the new page.
    <configuration>
    <system.web>
    <authentication mode="Forms">
    <forms loginUrl="LoginPage.aspx">
    <credentials passwordFormat="Clear">
    <user name="Bruce" password="Batman"/>
    </credentials>
    </forms>
    </authentication>
    <authorization>
    <deny users="?" />
    </authorization>
    </system.web>
    </configuration>

  8. Save the page as web.config.

And that’s all there is to that. Any aspx pages in the same folder as the web.config file are protected.

Comments (27)

  1. Cp1der says:

    I tried this with a Test Site. Can’t get it to work? My Server has ASP.Net. Where do the pages get the: UserName? Don’t U have to have a: User Registration Page? If so, how do U configure that? If not, is theer just 1 User Name, & Password? I tried:

    UN=Batman/PW=Bruce, but nothing happens?

  2. Cp1der says:

    Have Test Site at:

    http://test.frtpg.biz/loginpage.aspx

    Tried UN=Bruce/PW=Batman

    Still doesn’t work!!!!

  3. Russ says:

    In the section, "To password protect pages using ASP.NET," there is a missing point. The <authentication> … </authentication> part of the web.config file can appear ONLY in the web.config file at the top-level (root) directory of the entire Web application. If you also put the <authorization> <deny users="?" /> </authorization> part here, the entire application will be password-protected.

    If you want to password protect only one folder then you need two web.config files: one at the root, containing the <authentication> …. </authentication> part, and another in the folder you want to protect, containing the <authorization> … </authorization> part.

    You will also need to move the LoginPage.aspx file to the root level, or else include the path to it in the <forms loginUrl= >.

    Hope this helps. I tried it and with these changes it does work.

  4. Micheal says:

    Hello,

    I really am thankful for all the help. Its exciting to see just how powerful Frontpage 2003 is.

    When I designed my site it was generic and had no themes. But as I go I change it around.

    Anyway the password protected pages. How do you assign password or even multiple. Maybe I’m missing something or didn’t read enough.

    thanks

  5. JW says:

    This all works, but now what it the username and password? thanks.

    Dumb and Dumber

  6. knightnet says:

    We tried to load a new page up with the code on the page we wanted pass worded, but could not develope the link to the second page for testing.  

    Need to know how to link the second page or pages we want password protected.  We wanted a page to be the entry point and then have it go to the protected page.  It is not real clear as to where to go, on setting up the link.

    Greg

  7. Anil says:

    I use comcast to host my family web site. Comcast’s server won’t support active server pages! So, it seems I can’t use any of the methods suggested above to password protect my site. Is there another way to protect the pages using just the basic FrontPage features (I mean without using database or asp).

    Any help is appreciated.

    Thanks

    Anil

  8. Todd says:

    Thanks for posting info about posting a password protected pages.   I went to http://jetstat.com and downloaded a free version of their asp logon that works with frontpage.  They also have a free tool that does diagnostics on your ISP machine.  Those tests are good to help your determine if you can run ASP on your site….  I’m not a sales guy for the product just tried it recently….

  9. Plz give some assistent for protecting frontpage files unautherised uses

    Thanks

  10. Debt Loan says:

    very informative site with lots of useful info

  11. Justin says:

    Good Code, Thanks for the help!

  12. Casi Dougal says:

    Wow! You saved my life (or at least my sanity) with the ASP.NETadvice. (I couldn’t get the FrontPage ASP solution to work however).

    Thank you for taking the time to post this info!  I was especially pleased to find that I can easily add multiple user accounts just by adding additional <user name…> tags in the web.config code.  Not the fanciest way to manage my site but the simplicity of your solution rocks!

    Please keep posting!  I’ve not run into other MSDN bloggers that provide such concise, useful, and easy to understand advice.

    In grateful reverence,

    -Casi

  13. Jeff says:

    I am trying to password protect a portion of a site.  I used your code for the asp.net and it works.  But all I need to do is get the correct redirrect to my index.htm file that is the URL to my home page.  Instead it has default.aspx.

    Thank you for your help so far, really cool to get this far.

    Jeff

    Server Error in ‘/’ Application.

    ——————————————————————————–

    The resource cannot be found.

    Description: HTTP 404. The resource you are looking for (or one of its dependencies) could have been removed, had its name changed, or is temporarily unavailable. Please review the following URL and make sure that it is spelled correctly.

    Requested Url: /default.aspx

    ——————————————————————————–

    Version Information: Microsoft .NET Framework Version:1.1.4322.2032; ASP.NET Version:1.1.4322.2032

  14. Jeff says:

    I named my page to the requested Url "Requested Url: /default.aspx" and it works great!  But I would like it to redirect to a new URL than the default.  Any Ideas would be great?  I am looking through the API to find something of intrest.

  15. Thanks!!! http://www.insurance-top.com/company/”>http://www.insurance-top.com/company/ car site insurance. [URL=http://www.insurance-top.com]home insurance[/URL]: auto insurance, insurance car, Best Insurance Web site
    . Also [url=http://www.insurance-top.com]cars insurance[/url] from website .

  16. Hi! http://www.insurance-top.com/company/ car site insurance. auto insurance, insurance car, Best Insurance Web site
    . from website .

  17. fuscipes says:

    I have tried several ways to set up a password protected page using Frontpage. Nothing works. I tried using the ASP wizard outlined here, but get an error message: "unable to establish database connection with the database."

    Any advice, please? I am just about ready to give up. Thanks.

  18. SurroundSound says:

    Great !!!!!

    How do contact Lisa Wollin to get a quotation for price on consulting or solution on asp page created on  frontpage and access database connection problem?

  19. to protect your password, you may need a good protection tool, you can try this one!

    http://www.shareware123.com/utility/security_encryption/security_administrator_41962.htm

  20. Andrew says:

    have also a look at the following password protection tool (it’s called Advanced HTML Encrypt and Password Protect):

    http://www.aevita.com/web/lock

    I have tried several tools and find personally this one very intuitive.

  21. MEM says:

    How to use the code is a bit clearer if you go to this site.  The code and where to place it is explained quite well.  

    http://www.orcsweb.com/articles/security1.aspx

Skip to main content