Password Protecting Web Pages

John Jansen, one of the FrontPage testers, sent me these three different ways to password protect pages in FrontPage.

Using a FrontPage site template and ASP
Using Code Snippets
Using ASP.NET

To password protect pages using a FrontPage site template and ASP

Here are specific steps to password protect pages using features built into FrontPage:

  1. From the File menu, click New.

  2. From the Web Site tab, select FrontPage Server Templates from the first list, and then select Database Interface Wizard from the second list.

  3. Type the location where you want to put your password protected page. This must be an Windows Web server running IIS.

  4. Click OK.

  5. In the Wizard…

    1. Click Next to create an ASP solution.
    2. Click Next to use the default name for the connection.
    3. Click Next to use the default columns in the table.
    4. Click Next after the DB is created.
    5. Click Next to use the default table.
    6. Check the box to use a Database Editor.
    7. Click Next.
    8. Choose a password and enter it.
    9. Click Next.
    10. Click Finish.
  6. After FrontPage finishes building the site, all of the necessary code for password protecting pages has been generated. In order to protect any new pages, simply put the following code:

     <!-- #include file=”login.asa” -->
    <%
    If Session(SiteId) <> true Then
    Response.Redirect(“login.asp?requester=<!--insert page name here-->”)
    End If
    %>
    

    above the <HTML> tag on any page and save as .asp.

To password protect pages using Code Snippets

Here are steps to create password protected pages using code snippets:

  1. Create a new site in FrontPage.

  2. Create a new page and switch to Code view.

  3. Delete all the code in the new page.

  4. Paste the following code as a code snippet.

     <%
    Username="user"
    Password="pass"
    ' if any of the variables do not match, create error message
    if Request.Form("login") <> Username or Request.Form("password") <> Password then
        MsgErr = "<h3>Authorization Failed.</h3>"
        Response.Write MsgErr
        ' if correct, set the session variable and proceed
    Else
        Session("someStringValue") = true
        ' redirect
        If Len(Request("requester")) > 0 Then
            Response.Redirect (Request("requester"))
        Else
            Response.Redirect "protected.asp"
        End if
    End if
    %>
    <html>
    <head>
        <title>Results -- Login</title>
        <meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
        <meta name="GENERATOR" content="Microsoft FrontPage 6.0">
        <meta name="ProgId" content="FrontPage.Editor.Document">
    </head>
    
    <body bgcolor="#FFFFFF">
        <FORM ACTION="login.asp" METHOD="post">
        <h3>Login</h3>
            <TABLE BORDER=0> 
                <TR>
                    <TD ALIGN="right">User name:</TD>
                    <TD><INPUT TYPE="text" NAME="login" size="10" VALUE=''/></TD>
                </TR>
                <TR>
                    <TD ALIGN="right">Password:</TD>
                    <TD><INPUT TYPE="password" NAME="password" size="10" VALUE=''/></TD>
                </TR>
                <TR>
                    <TD><input TYPE="hidden" NAME="requester" VALUE="<%=Server.HtmlEncode(Request("requester"))%>"></TD>
                    <TD></TD>
                </TR>
                <TR>
                    <TD align="left"><INPUT TYPE="submit" VALUE="Login"/></TD>
                    <TD></TD>
                </TR>
            </TABLE>
        </FORM>
    </body>
    </html>
    
  5. Save page as login.asp.

  6. Create a new page and switch to Code view (or do this with any page you want to protect with a password).

  7. Above the opening <html> tag, paste in the following snippet.

     <%
    If Session("someStringValue") <> true Then
        Response.Redirect("Login.asp?requester=protected.asp")
    End If
    %>
    
  8. Save this page as protected.asp (or replace the requester text above from protected.asp to the page name you are protecting).

  9. Browse to protected.asp.

To password protect pages using ASP.NET

Here are steps to password protect pages using ASP.NET:

  1. Create a new page in your Web site and switch to code view.

  2. Select and delete all the code in the page.

  3. Paste in the following code.

     <html>
    <body>
        <h1>Please Log In</h1>
        <hr>
        <form runat="server">
        <table cellpadding="8">
            <tr>
                <td>User Name:</td>
                <td><asp:TextBox ID="UserName" RunAt="server" /></td>
            </tr>
            <tr>
                <td>Password:</td>
                <td><asp:TextBox ID="Password" TextMode="password" RunAt="server" /></td>
            </tr>
            <tr>
                <td><asp:Button Text="Log In" OnClick="OnLogIn" RunAt="server" /></td>
                <td></td>
            </tr>
        </table>
        </form>
        <hr>
        <h3><asp:Label ID="Output" RunAt="server" /></h3>
        </body>
        </html>
        <script language="C#" runat="server">
            void OnLogIn (Object sender, EventArgs e)
            {
                if (FormsAuthentication.Authenticate (UserName.Text, Password.Text))
                    FormsAuthentication.RedirectFromLoginPage (UserName.Text, false);
                else
                    Output.Text = "Invalid login";
            }
        </script>
    
  4. Save the page as loginpage.aspx.

  5. Create a new page and switch to code view.

  6. Select and delete the code in the page.

  7. Paste the following code into the new page.

     <configuration>
        <system.web>
            <authentication mode="Forms">
            <forms loginUrl="LoginPage.aspx">
            <credentials passwordFormat="Clear">
        <user name="Bruce" password="Batman"/>
        </credentials>
        </forms>
        </authentication>
        <authorization>
        <deny users="?" />
        </authorization>
        </system.web>
    </configuration>
    
  8. Save the page as web.config.

And that’s all there is to that. Any aspx pages in the same folder as the web.config file are protected.