Search : 
  Powered by FindinSite

ASP Documentation
• Introduction
• Getting started
• Dynamic-CD wizard
Passwords & Encryption
• Overview
• Example 1
• Example 2
• The script language
• Script examples
• Database scripts
Technical details
• Applications
• Built-in objects
• Character Encoding
• Cookies
• Database CDs
• Development tips
• FAQs
• Future developments
• Global.asa
• Network support
• Object registration
• Resources
• ScriptingContext
• Server-side includes
• Sessions
• Technical limits
Script example 2

Controlling access to your CD
If you want to keep certain pages hidden, they can be password protected (password protection also encrypts the file so that the password protection cannot be by-passed).

Dynamic-CD handles password control and decryption independently of the script language, but there are circumstances where you may want more flexibility than that.

Controlling access to your CD with scripts
When the user selects a page that is password protected, Dynamic-CD asks them for the password before serving the page. This process does not involve scripts. For information about password protection and encryption without scripts, see the documentation.

If you want to keep your script files hidden from the user (they can after all inspect your CD when Dynamic-CD is not running), you can encrypt them with a Dynamic-CD "automatic" password. When Dynamic-CD is asked to process such a script file, it automatically decrypts the file in the background.

However, you might want to control access to your CD by using a script. To do this, use the  Server.enableUser  object as shown below .
(Look here for the specification of built-in Server methods).

'This file contains username and password information
'The file is encrypted so as to be hidden from the user
'The file is automatically decrypted by Dynamic-CD 
'  before being processed

ourUser = "susan"
ourPwd = "susan42"

    thisUser = trim( Request.Form( "userName"))
    thisPwd = trim( Request.Form( "userPwd"))
    IF thisUser = ourUser AND thisPwd = ourUserPwd THEN
      Server.enableUser( "access1", "accessPwd1")
      Server.enableUser( "access2", "accessPwd2")
    END IF

The script above checks that a valid userName and password have been entered and tells Dynamic-CD to store the combinations (access1, accessPwd1) and (access2, accessPwd2).

This means that protected pages that match these combinations will henceforth be automatically decrypted as Susan navigates the CD. Note that Susan has been asked for a single password and yet she now has access to two types of protected page.

Such techniques can be used to grant access to sections of your CD based on a "quality" of access - for example gold access could allow access to all pages, silver access to a subset, and bronze only to overview pages. See Passwords example 2 for an example of this technique.

© Copyright 2000-2007 PHD Computer Consultants Ltd