Password Protecting Web Pages

John Jansen, one of the FrontPage testers, sent me these three different ways to password protect pages in FrontPage.

Using a FrontPage site template and ASP
Using Code Snippets
Using ASP.NET

To password protect pages using a FrontPage site template and ASP

Here are specific steps to password protect pages using features built into FrontPage:

  1. From the File menu, click New.

  2. From the Web Site tab, select FrontPage Server Templates from the first list, and then select Database Interface Wizard from the second list.

  3. Type the location where you want to put your password protected page. This must be an Windows Web server running IIS.

  4. Click OK.

  5. In the Wizard…

    1. Click Next to create an ASP solution.
    2. Click Next to use the default name for the connection.
    3. Click Next to use the default columns in the table.
    4. Click Next after the DB is created.
    5. Click Next to use the default table.
    6. Check the box to use a Database Editor.
    7. Click Next.
    8. Choose a password and enter it.
    9. Click Next.
    10. Click Finish.
  6. After FrontPage finishes building the site, all of the necessary code for password protecting pages has been generated. In order to protect any new pages, simply put the following code:

     <!-- #include file=”login.asa” -->
    <%
    If Session(SiteId) <> true Then
    Response.Redirect(“login.asp?requester=<!--insert page name here-->”)
    End If
    %>
    

    above the <HTML> tag on any page and save as .asp.

To password protect pages using Code Snippets

Here are steps to create password protected pages using code snippets:

  1. Create a new site in FrontPage.

  2. Create a new page and switch to Code view.

  3. Delete all the code in the new page.

  4. Paste the following code as a code snippet.

     <%
    Username="user"
    Password="pass"
    ' if any of the variables do not match, create error message
    if Request.Form("login") <> Username or Request.Form("password") <> Password then
        MsgErr = "<h3>Authorization Failed.</h3>"
        Response.Write MsgErr
        ' if correct, set the session variable and proceed
    Else
        Session("someStringValue") = true
        ' redirect
        If Len(Request("requester")) > 0 Then
            Response.Redirect (Request("requester"))
        Else
            Response.Redirect "protected.asp"
        End if
    End if
    %>
    <html>
    <head>
        <title>Results -- Login</title>
        <meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
        <meta name="GENERATOR" content="Microsoft FrontPage 6.0">
        <meta name="ProgId" content="FrontPage.Editor.Document">
    </head>
    
    <body bgcolor="#FFFFFF">
        <FORM ACTION="login.asp" METHOD="post">
        <h3>Login</h3>
            <TABLE BORDER=0> 
                <TR>
                    <TD ALIGN="right">User name:</TD>
                    <TD><INPUT TYPE="text" NAME="login" size="10" VALUE=''/></TD>
                </TR>
                <TR>
                    <TD ALIGN="right">Password:</TD>
                    <TD><INPUT TYPE="password" NAME="password" size="10" VALUE=''/></TD>
                </TR>
                <TR>
                    <TD><input TYPE="hidden" NAME="requester" VALUE="<%=Server.HtmlEncode(Request("requester"))%>"></TD>
                    <TD></TD>
                </TR>
                <TR>
                    <TD align="left"><INPUT TYPE="submit" VALUE="Login"/></TD>
                    <TD></TD>
                </TR>
            </TABLE>
        </FORM>
    </body>
    </html>
    
  5. Save page as login.asp.

  6. Create a new page and switch to Code view (or do this with any page you want to protect with a password).

  7. Above the opening <html> tag, paste in the following snippet.

     <%
    If Session("someStringValue") <> true Then
        Response.Redirect("Login.asp?requester=protected.asp")
    End If
    %>
    
  8. Save this page as protected.asp (or replace the requester text above from protected.asp to the page name you are protecting).

  9. Browse to protected.asp.

To password protect pages using ASP.NET

Here are steps to password protect pages using ASP.NET:

  1. Create a new page in your Web site and switch to code view.

  2. Select and delete all the code in the page.

  3. Paste in the following code.

     <html>
    <body>
        <h1>Please Log In</h1>
        <hr>
        <form runat="server">
        <table cellpadding="8">
            <tr>
                <td>User Name:</td>
                <td><asp:TextBox ID="UserName" RunAt="server" /></td>
            </tr>
            <tr>
                <td>Password:</td>
                <td><asp:TextBox ID="Password" TextMode="password" RunAt="server" /></td>
            </tr>
            <tr>
                <td><asp:Button Text="Log In" OnClick="OnLogIn" RunAt="server" /></td>
                <td></td>
            </tr>
        </table>
        </form>
        <hr>
        <h3><asp:Label ID="Output" RunAt="server" /></h3>
        </body>
        </html>
        <script language="C#" runat="server">
            void OnLogIn (Object sender, EventArgs e)
            {
                if (FormsAuthentication.Authenticate (UserName.Text, Password.Text))
                    FormsAuthentication.RedirectFromLoginPage (UserName.Text, false);
                else
                    Output.Text = "Invalid login";
            }
        </script>
    
  4. Save the page as loginpage.aspx.

  5. Create a new page and switch to code view.

  6. Select and delete the code in the page.

  7. Paste the following code into the new page.

     <configuration>
        <system.web>
            <authentication mode="Forms">
            <forms loginUrl="LoginPage.aspx">
            <credentials passwordFormat="Clear">
        <user name="Bruce" password="Batman"/>
        </credentials>
        </forms>
        </authentication>
        <authorization>
        <deny users="?" />
        </authorization>
        </system.web>
    </configuration>
    
  8. Save the page as web.config.

And that’s all there is to that. Any aspx pages in the same folder as the web.config file are protected.

Comments

  • Anonymous
    July 12, 2005
    This is a cool site.<a href="http://www.yahoo.com">richa</a>
  • Anonymous
    August 11, 2005
    I tried this with a Test Site. Can't get it to work? My Server has ASP.Net. Where do the pages get the: UserName? Don't U have to have a: User Registration Page? If so, how do U configure that? If not, is theer just 1 User Name, & Password? I tried:
    UN=Batman/PW=Bruce, but nothing happens?
  • Anonymous
    August 11, 2005
    Have Test Site at:
    http://test.frtpg.biz/loginpage.aspx

    Tried UN=Bruce/PW=Batman

    Still doesn't work!!!!
  • Anonymous
    August 25, 2005
    In the section, "To password protect pages using ASP.NET," there is a missing point. The <authentication> ... </authentication> part of the web.config file can appear ONLY in the web.config file at the top-level (root) directory of the entire Web application. If you also put the <authorization> <deny users="?" /> </authorization> part here, the entire application will be password-protected.

    If you want to password protect only one folder then you need two web.config files: one at the root, containing the <authentication> .... </authentication> part, and another in the folder you want to protect, containing the <authorization> ... </authorization> part.

    You will also need to move the LoginPage.aspx file to the root level, or else include the path to it in the <forms loginUrl= >.

    Hope this helps. I tried it and with these changes it does work.
  • Anonymous
    September 15, 2005
    Hello,

    I really am thankful for all the help. Its exciting to see just how powerful Frontpage 2003 is.
    When I designed my site it was generic and had no themes. But as I go I change it around.
    Anyway the password protected pages. How do you assign password or even multiple. Maybe I'm missing something or didn't read enough.

    thanks
  • Anonymous
    October 04, 2005
    This all works, but now what it the username and password? thanks.
    Dumb and Dumber
  • Anonymous
    February 23, 2006
    We tried to load a new page up with the code on the page we wanted pass worded, but could not develope the link to the second page for testing.  
    Need to know how to link the second page or pages we want password protected.  We wanted a page to be the entry point and then have it go to the protected page.  It is not real clear as to where to go, on setting up the link.
    Greg
  • Anonymous
    February 23, 2006
    I use comcast to host my family web site. Comcast's server won't support active server pages! So, it seems I can't use any of the methods suggested above to password protect my site. Is there another way to protect the pages using just the basic FrontPage features (I mean without using database or asp).

    Any help is appreciated.

    Thanks
    Anil
  • Anonymous
    February 24, 2006
    Thanks for posting info about posting a password protected pages.   I went to http://jetstat.com and downloaded a free version of their asp logon that works with frontpage.  They also have a free tool that does diagnostics on your ISP machine.  Those tests are good to help your determine if you can run ASP on your site....  I'm not a sales guy for the product just tried it recently....
  • Anonymous
    February 26, 2006
    Plz give some assistent for protecting frontpage files unautherised uses


    Thanks
  • Anonymous
    March 21, 2006
    very informative site with lots of useful info
  • Anonymous
    March 30, 2006
    Good Code, Thanks for the help!
  • Anonymous
    April 04, 2006
    Wow! You saved my life (or at least my sanity) with the ASP.NETadvice. (I couldn't get the FrontPage ASP solution to work however).

    Thank you for taking the time to post this info!  I was especially pleased to find that I can easily add multiple user accounts just by adding additional <user name...> tags in the web.config code.  Not the fanciest way to manage my site but the simplicity of your solution rocks!

    Please keep posting!  I've not run into other MSDN bloggers that provide such concise, useful, and easy to understand advice.

    In grateful reverence,

    -Casi
  • Anonymous
    April 07, 2006
    I am trying to password protect a portion of a site.  I used your code for the asp.net and it works.  But all I need to do is get the correct redirrect to my index.htm file that is the URL to my home page.  Instead it has default.aspx.

    Thank you for your help so far, really cool to get this far.
    Jeff

    Server Error in '/' Application.
    --------------------------------------------------------------------------------

    The resource cannot be found.
    Description: HTTP 404. The resource you are looking for (or one of its dependencies) could have been removed, had its name changed, or is temporarily unavailable. Please review the following URL and make sure that it is spelled correctly.

    Requested Url: /default.aspx


    --------------------------------------------------------------------------------
    Version Information: Microsoft .NET Framework Version:1.1.4322.2032; ASP.NET Version:1.1.4322.2032
  • Anonymous
    April 08, 2006
    I named my page to the requested Url "Requested Url: /default.aspx" and it works great!  But I would like it to redirect to a new URL than the default.  Any Ideas would be great?  I am looking through the API to find something of intrest.
  • Anonymous
    June 04, 2006
    Thanks!!! http://www.insurance-top.com/company/">http://www.insurance-top.com/company/ car site insurance. [URL=http://www.insurance-top.com]home insurance[/URL]: auto insurance, insurance car, Best Insurance Web site. Also [url=http://www.insurance-top.com]cars insurance[/url] from website .
  • Anonymous
    June 04, 2006
    Hi! http://www.insurance-top.com/company/ car site insurance. auto insurance, insurance car, Best Insurance Web site. from website .
  • Anonymous
    June 04, 2006
    ringtones free
  • Anonymous
    July 25, 2006
    very useful info!Regards!
    [URL=http://snow.utoronto.ca/cgi/wbbb/gen_forum/config.pl?read=37406]how to be a travel agent[/URL]
    <a href=http://snow.utoronto.ca/cgi/wbbb/gen_forum/config.pl?read=37406>airfare</a>
    http://snow.utoronto.ca/cgi/wbbb/gen_forum/config.pl?read=37414
    <a href=http://snow.utoronto.ca/cgi/wbbb/gen_forum/config.pl?read=37376>cruise travel</a>
    [URL=http://snow.utoronto.ca/cgi/wbbb/gen_forum/config.pl?read=37417]alaska cruise and tours[/URL]
  • Anonymous
    August 01, 2006
    I have tried several ways to set up a password protected page using Frontpage. Nothing works. I tried using the ASP wizard outlined here, but get an error message: "unable to establish database connection with the database."
    Any advice, please? I am just about ready to give up. Thanks.
  • Anonymous
    August 09, 2006
    your site look great
    http://enpc3240.eas.asu.edu/HyperNews/get/cse532_spring2001/350.html
    <a href=http://www.newport30.org/cgi-bin/board/capitalYachts.pl?read=5134>celebrex</a>
    <a href=http://enpc3240.eas.asu.edu/HyperNews/get/cse532_spring2001/346.html>discount levitra</a>
    http://enpc3240.eas.asu.edu/HyperNews/get/cse532_spring2001/350.html
    <a href=http://www.newport30.org/cgi-bin/board/capitalYachts.pl?read=5131>allegra</a>
  • Anonymous
    August 15, 2006
    Great !!!!!
    How do contact Lisa Wollin to get a quotation for price on consulting or solution on asp page created on  frontpage and access database connection problem?
  • Anonymous
    August 22, 2006
    to protect your password, you may need a good protection tool, you can try this one!

    http://www.shareware123.com/utility/security_encryption/security_administrator_41962.htm
  • Anonymous
    September 03, 2006
    have also a look at the following password protection tool (it's called Advanced HTML Encrypt and Password Protect):

    http://www.aevita.com/web/lock

    I have tried several tools and find personally this one very intuitive.
  • Anonymous
    September 14, 2006
    How to use the code is a bit clearer if you go to this site.  The code and where to place it is explained quite well.  

    http://www.orcsweb.com/articles/security1.aspx


  • Anonymous
    September 24, 2006
    <a href="http://accupril5mg.blogspot.com">http://accupril5mg.blogspot.com</a> , <a href="http://flagyl200mg.blogspot.com">http://flagyl200mg.blogspot.com</a>