Customer Solutions

Customers

Web Audio

Hosting Services

Mac OS X

Unix / Linux

Windows

Security

Colocation

Resources

Browser

Developer

Support

Company Profile

Contacts

 
Welcome to Easy ASP Authentication
Download Easy Authentication

In actuality easy authentication is not a true authentication procedure, but, more a simple protection mechanism. This simple concept was born out of a need for protection where we had no access to a database mechanism nor did we have adequate access to the machine. If you see that there is a better way of doing some of these operations, please feel free to adjust the procedures. We, in most cases, were not allowed out of our customers box. Much to my dismay, any improvements to the system were often met with disappointment and required me to rewrite the enhancements out.

This system is based on the existance of password files and user folders. I knew that I could easily check for the existence of a file or folder and so I established a system by which the users name would be their root folder and the password would be a file contained therein. Users information is written to the users file in the info folder of the users root file. To give adequate protection to the usersnames and passwords I moved these files out of the wwwroot folder and into a POST folder. This incidently was the only place we were allowed to write anything. You could place these folders inside the root tree, but I would not suggest it. This would allow http access to these folders and files. If you are forced to, then you could possibly protect them through NT's file system, and allow asp access to these folders. Additionally, the system requires that you use vbscript as asp's default scripting mechanism, which it should be by default.

Here is the basic file layout (Figure 1)


All protected files are kept in the 'docs' folder inside the 'WWWroot' file, although you could protect them anywhere. Entry is required through an entry page where a cookie session is created and used for validation. These files are located in the 'Private' folder inside the 'WWWroot'. Administration Files are kept in the 'Admin' folder located in 'WWWroot'. The files used for protection of both the admin section and the private section are located in the 'includes' folder inside the 'WWWroot'. All User information and passwords used by the includes are kept in the 'Password' folder inside the 'POST' folder. Applicant information and passwords are kept inside the 'Applicants' Folder in the 'Post' Folder until moved by the admin. The Admin password is kept inside the 'admin' folder located in the 'Admin Pass' folder located in the 'Post' Folder. The username of the admin is admin and the initial password is "admin". If you wish to change the admin's username simple rename the folder called 'admin' inside the 'adminpass' folder. The temp file is for logging of all protected site activity. error.log is for all failed login attempts or page errors. log.txt is for all successful site activity this logging takes place inside the includes files and can be deleted or commented out.

Certain changes are required to make this system useable on another system. Because this system relies on the use of file paths. All file paths must reflect your system's directory tree, which should look something like figure 1 above. All location requiring the change are commented like so:

' ********************************************************************
' ******************** Input Your file path here *********************
' ********************************************************************
myself=("F:\Yourpath\post\password\")&Request.form("username")&("\")&Request.form("password")
' ********************************************************************

Where everything above "F:\YourPath" must accurately reflect the location of the files called upon. Additionally, an email is sent when a user requests access or the admin adds a user manually. These files require input to reflect the email accounts and smtp host you wish to receive this information. They, of course, can be deleted or commented out if not required. These are pages 'adduserdone.asp' in the 'admin' folder and regcomplete.asp' in the private folder. Aside from this, you must give asp write privileges in the post folder.

That's it. There are a lot of things I would have done differently if I had the leash. If you use this system, send me an email. I would like to know. Also, comments and input are greatly appreciated. Send all email to aspguy@cybermill.com

Thanks

Bob Minor
Cybermill Communications


©2004 Cybermill Communications
St. Louis, Missouri
314-962-4024