How to use a database for user names and passwords in FrontPage 2002 (321439)


The information in this article applies to:

  • Microsoft FrontPage 2002
This article was previously published under Q321439
For a Microsoft FrontPage 2000 version of this article, see 321503.

IN THIS TASK

SUMMARY

This step-by-step article explains how to create a simple file security solution by using Microsoft FrontPage 2002, Active Server Pages (ASP), and a Microsoft Access database.

Important notes

  • The sample code in this article is not designed as a replacement for the FrontPage built-in security functionality. The samples are designed to provide a simple security mechanism only for users who are browsing to your Web site. As such, FrontPage 2002 security does not integrate with the user names and passwords that are added to the Microsoft Access database.
  • The user names and passwords that are typed in are transmitted across the Internet in plain text. For greater security, Microsoft recommends that you use a Web server that can use Secure Sockets Layer (SSL) encryption. For more information, please ask your Web site administrator or Internet Service Provider (ISP).
back to the top

Step 1 - Get ready to use the ASP features in FrontPage 2002

Before you can use the ASP features in FrontPage 2002, you must install the components that are listed in the following Microsoft Knowledge Base article:

318287 What you need to use Active Server Pages (ASP) in FrontPage 2002

Step 2 - Create a new Web in FrontPage 2002

Note For this sample code to work correctly, you must make sure that the Web name is LOGON, and that it is a subweb off the root of your Web site.
  1. On the File menu, click New, and then click Page or Web.
  2. In the task pane, click Web Site Templates.
  3. In the list of templates, click Empty Web.
  4. Specify the location of the Web on your server by using the following syntax

    http://your server/logon/

    where your server is the name of your ASP-enabled Web server.
  5. Click OK.
back to the top

Step 3 - Create a database by using Microsoft Access

  1. Start Microsoft Access.
  2. On the File menu, click New.
  3. In the list of choices, click Blank Database.
  4. Name the file logon.mdb and save it to your desktop.
  5. In the Tables section, click New.
  6. In the list, click Design View, and then click OK.
  7. Create two fields:
    1. For the Field Name, type UID. For the Data Type, click Text, and then click Primary Key.
    2. For the Field Name, type PWD. For the Data Type, click Text.
  8. On the File menu, click Save. Name the table tblUsers, and then click OK.
  9. On the View menu, click Datasheet View.
  10. In the UID column, type testuser. In the PWD column, type password.
  11. On the File menu, click Close to close the table.
  12. Quit Microsoft Access.
Note For security reasons, passwords are restricted to a mixture of uppercase letters, lowercase letters, and numbers.

back to the top

Step 4 - Import the Microsoft Access database

  1. On the File menu, click Import.
  2. Click Add File.
  3. In the Look in list, click your desktop.
  4. Click the logon.mdb file that you created in Step 3, and then click Open.
  5. Click Modify.
  6. Change the URL to _private/logon.mdb, and then click OK.
  7. Click OK to import the file.
  8. If you are prompted to add a database connection, click No.
back to the top

Step 5 - Create the ASP pages

You must create several files to work with this sample. First, you create a home page for your Web site, an unsecure page and a secure page for testing, and then the logon Web page and the logon include file.

Step 5a - Create the Home Page

This page serves as the default page for your site and includes links to the unsecure page and secure page that you will create later.
  1. On the FrontPage toolbar, click New Page.
  2. Switch to HTML view, and then delete all the existing HTML code.
  3. Type or paste the following code into the page:
    <% @language="vbscript" %>
<html>
<head><title>Home Page</title></head>
<body>
<h3>Home Page</h3>
<p>You are logged on as: 
<%
  If Len(Session("UID")) = 0 Then
    Response.Write "<b>You are not logged on.</b>"
  Else
    Response.Write "<b>" & Session("UID") & "</b>"
  End If
%>
</p>
<ul>
<li><a href="secure.asp">Secure Page</a></li>
<li><a href="unsecure.asp">Unsecure Page</a></li>
</ul>
</body>
</html>
  4. Save the page as default.asp in the root folder of your Web.
  5. Close the page by clicking Close on the File menu.
back to the top

Step 5b - Create an unsecure page

This page is a basic ASP page that anyone can browse.
  1. On the FrontPage toolbar, click New Page.
  2. Switch to HTML view, and then delete all the existing HTML code.
  3. Type or paste the following code into the page:
    <% @language="vbscript" %>
<html>
<head><title>Unsecure Page</title></head>
<body>
<h3>Unsecure Page</h3>
<p>You are logged on as: 
<%
  If Len(Session("UID")) = 0 Then
    Response.Write "<b>You are not logged on.</b>"
  Else
    Response.Write "<b>" & Session("UID") & "</b>"
  End If
%>
</p>
<p><a href="default.asp">Back to default</a></p>
</body>
</html>
  4. Save the page as default.asp in the root folder of your Web.
  5. Close the page by clicking Close on the File menu.
back to the top

Step 5c - Create a secure page

The page in this step is the same as the unsecure page that you created in Step 5b, except that you add the following line of code near the top of the page: 
<!--#include virtual="/logon/_private/logon.inc"-->
Adding this line of code to any ASP Web page makes the page a "secure" Web page.
  1. On the FrontPage toolbar, click New Page.
  2. Switch to HTML view, and then delete all the existing HTML code.
  3. Type or paste the following code into the page:
    <% @language="vbscript" %>
<!--#include virtual="/logon/_private/logon.inc"-->
<html>
<head><title>Secure Page</title></head>
<body>
<h3>Secure Page</h3>
<p>You are logged on as: 
<%
  If Len(Session("UID")) = 0 Then
    Response.Write "<b>You are not logged on.</b>"
  Else
    Response.Write "<b>" & Session("UID") & "</b>"
  End If
%>
</p>
<p><a href="default.asp">Back to default</a></p>
</body>
</html>
  4. Save the page as secure.asp in the root folder of your logon Web.
  5. Close the page by clicking Close on the File menu.
back to the top

Step 5d - Create the logon page

The logon page is designed to resemble a standard Windows logon dialog box. Users who try to access the secure page are sent to this page to type their user name and password.
  1. On the FrontPage toolbar, click New Page.
  2. Switch to HTML view, and then delete all the existing HTML code.
  3. Type or paste the following code into the page:
    <% @language="vbscript" %>
<!--#include virtual="/logon/_private/logon.inc"-->
<%
  ' Was this page posted to?
  If UCase(Request.ServerVariables("HTTP_METHOD")) = "POST" Then
    ' If so, check the username/password that was entered.
    If ComparePassword(Request("UID"),Request("PWD")) Then
      ' If comparison was good, store the user name...
      Session("UID") = Request("UID")
      ' ...and redirect back to the original page.
      Response.Redirect Session("REFERRER")
    End If
  End If
%>
<html>
<head><title>Logon Page</title>
<style>
body  { font-family: arial, helvetica }
table { background-color: #cccccc; font-size: 9pt; padding: 3px }
td    { color: #000000; background-color: #cccccc; border-width: 0px }
th    { color: #ffffff; background-color: #0000cc; border-width: 0px }
</style>
</head>
<body bgcolor="#000000" text="#ffffff">
<h3 align="center">&#xa0;</h3>
<div align="center"><center>
<form action="<%=LOGON_PAGE%>" method="POST">
<table border="2" cellpadding="2" cellspacing="2">
  <tr>
    <th colspan="4" align="left">Enter User Name and Password</th>
  </tr>
  <tr>
    <td>&#xa0;</td>
    <td colspan="2" align="left">Please type your user name and password.</td>
    <td>&#xa0;</td>
  </tr>
  <tr>
    <td>&#xa0;</td>
    <td align="left">Site</td>
    <td align="left"><%=Request.ServerVariables("SERVER_NAME")%> &#xa0;</td>
    <td>&#xa0;</td>
  </tr>
  <tr>
    <td>&#xa0;</td>
    <td align="left">User Name</td>
    <td align="left"><input name="UID" type="text" size="20"></td>
    <td>&#xa0;</td>
  </tr>
  <tr>
    <td>&#xa0;</td>
    <td align="left">Password</td>
    <td align="left"><input name="PWD" type="password" size="20"></td>
    <td>&#xa0;</td>
  </tr>
  <tr>
    <td>&#xa0;</td>
    <td colspan="2" align="center"><input type="submit" value="LOGON"></td>
    <td>&#xa0;</td>
  </tr>
</table>
</form>
</center></div>
</body>
</html>
  4. Save the page as logon.asp in the root folder of your logon Web.
  5. Close the page by clicking Close on the File menu.
back to the top

Step 5e - Create the logon include file

This include file provides the user name and password functionality and is used by both the secure page and the logon page.
  1. On the FrontPage toolbar, click New Page.
  2. Switch to HTML view, and then delete all the existing HTML code.
  3. Type or paste the following code into the page:
    <%
  ' Do not cache this page.
  Response.CacheControl = "no-cache"

  ' Define the name of the users table.
  Const USERS_TABLE  = "tblUsers"
  ' Define the path to the logon page.
  Const LOGON_PAGE   = "/logon/logon.asp"
  ' Define the path to the logon database.
  Const MDB_URL      = "/logon/_private/logon.mdb"

  ' Check to see whether you have a current user name.
  If Len(Session("UID")) = 0 Then
    ' Are you currently on the logon page?
    If LCase(LOGON_PAGE) <> LCase(Request.ServerVariables("URL")) Then
      ' If not, set a session variable for the page that made the request...
      Session("REFERRER") = Request.ServerVariables("URL")
      ' ...and redirect to the logon page.
      Response.Redirect LOGON_PAGE
    End If
  End If

  ' This function checks for a username/password combination.
  Function ComparePassword(UID,PWD)
    ' Define your variables.
    Dim strSQL, objCN, objRS
    ' Set up your SQL string.
    strSQL = "SELECT * FROM " & USERS_TABLE & _
      " WHERE (UID='" & ParseText(UID) & _
      "' AND PWD='" & ParseText(PWD) & "');"
    ' Create a database connection object.
    Set objCN = Server.CreateObject("ADODB.Connection")
    ' Open the database connection object.
    objCN.Open "driver={Microsoft Access Driver (*.mdb)}; dbq=" & _
      Server.MapPath(MDB_URL) & "; uid=admin; pwd="
    ' Run the database query.
    Set objRS = objCN.Execute(strSQL)
    ' Set the status to true/false for the database lookup.
    ComparePassword = Not(objRS.EOF)
    ' Close your database objects.
    Set objRS = Nothing
    Set objCN = Nothing
  End Function

  ' This function restricts text to alpha-numeric data only.
  Function ParseText(TXT)
    Dim intPos, strText, intText
    For intPos = 1 TO Len(TXT)
      intText = Asc(Mid(TXT,intPos,1))
      If (intText > 47 And intText < 58) Or _
         (intText > 64 And intText < 91) Or _
         (intText > 96 And intText < 123) Then
          strText = strText & Mid(TXT,intPos,1)
      End if
    Next
    ParseText = strText
  End Function
%>
  4. Save the page as logon.inc in the _private folder of your logon Web.
  5. Close the page by clicking Close on the File menu.
back to the top

Step 6 - Test the logon web

  1. In the FrontPage Folder List, click default.asp. On the FrontPage toolbar, click Preview in Browser.
  2. Your browser now loads the sample home page and shows that you are not logged on.
  3. Click the link for the unsecure page. The page loads and shows that you are not logged on. Click the link back to the default page.
  4. Click the link to the secure page. The logon page loads instead of the secure page.
  5. Type testuser for the user name, type password for the password, and then click LOGON.
  6. The secure page appears and shows that you are logged on as testuser. Click the link back to the default page.
  7. The sample home page loads and shows that you are logged on as testuser.
  8. Click the link for the unsecure page. The page loads and shows that you are logged on as testuser.
back to the top

Customize the logon sample

You can customize the logon sample in the following ways:
  • Add user names and passwords: You can open the database by double-clicking it in FrontPage and then add users to the tblUsers table.
  • Secure other Web pages: To secure another Web page in your Web, you must save the file with an ASP file name extension, for example, mypage.asp, and then add the following two lines to the very top of the file: 
    <% @language="vbscript" %>
<!--#include virtual="/logon/_private/logon.inc"-->
    The first line specifies that you are using Microsoft Visual Basic Scripting Edition (VBScript) for your scripting language, and the second line includes the user name and password functionality from the logon include file that you created earlier.
back to the top

REFERENCES

For more information about integrating Active Server Pages (ASP) with databases and security, click the following article numbers to view the articles in the Microsoft Knowledge Base:

299987 How to use database and ASP sessions to implement ASP security

300382 How to create a database connection from an ASP page in IIS

back to the top
Modification Type:MajorLast Reviewed:9/19/2005
Keywords:kbDatabase kbASP kbProgramming kbHOWTOmaster KB321439
©2004 Microsoft Corporation. All rights reserved.