ASP authentication

NEWBIE !

Hi. I hope someone can help me as I begin my challenge of setting up a username and password protected area of my website.

I have a windows IIS based server run by an ISP (midphase)

I was hoping that setting up protected url (members folder) with a username and password, through the plesk control panel, would save the username and password to a file, so I could look at the file progrmatically with some ASP code, to verify the username and password entered into the windows authentication popup box.

I have a third party subscription company who need to access a file to add new subscribers usernames and passwords to on my server as they pay (CCBill)

But it seems this is not as simple as I hoped.

So the other way is to use an SQL database with ODBC connection, and a form based login page. So this is where I need some help, or at least pointed in the write direction.

I know a small amount of ASP .. the website is

(URL address blocked: See forum rules)

....

Many Thanks
Austin100.

There are two ways to go about creating a secured area on your site when using IIS. One is to implement permissions, obviously not doable unless you want to give a third party access to your control panel. The second is to perform your authentication programmatically. In other words, each page would perform a check before it loads. This, of course, will require a site built in ASP or the like. Standard HTML or its variants won't do the trick. While you could implement some client-side coding, it's not reliable nor secure. Even with server-side scripting it's not as secure as native permissions, but it generally provides enough security for most purposes.

That being said, you'll need to develop either a flat file or a database to house your authenticated user list. Next, your pages will need to verify this list before generating output. And third, if you want to do this properly, would be to integrate an SSL certificate.

A couple of things to keep in mind:

1. A database is more reliable than a flat file.
2. Your data should be stored in an encrypted format.
3. Your data file or database should be housed in a separate, protected directory that only allows access to the local machine and your third-party service. (Preferably in a level above your web root.)

You might look around www.aspin.com and other asp download sites, there are asp user management/login apps available. If you can modify the server there are some isapi authentication apps too.

Just FYI, the control panel at my IIS webhost allows me to setup and use up to 5 or 10 different windows user accounts for my hosted site, and manipulate the permissions on the web to allow/disallow these users to various sections.