ASP 101 - Active Server Pages 101 - Web01
The Place ASP Developers Go!



Windows Technology Windows Technology
15 Seconds
4GuysFromRolla.com
ASP 101
ASP Wire
VB Forums
VB Wire
WinDrivers.com
internet.commerce internet.commerce
Partners & Affiliates
ASP 101 is an
internet.com site
ASP 101 is an internet.com site
IT
Developer
Internet News
Small Business
Personal Technology

Search internet.com
Advertise
Corporate Info
Newsletters
Tech Jobs
E-mail Offers

ASP 101 News Flash ASP 101 News Flash



 Top ASP 101 Stories Top ASP 101 Stories
Connections, Commands, And Procedures
What is ASP?
VBScript Classes: Part 1 of N

QUICK TIP:
Don't Forget that Final /
Show All Tips >>
ASP 101 RSS Feed ASP 101 Updates


Quick Tips


Basic Authentication at its Most Basic

Basic authentication has gotten a bad reputation over the years. So it's not as flexible as forms authentication and not as secure as NT Challenge Response, it has something going for it that neither of these does - it's basic - as in simple!

Normally authentication is handled via IIS, but what if you're with a hosting company and don't have easy access to IIS or the NTFS permissions? Well, take a look at this little script. Without securing it via NTFS or changing any settings in IIS, you can upload this file and unless the users knows a valid login and password for the server, they won't be able to see the protected page contents. Pretty slick huh?

<%@ Language="VBScript" %>
<% Option Explicit
If Request.ServerVariables("AUTH_USER") = "" Then
    Response.Status = "401 Unauthorized"
    Response.AddHeader "WWW-Authenticate", "Basic"
    Response.End
End If
%>
<html>
<head>
<title>Authentication Sample</title>
</head>
<body>
<p>
Stuff you need to be authenticated to see!
</p>
</body>
</html>

Now please realize that unless combined with something like SSL, using this type of script is highly insecure and results in your username and password being transmitted in plain text, but then again not everything we do on the web is mission critical now is it? What real harm is there if someone breaks into the admin page to that web site that displays pictures of your last vacation. Granted you don't want just anyone to be able to add or delete pictures, but if someone wants to spend the time and effort to hack in, what's the worst case scenario -- you have to change your password and re-upload the pictures?


Previous      Show All Tips      Next

If you have a tip you would like to submit, please send it to: webmaster@asp101.com.


Home |  News |  Samples |  Articles |  Lessons |  Resources |  Forum |  Links |  Search |  Feedback

Internet.com
The Network for Technology Professionals

Search:

About Internet.com

Legal Notices, Licensing, Permissions, Privacy Policy.
Advertise | Newsletters | E-mail Offers