Creating a Login Process Creating a users table and a unauthorized users

advertisement
Creating a Login Process
Creating a users table and a
login form that denies access to
unauthorized users
Creating a Login Process
Logging users in is an eight-step process:
First, create a database containing a users table.
Second, type into the users table the names and
passwords of your authorized users.
Third, create the login form.
Fourth, create the page to which users will be sent if
they log on successfully.
Fifth, create the page to which users will be sent
when they are denied access.
Sixth, create a connection to the database containing
the table of authorized users.
Seventh, add a login server behavior to the login page.
Finally, add a restrict access behavior to the other
secret pages at your site.
Create the Database
Start Microsoft Access, pull down its
File menu, and choose the option to
create a new blank database.
When the File New Database dialog
appears, name the database
TopSecret.mdb, and save it in a
folder that is not in Web space.
Create the Users Table
Double-click the option to create a table in
Design view. When the Table window opens,
create the following four fields. After you
type each Field Name, press the Tab key, and
a pull-down menu appears in the Data Type
column. Pull down that menu and make the
field’s data type match the ones illustrated
here:
Save the Users Table
Pull down the File menu and choose
Save; when the Save dialog appears,
name the table Users.
When Access asks if you want a
primary key, say yes.
Access will make UserID the primary
key, because the autonumber data
type makes each user have a unique
UserID.
Populate the Users Table
Close the table by clicking its close
icon. Then double-click the name of
the table to open it in data entry
mode. Type the following records into
the table:
Create the Login Page
Use Dreamweaver to open the site in which
you want to create the login form.
Pull down the File menu and choose New to
bring up the New Document dialog.
Select the Dynamic Page category to make
the Dynamic Page options appear.
Select ASP JavaScript and click the
Create button; the new page appears.
Pull down the File menu, choose Save, and
save the file in your site’s local root folder.
Create the Login Form
Set the Insert toolbar’s menu to forms.
Insert a form and create the following two
text fields:
username
password
Insert labels to identify the username and
password fields.
Insert a submit button and make its text
be Login.
Use Dreamweaver to format the form as
you wish, then save the file.
Create the Success Page
After the user logs in, there must be
a page to which the user will be sent.
This is normally the site’s default
page.
If this page does not exist, you must
create it now.
Create the Rejection Page
If the login attempt fails, the user
will be sent to a rejection page.
The rejection page often explains
that access to the site requires an
authorized username and password.
You may include instructions on how
to get a logon, and you may include a
link to the login page.
If the rejection page does not exist,
you must create it now.
Make the Database Connection
In the Databases panel (Window >
Databases) create a database
connection to the database containing
the table of authorized users.
Remember that the connection string
has the form:
"Provider=Microsoft.Jet.OLEDB.4.0;Data Source=C:\
webs.oet.udel.edu\fthstudents\databases\
yourLastName\TopSecret.mdb“
Add a Login Server Behavior
Open the login page containing your
login form.
In the Server Behaviors panel
(Window > Server Behaviors), click
the Plus (+) button and select User
Authentication > Log In User.
When the Log In User dialog box
appears, complete the settings to
match your login requirements.
Log In User Dialog Settings
Publish and Test
Publish the site and test it.
Try logging on as a valid user. Do you
get in OK?
Enter bogus credentials in the login
form. Does it reject you?
Troubleshoot any problems until you
get the login process working.
Secure Other Pages
You can and should protect other
pages at your site from access by
unauthorized users.
To protect a page, open it with
Dreamweaver.
In the Server Behaviors panel
(Window > Server Behavior) click the
Plus (+) button and select User
Authentication > Restrict Access to
Page. Note: Protected pages must be one of the
dynamic page types, such as asp.
Restrict Access to Page Dialog
Download