Expression >
Forums Home
>
Expression Studio Forums
>
Expression Web and SuperPreview
>
Third Party Password Protection Question
Third Party Password Protection Question
- Can anyone recommend a thirdy party add-on, which will allow a single folder within my website to be password protected and allow multiple users, and will work with EW3?
Thanks,
Bob
All Replies
- What kind of server is the site on?
If Apache/UNIX and you have a web msters Cpanel check out the web protect feature.
It will do exactly what you want.
Expression Web MVP - Any good web host will have a way to password protect a folder in your control panel, it doesn't matter if to isa Linux or Windows host.
MS MVP Expression Tutorials & Help http://by-expression.com and online instructor led Expression Classes - I am running on a Windows Server, I have an ASPX website, and, from VERIO's end, I can only assign a single password to any individual folder. I have already gone round and round with them on this, and I would have to go back to UNIX to have the features of multi-user control.
I have had no luck setting up an ASP membership site, as Jim Cheshire has in one of his tutorials, and, at any rate, his tutorial is for the entire website, not a single folder within a website. Surely, somebody must have software to do this, I have visited many sites that have a membership section.
Or.....can EW3 create a subweb, like FP used to, or is that feature no longer available.
Thanks, Bob The asp.net membership (not asp, asp.net) will certainly work. It's not clear what you tried and why it won't work. (The most likely reason is that you didn't upload or recreate the required database on your host - the mechanism varies by host - but that's just a guess on my part.)
As to subwebs: well, you can create a folder in your web, right-click it, and select Convert to Subsite. ...But that has nothing to do with your question about passwords. It's just a mechanism for EW to treat that area as a separately edited website.
Curious: You mention one directory that multiple people can access. What functionality are you creating that requires each user to have separate usernames and passwords? In the simplest case - all users having access to the same content in that directory - you could use the directory username/password that can be set up, and give it to all users you want to have access. Clearly that's not the way you'd handle tracking individual users and offering separate/secure content to individual users, but are you doing that? Just wondering if the simplest solution will work for your case.- Thanks for responding Kathy. The reason that I need to have multiple login and passwords for the "protected folder", is that the folder contains sensitive company documents, such as pricing lists, technical data, and product information that our worldwide sales force needs to access remotely. I need the ability to disable any of these users, should they leave the company or be deemed a security risk. A common pasword couldn't work because I would have to be constantly changing it.
I must be missing something regarding the "Convert to Subsite". In my version of EW3 (3.01672.0), there is no such option by right clicking on any existing folder or a newly created one, nor is there any mention of it in the Help file.
As for the ASP membership tutorial, I can get about 90 percent through Jim C's tutor, but I get hung up on the final steps. I can connect to the server database that I created, but can't get any of the logins or passwords to work. I am not expert enough on this subject and my service provider is ignorant on the subject to boot.
Currently I am using a PHP login script which allows multiple user login/passwords to get to a protected page, where they can hyperlink to the file they need to view, but it is not 100% secure. If someone knows the exact file name and the exact web path, one could access the "contents" within the protected folder.
Bob - The subsite solution will only work on a website running the FrontPage
extensions, or a local site using hidden meta data.
There is a tutorial at
http://aspnet.4guysfromrolla.com/articles/120705-1.aspx which may help with
asp.NET membership.
Ron Symonds
Microsoft MVP (Expression Web)
www.rxs-enterprises.org/fp - Well, the asp.net membership controls were created to make easy the job you are trying to do. But if you are heading in the PHP direction that's another story.
IF asp.net is an option for you, then I would recommend you buy Scott Mitchell's book "Sams teach yourself asp.net 2.0 in 24 hours" . That book will walk you entirely through the proceess of creating a membership based website, including how to set up the aspnetdb.mdf database and how to link your "business" tables to it.
You would also need SQL Express (it's free) on your computer to use the default membership stuff, and a host that supports SQL 2005. Some other suggested resources are here, including material on how to move your SQLExpress database to the hosts SQL2005 database:
http://www.homepagedoctor.com/ExpressionTutorials/CreatingMembershipSite.htm
The membership controls do the heavy lifting code for you, but there will still be places you need to duck into the code to get all the way home.
ClarkNK, A.K.A. HomePage Doctor
HomePageDoctor.com -- Expression Web database tutorials
Ownertrades.com -- Created with FP, Access, Bots and Wizards
MyNumbersTracker.com -- Created with Expression, VWDExress, SQL Express, and ASP.NET. - "I must be missing something regarding the "Convert to Subsite". In my version of EW3 (3.01672.0), there is no such option by right clicking on any existing folder or a newly created one, nor is there any mention of it in the Help file.
"
That option exists for local PC sites, on an IIS site set up as a seperate website on my PC, but not on an IIS site that is already a subsite of an existing IIS site on my PC. I don't know if it exists on a live site on your host since I never edit live sites. [Of course, this is off topic now, since it does't impact your password question, as I mentioned in my first post.] You can use aps.net membership on just a single folder. You can use classic asp on a single folder and you can use php on a single folder. You do need a database to manage the folder permission though I think there are a few xml based datasource options as well.
What you need to do to use the asp.net membership controls on a single folder is to set that folder as a web application. Its been a couple of years since I've done it but it is possible.
MS MVP Expression Tutorials & Help http://by-expression.com and online instructor led Expression Classes- Thanks Cheryl, can you link me to a step by step procedure for doing what you just said regarding the asp on a single folder? I tried the procedures described in the Homepagedoctor link, but fell short at the end with internal errors.
Thanks,
RTM - asp.net not asp, you set the folder you want to protect as an application root folder in your hosting control panel. Then follow the normal procedures for creating a membership site with that folder as the application root. There are also some third party controls you can purchase that will do it for you. I don't have a link to a tutorial but you are looking for general asp.net membership tutorial not Expression Web tutorials. In fact, it is better to do it in Visual Web Developer Express or Visual Studio than EW since it is really programming not web design.
MS MVP Expression Tutorials & Help http://by-expression.com and online instructor led Expression Classes - Just a short note to amplify slightly on Cheryl's response. Depending upon your control panel, the command or icon to create or designate a folder as application root may be shown as "Create Virtual Directory." The screen that comes up when that is selected will have a checkbox or radio button for "As Application." That is the way that Plesk 8.1 designates it, and others may as well.
Also as Cheryl pointed out, this is much more easily accomplished using VWD, and you may want to check out http://forums.asp.net/ for more information on this, as they focus on VWD/Visual Studio and ASP.NET, and the .NET languages, and have probably addressed this question quite often, so a search of their archives and/or FAQs might net you just what you're looking for fairly quickly.
cheers,
scott
Plural's don't have apostrophe's. It seem's sometime's that any word's ending in "s" get a gratuitous apostrophe. Apostrophe's are used to indicate possessive's and elision's (contraction's or abbreviation's). - Doesn't ASP.NET allow you to password protect a folder just by using the web.config file? If so, then the OP could just manually control the user/pass access. Might the the simplest, quickest solution.
--
Chris Hanscom - Microsoft MVP
On Facebook | On Twitter | Resource Center | Veign's Blog | Web Development Help
Get a Complete Website Analysis by Veign - It does, but AFAIK the OP would still have to set a virtual directory as application. Also, I had the idea that he wanted a membership site. Protecting the folder containing the web.config is fairly simple if all you need is a single login, but I'm thinking that managing multiple usernames/passwords is going to be much more effectively handled with a database solution.
cheers,
scott
Plural's don't have apostrophe's. It seem's sometime's that any word's ending in "s" get a gratuitous apostrophe. Apostrophe's are used to indicate possessive's and elision's (contraction's or abbreviation's). - Agreed. The database might be easier to manage but it depends on the OP. Might be quicker to start Notepad, open the web.config file and edit users as needed. If he will be modifying users infrequently then the web.config might be the best solution as it can be up and running in minutes.
Quick search yielded this for the OP:
http://www.aspspider.com/qa/ViewQuestion.aspx?QuestionId=3443
--
Chris Hanscom - Microsoft MVP
On Facebook | On Twitter | Resource Center | Veign's Blog | Web Development Help
Get a Complete Website Analysis by Veign - Chris, you can password protect using the web.config file and it can be done from the website root for a subfolder assuming the root is an application and I show how to do it in my book but it appeared the OP wanted to be able to add/remove a multiple users with separate accounts & passwords. That is much easier to do using a database/forms authentication and the membership classes.
MS MVP Expression Tutorials & Help http://by-expression.com and online instructor led Expression Classes - Depends. web.config lets you have multiple account. I assume it works similar to how htaccess/htpasswd files work. I have done this method for clients where the database method was overkill. Simple enough for them to manage since the person managing had access to the server to update the proper files.
--
Chris Hanscom - Microsoft MVP
On Facebook | On Twitter | Resource Center | Veign's Blog | Web Development Help
Get a Complete Website Analysis by Veign - It does but is a little finiky if you want different access levels.
MS MVP Expression Tutorials & Help http://by-expression.com and online instructor led Expression Classes - True. Not perfect, may work but who knows without a complete spec.
--
Chris Hanscom - Microsoft MVP
On Facebook | On Twitter | Resource Center | Veign's Blog | Web Development Help
Get a Complete Website Analysis by Veign - My Windows host dashboard control only allows for a single password protection of a given folder. I would have to go back to a UNIX plan for multiple user passwords on a single folder, which means I can't use "aspx" pages, correct?.
Of course not. Your hosting panel directory password protection is an entirely different thing from asp.net login controls (or any other scripting login control). In fact, if you had both, you'd have to login twice, once for the directory and once for the asp.net login.
- See: http://support.netfirms.com/idx.php/98/786/article/How-do-I-passwordprotect-a-web-page-using-ASPNET.html
Which shows how to use web.configfor multiple logins.
MS MVP Expression Tutorials & Help http://by-expression.com and online instructor led Expression Classes I tried the procedures described in the Homepagedoctor link, but fell short at the end with internal errors.
Thanks,
RTM
What did you run into?
That link is more about the tools you need and the approach to take as opposed to a "procedure", but I would like to know if there is some clarification that needs to be made there. Did you follow the primary reference book? How far did you get and where did you get stopped?
ClarkNK, A.K.A. HomePage Doctor
HomePageDoctor.com -- Expression Web database tutorials
Ownertrades.com -- Created with FP, Access, Bots and Wizards
MyNumbersTracker.com -- Created with Expression, VWDExress, SQL Express, and ASP.NET.
