Home > Archive > ASP > July 2004 > Login Script based on Email, IP and sql server backend
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Login Script based on Email, IP and sql server backend
|
|
|
| My questions concerns building a login system based on checking for the
existence of the user's email address only....
1. Is it ok for me to use IP address to allow user to bypass all login and
registration systems if IP is present in database? I wish to save the user
time....if the IP is not present I will present the LOGIN email screen....
2. I am consideirng using Session variable on each page I wanted I
protected...I think I know how to do this but I am not sure on whether I
should be using the global.asa to handle loggin in or logging out or whether
I should so all the code on the secure page itself.
3. I wish to use a sql server backend to house my tables: tblProspect,
tblProspectPageSelections......is it okay to use the following branching
code to switch between my test and production server with regards the
physical database path as I have multiple sites on our remote server which
need to feed off the same database....I am thinking about something like
this:
If InStr(Request.ServerVariables("SERVER_NAME"), "publicserver.com") > 0
Then
' Set Public Server Paths
Else
' Set Private Server Paths
End If
Can this work?
Many thanks
Jason
| |
| Curt_C [MVP] 2004-07-26, 8:55 pm |
| If this is internal, I suppose....but
1) are you using DHCP for addresses? this means they may change.
2) if this is external then it wont work. May places use a masked IP, in
other words an entire company of people may show as a single IP to the
outside world.
--
Curt Christianson
Owner/Lead Developer, DF-Software
Site: http://www.Darkfalz.com
Blog: http://blog.Darkfalz.com
<jason@catamaranco.com> wrote in message
news:e$OEMJycEHA.1356@TK2MSFTNGP09.phx.gbl...
> My questions concerns building a login system based on checking for the
> existence of the user's email address only....
>
> 1. Is it ok for me to use IP address to allow user to bypass all login and
> registration systems if IP is present in database? I wish to save the user
> time....if the IP is not present I will present the LOGIN email screen....
>
> 2. I am consideirng using Session variable on each page I wanted I
> protected...I think I know how to do this but I am not sure on whether I
> should be using the global.asa to handle loggin in or logging out or
whether
> I should so all the code on the secure page itself.
>
> 3. I wish to use a sql server backend to house my tables: tblProspect,
> tblProspectPageSelections......is it okay to use the following branching
> code to switch between my test and production server with regards the
> physical database path as I have multiple sites on our remote server which
> need to feed off the same database....I am thinking about something like
> this:
>
> If InStr(Request.ServerVariables("SERVER_NAME"), "publicserver.com") > 0
> Then
> ' Set Public Server Paths
> Else
> ' Set Private Server Paths
> End If
>
> Can this work?
>
> Many thanks
> Jason
>
>
| |
|
| Thank, Curt, this is something I had not considered...I guess I could use
internal IP to help employees bypass login screens....I will revert to
'email' check for outsiders...
"Curt_C [MVP]" <software_AT_darkfalz.com> wrote in message
news:O50TUc1cEHA.2520@TK2MSFTNGP12.phx.gbl...
> If this is internal, I suppose....but
> 1) are you using DHCP for addresses? this means they may change.
> 2) if this is external then it wont work. May places use a masked IP, in
> other words an entire company of people may show as a single IP to the
> outside world.
>
> --
> Curt Christianson
> Owner/Lead Developer, DF-Software
> Site: http://www.Darkfalz.com
> Blog: http://blog.Darkfalz.com
>
>
> <jason@catamaranco.com> wrote in message
> news:e$OEMJycEHA.1356@TK2MSFTNGP09.phx.gbl...
and[color=darkred]
user[color=darkred]
screen....[color=darkred]
> whether
which[color=darkred]
>
>
| |
|
| Curt, I am returning to this theme after reading this article:
http://www.15seconds.com/issue/981104.htm
An IP address-based schema presented here assumes the IP address for a given
machine remains constant. For most networks it is constant. For a few
networks IP addressing is dynamic where the address will change for a
machine with each start up, and sometimes even during operation. The
security schema presented won't work if the IP address changes while the
user machine is on; however, this is rare (i.e., I think AOL proxy servers
do this for dial-in clients).
'---
I was wondering what your thoughts on this solution.
Many thanks
Jason
"Curt_C [MVP]" <software_AT_darkfalz.com> wrote in message
news:O50TUc1cEHA.2520@TK2MSFTNGP12.phx.gbl...
> If this is internal, I suppose....but
> 1) are you using DHCP for addresses? this means they may change.
> 2) if this is external then it wont work. May places use a masked IP, in
> other words an entire company of people may show as a single IP to the
> outside world.
>
> --
> Curt Christianson
> Owner/Lead Developer, DF-Software
> Site: http://www.Darkfalz.com
> Blog: http://blog.Darkfalz.com
>
>
> <jason@catamaranco.com> wrote in message
> news:e$OEMJycEHA.1356@TK2MSFTNGP09.phx.gbl...
and[color=darkred]
user[color=darkred]
screen....[color=darkred]
> whether
which[color=darkred]
>
>
|
|
|
|
|