ASP Site Logon Code

Simple logon using the Scripting Dictionary

Simple logon code using a scripting dictionary with a text file for user names and passwords.

Protecting a single page or groups of pages from unauthorised access is a common task for webmasters and there a several ways this can be accomplished. This is one method for ASP VbScript without requiring a database being available, by using a flat text file for storing the usernames and passwords. This article will cover reading the text file to recover and check the user entered data while a later article will cover allowing new users to register and writing their username/password to the text file.
This simple flat file method could be adapted to use a XML file structure where different information regarding the user could be stored and retrieved but it should be noted that using text files for data will be insecure and can soon become unwieldy if used for anything beyond a few stored users and that using a database would allow for more information to be stored and retrieved quickly, this would also make the data more secure.

The first thing is to secure the username file as much as possible and the easiest way is to do this is to make the file be a server side parsed file and hide the details as a VbScript comment. So creating the file in this way;

01: <%
02: ' fred,Fred Flintstone|password

03: %>

There some other useful techniques demonstrated as well such as using sessions to maintain state between pages and the scope to store the logged on state to a cookie to allow the user to return at a later date and to be logged straight into the site. These operations are the same no matter how the users and passwords are stored.
The same is true of the functions for checking the usernames and passwords. If at some time the system is upgraded to use a database, the bulk of the code will remain the same and only the functions for retrieving the usernames and passwords will require recoding to get the information from a database.