Simplest Code for ASP Password Protected Page
By Stephen Bucaro
Sometimes you want to store private links on your server. Of course you wouldn't
store important passwords this way because any system administrator at your
web host provider could see them. What is the simplest way to password protect a
single webpage with classic ASP? The code for this is shown below.
<head><title>Password Protected ASP page</title>
If Request.Form("submit") ="Login" Then
If Request.Form("password") = "mypass" Then
<!-- ENTER PAGE DATA HERE v -->
<p>You are logged in</p>
<!-- ENTER PAGE DATA HERE ^ -->
<form name="form" action="login.asp" method="post">
<tr><td>Password: </td><td><input type="password" name="password"></td></tr>
<tr><td colspan="2"><input type="submit" name="submit" value="Login"></td></tr>
This code consists of an IF ELSE statement nested within an IF ELSE statement.
The outer IF ELSE statement tests if the login form has been submitted, if not
it displays the login form. If the login form has been submitted, it tests the
form's password entry for the proper password. If the password is correct, it
displays the html that you are protecting. If the password is not correct, it
uses Response.Redirect to reload the page, displaying the login form.
To use this code, change the text "mypass" to your private password, then add
your password protected HTML where indicated. As is, anyone can click "show
page code" and view your password protected HTML. I did this to keep it simple.
If you want it more secure, use Response.Write to render your password
As it is this code protects only one page. If you want to password protect more
pages, then within the nested IF THEN statement, set a session variable, e.g.
Session("bloggedin") = True, and then on each other page use an IF THEN
statement to check that variable, e.g. If Session("bloggedin") = TRUE Then,
displaying the page HTML if TRUE, Else use Response.Redirect to
reload the login form page.