- Enabling Visitors to Create User Accounts
- Protecting Pages from Unauthenticated Visitors
- Testing Your New Pages
- Summary
Protecting Pages from Unauthenticated Visitors
The final piece of adding user authentication to your site is to protect those pages that should not be available to unauthenticated visitors. Since you created a session using the visitor's username as the session variable that is passed from page to page, you can add one of UltraDev's server behaviors to the protected pages that verifies that the user has entered a valid username and password prior to requesting the protected page.
Exercise 8.11 Restricting Access to a Page
Using the nrfdefault template, create a new page. Close the Logout.asp page.
Remove the {erMainData} text and replace it with the following text block:
On the Server Behaviors panel, click the plus sign and select User Authentication/Restrict Access To Page.
-
In the Restrict Access To Page dialog box, shown in Figure 8.20, choose to restrict the page based on Username and Password. In the If Access Denied, Go To field, type http://localhost/insideud4/login.asp.
Figure 8.20. The Restrict Access To
Page dialog box keeps unauthenticated visitors from viewing content.
-
Click OK. Save the page in the root of your site as view_cart.asp.
Welcome to your shopping cart. Because you were properly authenticated, you are able to see this page.