I would like to know how to password protect a site so that members only may get in after they pay a yearly fee. How do I create the password protect, and how do I only allow it after this fee has been paid?
@PeOfEoDec 14.2004 — #pick any server side language to do it. Its not hard. You just simply have a feild in the db that has paid or not paid and it would eb a date feild. Then whenever they login you run a date difference function and see if it is a year later. You going to pick a windows or linux server on go daddy? You can do what you want to do with ASP, ASP.NET, PHP, CGI, JSP, Cold Fusion. I use asp.net myself and wrote an article about how to make a simple login system with asp.net, but if you needed high security or something you should not use my method (but rather forms auth and https protocal). http://www.webreference.com/programming/asp/quasi/ is my article. It will do its job just fine unless stuff like credit card numberws and social security numbers are involved, and that those are only a login away.
@ScottcampauthorDec 15.2004 — #Thanks, I have never stepped in this realm before...It's always been just basic web development. I'll probably go with a windows based server, since I have little experience with Linux. I will probably use the ASP like you referred me to. Thanks for the article.
Where can I find a date/time function?
And will this ASP page protect the directory so they cannot tack a page behind the password page on their favorites and never log in again?
@PeOfEoDec 16.2004 — #[i]Originally posted by ray326 [/i]
[B]You can turn on Basic Auth in your IIS configuration console. [/B][/QUOTE] But will this be effective with a lot of users? I think a data base soltuion would be more feasible.
Server Error in '/' Application. --------------------------------------------------------------------------------
Runtime Error
Description: An application error occurred on the server. The current custom error settings for this application prevent the details of the application error from being viewed remotely (for security reasons). It could, however, be viewed by browsers running on the local server machine.
Details: To enable the details of this specific error message to be viewable on remote machines, please create a <customErrors> tag within a "web.config" configuration file located in the root directory of the current web application. This <customErrors> tag should then have its "mode" attribute set to "Off".
<!-- Web.Config Configuration File -->
<configuration>
<system.web>
<customErrors mode="Off"/>
</system.web>
</configuration>
Notes: The current error page you are seeing can be replaced by a custom error page by modifying the "defaultRedirect" attribute of the application's <customErrors> configuration tag to point to a custom error page URL.
@ray326Dec 16.2004 — #[i]Originally posted by PeOfEo [/i]
[B]But will this be effective with a lot of users? I think a data base soltuion would be more feasible. [/B][/QUOTE] There's no reason the id/password data store for basic couldn't be a table in a database. The most common data store for IIS applications is probably an NT domain or an AD group.
Server Error in '/' Application. --------------------------------------------------------------------------------
Runtime Error
Description: An application error occurred on the server. The current custom error settings for this application prevent the details of the application error from being viewed remotely (for security reasons). It could, however, be viewed by browsers running on the local server machine.
Details: To enable the details of this specific error message to be viewable on remote machines, please create a <customErrors> tag within a "web.config" configuration file located in the root directory of the current web application. This <customErrors> tag should then have its "mode" attribute set to "Off".
<!-- Web.Config Configuration File -->
<configuration>
<system.web>
<customErrors mode="Off"/>
</system.web>
</configuration>
Notes: The current error page you are seeing can be replaced by a custom error page by modifying the "defaultRedirect" attribute of the application's <customErrors> configuration tag to point to a custom error page URL.
Any ideas? [/B][/QUOTE] Tons of reasons. Okay, do you have a web.config file? If so turn the errors off, like the message says so we can see what is actually happening.
@PeOfEoDec 17.2004 — #[i]Originally posted by ray326 [/i]
[B]There's no reason the id/password data store for basic couldn't be a table in a database. The most common data store for IIS applications is probably an NT domain or an AD group. [/B][/QUOTE] Well Iknow forms works well with a db. But I thought windows and basic caused problems. I never use either of course, I always just do like what I did in my article, no auth, for a site that does not need to be super sequre where the login is a means of identification, or I use forms.
@ray326Dec 17.2004 — #We run Basic against an NT domain on our IIS-based apps with no problem. The users like it because it's synchronized with their network login, the admins like it because there's zero administration, the security guys like it because it satisfies the requirement that ALL requests to an app be authenticated.