In a similar vein to Jesteruk's login with PHP articles, this article will show you how to do the same thing but with ASP.

So, how do you start?

The first thing you need to do is create a simple login page, which can look something like this:

Note: This will create JUST a form with text boxes. You can pad it out yourself.

Creating the login.asp page

<% Sub ShowLogin %>

<form name=form1 action=login.asp method=post>

User Name : <input type=text name=username>

Password : <input type=password name=userpwd>

<input type=hidden name=login value=true>

<input type=submit value="Login">

</form>

<% End Sub %>

The second input box has a type=password, what this does is cause the text typed in to be hidden (like *******). Also to note is that you want the action of the form to be the same page. This way we do not need a second page just to handle the checking of the password. I will talk about the hidden form element next. You will also see why we placed the form inside a subroutine later.

Before we add the code to check to see if the user name and password are correct we need to add some code to the top of login.asp to check to see if the form has been submitted.

Response.Expires = -1000 'Makes the browser not cache this page

Response.Buffer = True 'Buffers the content so our Response.Redirect will work

Session("UserLoggedIn") = ""

If Request.Form("login") = "true" Then

CheckLogin

Else

ShowLogin

End If

This code will go at the top of login.asp to see if the form was submitted. If it was, then we will check the login, if not then we will show the login form.

Checking for correct login details

Next we will add the code for the CheckLogin subroutine to check to see if the username and password entered are correct. At this time there is no database connectivity, as there is only one user.

Sub CheckLogin

If LCase(Request.Form("username")) = "guest" And LCase(Request.Form("userpwd")) = "guest" Then

Session("UserLoggedIn") = "true"

Response.Redirect "protectedpage.asp"

Else

Response.Write("Login Failed.<br><br>")

ShowLogin

End If

End Sub

The above code will check to make sure they have entered the login correctly. By setting the Session variable "UserLoggedIn" equal to "" we are basically logging the user out.

The protected pages

The only thing left to do is write the code to put at the top of the protected page to check to see if the user is logged in. This will redirect the user to the login page if UserLogginIn is not set.

Response.Expires = -1000 'Makes the browser not cache this page

Response.Buffer = True 'Buffers the content so our Response.Redirect will work

If Session("UserLoggedIn") <> "true" Then

Response.Redirect("login.asp")

End If

The Scripts in full

login.asp

<%

Response.Expires = -1000 'Makes the browser not cache this page

Response.Buffer = True 'Buffers the content so our Response.Redirect will work

Session("UserLoggedIn") = ""

If Request.Form("login") = "true" Then

CheckLogin

Else

ShowLogin

End If

Sub ShowLogin

%>

<form name=form1 action=login.asp method=post>

User Name : <input type=text name=username><br>

Password : <input type=password name=userpwd><br>

<input type=hidden name=login value=true>

<input type=submit value="Login">

</form>

>%

End Sub

Sub CheckLogin

If LCase(Request.Form("username")) = "guest" And LCase(Request.Form("userpwd")) = "guest" Then

Session("UserLoggedIn") = "true"

Response.Redirect "protectedpage.asp"

Else

Response.Write("Login Failed.<br><br>")

ShowLogin

End If

End Sub

%>

protectedpage.asp

<%

Response.Expires = -1000 'Makes the browser not cache this page

Response.Buffer = True 'Buffers the content so our Response.Redirect will work

If Session("UserLoggedIn") <> "true" Then

Response.Redirect("login.asp")

End If

%>

This page is full of password protected content. If you are reading this you entered <br>

the correct name and password.