Home/ Questions/Q 7033175
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-28T01:01:52+00:00

I stumbled across a simplistic, but helpful way to password protect a page here:

  • 0

I stumbled across a simplistic, but helpful way to password protect a page here:
Pop up password protect

Here’s the code:

<%

needAuthentication = True

If Request.Form.Count > 0 Then 
    If Request.Form("username") <> "jon" Or Request.Form("password") <> "secret" Then
        ' Redirect to another URI
        Response.Redirect("/")
        Response.End
    End If
    needAuthentication = False
End If

%>
<html>
<body>
<%

If needAuthentication Then

%>
<form method="post" action="thenameofthepage.asp">
  <div>Username: <input type="text" name="username" /></div>
  <div>Password: <input type="text" name="password" /></div>
  <div><input type="submit" value="Submit" /></div>
</form>
<%

Else

%>
<p>Page content here</p>
<%

End If

%>
</body>
</html>

Two questions:
1) How can I improve this that when the password fails it calls an alert box “Login Failed” and resets the form?
2) How insecure is this? Are there ASP methods to improve security?

A few notes:
No database involved — this is just a page protected by one global password.
And, if you couldn’t already tell, my ASP skills are non-existent. Thanks in advance.

UPDATE: (alert working with failed login but page content loading anyway)

<%
needAuthentication = True
authenticationFailed = False

If Request.Form.Count > 0 Then 
    If Request.Form("password") <> "secret" Then
        authenticationFailed = True
    End If
    needAuthentication = False
End If

%>


<html>
<body>

<%
If needAuthentication Then

%>

<form method="post" action="passwordtest.asp">
  <div>Password: <input type="text" name="password" /></div>
  <div><input type="submit" value="Submit" /></div>
</form>

<%
Else

%>

<p>Page content here</p>

<%
End If

%>

<%
If authenticationFailed Then

%>

<script type="text/javascript">
  alert("Invalid login");
</script>

<%
End If
%>

</body>
</html>
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You would do something like:

    authenticationFailed = False

    And then in the Else section of your statement, set authenticationFailed = True.

    Then on your page have something like:

    <%

If authenticationFailed Then

%>
<script type="text/javascript">
  alert("Invalid login");
</script>
<%

    Security has many elements. Assuming you can keep the password secret, and assuming no one else can get their hands on this file, then so long as you access the site using HTTPS you should be fine 🙂 – note that was a lot of “ifs” there.

    If you want to know more about security, I would recommend googling the subject. Security is directly related to the technology you’re using – although different technologies do try and make things easier in their own ways.

    Oh and one additional thing – this method of logging in requires that you login every time you want to access a protected page. It doesn’t remember it as you might expect. You’d need to investigate sessions for that – which is a topic all in itself: http://www.w3schools.com/ASP/asp_sessions.asp.

    • 0