https, ssl, asp & sql

karoshi

karoshi

karoshi

Associate
Joined
29 Sep 2003
Posts
683
Location
midlands
i've been asked to alter a website and make it a secure site, something i've not had to do before and i'm getting lost, can anyone point me to a good guide on how to set the following up / if it's possible:

currently the site is windows hosting, IIS, asp website, we have a sql server with a table of users in it (firstname/surname/username/password/etc) and the http site has a basic login.asp form page asking the user for a username and password which it then checks against the table and redirects to either a "confirmed" page or a "bog off" page.

if i buy an ssl certificate for the site i can then use https://www.mysite.com/login.asp and it'll pop up a login password box right?

where do i put the usernames and passwords for that login box?

is it possible to make the ssl login box refer to the pre-existing sql username table for this, letting people in if they exist?

cheers :)
 
karoshi said:
i've been asked to alter a website and make it a secure site, something i've not had to do before and i'm getting lost, can anyone point me to a good guide on how to set the following up / if it's possible:

currently the site is windows hosting, IIS, asp website, we have a sql server with a table of users in it (firstname/surname/username/password/etc) and the http site has a basic login.asp form page asking the user for a username and password which it then checks against the table and redirects to either a "confirmed" page or a "bog off" page.

if i buy an ssl certificate for the site i can then use https://www.mysite.com/login.asp and it'll pop up a login password box right?

where do i put the usernames and passwords for that login box?

is it possible to make the ssl login box refer to the pre-existing sql username table for this, letting people in if they exist?

cheers :)
Click to expand...

The thing you are asking is securing some pages of your website. Those pages will be restricted to limited users. Is that correct?
 
jack21 said:
The thing you are asking is securing some pages of your website. Those pages will be restricted to limited users. Is that correct?
Click to expand...

sort of :)

currently we run a http website that uses asp/vbscript page forms to ask the user for a login id, which it then checks against a SQL table of allowed users, if you're in the list you get a session username variable set for you and you proceed to view the site

what we're using the site for is changing and because the changes bring in a money tracking option i've been told that the site has to be secure, using https

i've never used https before so i'm a little lost, our host provider can supply a shared SSL certificate for £60 for the year, which would give us the url: https://mysite.com but that would appear to put a popup login box infront of the website?

i'm trying to work out if that means i've got to set a username and password for that box, before the user gets asked for their username and password, meaning that each user would have to have two sets of ID.. or wether the SSL username and password check can refer to the existing SQL table of users?
 
karoshi said:
i've never used https before so i'm a little lost, our host provider can supply a shared SSL certificate for £60 for the year, which would give us the url: https://mysite.com but that would appear to put a popup login box infront of the website?

i'm trying to work out if that means i've got to set a username and password for that box, before the user gets asked for their username and password, meaning that each user would have to have two sets of ID.. or wether the SSL username and password check can refer to the existing SQL table of users?
Click to expand...

SSL doesn't do that. SSL just encrypts the data between the end user and the server, no "login box" to speak of. Your website remains exactly the same, except when you want users to send sensitive data, you send them to https://yoursite.com/page.php rather than http://yoursite.com/page.php - both will work, but only the former will be encrypted and have the padlock icon in the bottom right in your browser.
 
sorry to drag this up from page4 but just wanted to say thank you to Daz, Jack and Spunkey for the advice, got it sorted now :D
 
make sure you've uploaded all images/files etc to the secure server, else you'll get those annoying "do you want to display the non-secure items" prompt each time the page loads.
 
You must log in or register to reply here.
Back
Top Bottom