Using ASP for Access Control

With Active Server Pages (ASP) server-side scripting you can programmatically control access to your .asp files by checking the IP address and Windows NT credentials of users. For more information about server-side scripts, see Active Server Pages Scripts.

Note   You can use this procedure only to control access to a specific ASP page, and not other types of Web content.

To use ASP for access control
  1. Enable Basic authentication for the .asp file or directory containing the .asp file for which you want to control access. For instructions, see Enabling Basic Authentication.
  2. In the .asp file, insert the following script before any HTML tag (including comment tags):
    3. <% 
AuthCred = Request.ServerVariables("LOGON_USER") 
IPAddr = Request.ServerVariables("REMOTE_ADDR")

If IPAddr = "INSERT IP ADDRESS HERE!" Then   'Authenticate client
'Prompt user for a valid Windows NT account user name and password 
  If IsEmpty(AuthCred) or AuthCred = ""  Then  

'If user logon information is not valid or if user cancels, send an
'HTTP 401 status to the browser, which will recognize a denial of access
'to the file.
    Response.Status = "401 Access Denied"   
    Response.End
  End if 

Else
'Send an HTTP 403 status to the browser, indicating 
'that access to file is forbidden.
 Response.Write("403 Access Forbidden")
 Response.End     

End if 
%>
  3. In the script, select the following text and replace it with the IP address of the computer, group of computers, or domain that you want to give access to your ASP page:
    4. INSERT IP ADDRESS HERE!

© 1997 by Microsoft Corporation. All rights reserved.: