Hi
In the admin page itself check if the user has admin
privilages, you can do this by checking the UOFAdmin
value in the session. if you dont have a security
check in the admin page itself users can access it by
directly typing the url into the browser
something like this in the admin page
If Session("UofAdmin") = 0 then
response.Redirect "AccessDenied.asp"
End If
HTH
Chamindu
--- "Turner, Alice" <[EMAIL PROTECTED]> wrote:
> I have created an event calendar that list upcoming
> events for each
> month. The calendar has two security levels:
> 1-Administrative and
> 2-Registered Users. If I'm a registered user (or,
> in this case, a
> supervisor) and click an event, this will direct me
> to a page stating,
> "You have no admin privileges. Click here
> <file:///R:/Star2003/Training/UOF/admin.asp> to log
> in or return to
> Event Calendar <outbind://79/Training/UOF/> ".
> When I click the "Click
> Here" link, it directs me to the login page where
> I'm rrequired to enter
> my username and password. When it accepts my
> credential, it then
> directs me back to the Event Calendar were I'm able
> to select the event
> once again. At this point, I'm directed to the
> registration page were I
> can register individuals to attend this event.
>
> Above the calendar, I also have three links, i. e.,
> UOF Home,
> Administration, View Events. If I am an
> Administrator, I should be able
> to click the Administration link that redirects me
> to the login in
> screen, which in this case, it does. Once I have
> logged in, it directs
> me an Update page with different admin links
> displayed. Which is what I
> want to see. However, when I log on as a Registered
> User, when I click
> the Administration link I should not be able to see
> the Update page, if
> I'm not an Administrator. But, this is occurring.
> I have the following
> script added to required page as followings:
>
> Script: '------- Redirect user to appropriate page
> based on security
> -------
>
>
> If NOT IsEmpty(Request.Form("Login")) Then
> iAdminStat = Check_Admin
> If iAdminStat = 1 Then
> If SecLvlID = 1 Then
> Session("UOFAdmin") = 1
> Response.Redirect
> "/UOF/EventCalendar/Admin/Updates.asp"
> Else
> Session("UOFAdmin") = 2
> Response.Redirect
> "http://UOF/Training/EventCalendar";
> End If
> Else
> Session("UOFAdmin") = 0
> End If
> End If
>
> What do I need to change that will not allow a
> registered users to view
> the Administrator Update page? Or, is there a way
> to redirect a user
> when they click the Administration link that if I'm
> currently logged on
> as a registered users, it will check my credential
> and redirect me to a
> page that states, "You are not authorized to view
> this page". However,
> if your an Administrator you will not see this
> message, but will be
> taken to the correct page.
>
__________________________________
Do you Yahoo!?
Yahoo! Mail - You care about security. So do we.
http://promotions.yahoo.com/new_mail
------------------------ Yahoo! Groups Sponsor --------------------~-->
Make a clean sweep of pop-up ads. Yahoo! Companion Toolbar.
Now with Pop-Up Blocker. Get it for free!
http://us.click.yahoo.com/L5YrjA/eSIIAA/yQLSAA/17folB/TM
--------------------------------------------------------------------~->
---------------------------------------------------------------------
Home : http://groups.yahoo.com/group/active-server-pages
---------------------------------------------------------------------
Post : [EMAIL PROTECTED]
Subscribe : [EMAIL PROTECTED]
Unsubscribe: [EMAIL PROTECTED]
---------------------------------------------------------------------
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/active-server-pages/
<*> To unsubscribe from this group, send an email to:
[EMAIL PROTECTED]
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
