Tyring To Apply A Password To A Page

[confused and dazed]

Hello internet.I used a series of password protect html pages to direct the user to a page only if the password is correct. However, it appears they can just type in the web-address of the destination page and it will load. I want that page to be password protected but I can type it in and it will load. How do I prevent this?

[boen_robot]

You can't do that with HTML, JavaScript, or anything running on the client. You need to configure the server to do that.The way you do depends on your web server (Apache, IIS, etc.) and/or server scripting language (PHP, ASP.NET, etc.) of choice.

[confused and dazed]

Web Server Windows - working with php.

[boen_robot]

"Windows" is your OS, not your web server. Your web server is the program that gives the requested files. It could be Apache, IIS (that's bundled with Windows, but may not be what you're using; plus it's a different version at each Windows version), or something else.Here's instructions for Apache. For PHP, it's a little more complicated, because you need to not only define a username and password, but also store them somewhere (e.g. a file outside of your web server or a database), and then fetch the protected content via PHP instead of letting it go directly from the web server.

[confused and dazed]

Well I have go daddy and I have a windows based server platform with IIS. Looks like PHP will be a hard way to go with windows... maybe I should consider changing my server over to Linux based.

[boen_robot]

GoDaddy with IIS? OK... that's what I wanted to know...There needs to be some way in which GoDaddy allows you to register usernames via some sort of control panel. Create the username and password you'll be using for the folder there. Once you do that, create a file called web.config with the following contents:

<?xml version="1.0" encoding="UTF-8"?><configuration>    <system.webServer>        <security>            <authorization>                <remove users="*" roles="" verbs="" />                <add accessType="Allow" users="USERNAME" />            </authorization>        </security>    </system.webServer></configuration>

(replacing USERNAME with the actual username you registered)and place this file into the folder you wish to protect.

[confused and dazed]

I called up GoDaddy and they said there is not a way to protect a folder with my windows based server. If I wanted to keep the windows based platform he mentioned there will be a lot of php scripting involved to accomplish this. Otherwise he suggested switching over to a Linux based platform and this would allow my hosting account to easily protect a folder without php scripting. I took his advice and the migration process has started...Thanks for the comments - it started my investigation into a better way to code. Thanks.

[boen_robot]

Keep in mind it's theoretically possible (i.e. this is NOT a limitation of Windows per se)... but GoDaddy refuses to do it, because it requires them to create their own admin panel, which apparently they don't have time/desire/incentive to implement.

[confused and dazed]

Yeah I think I wrote my response a little confusing - the guy did say I can script around the problem with windows based but they could not help with that (as you stated). Thanks for the information.

[boen_robot]

Yeah I think I wrote my response a little confusing - the guy did say I can script around the problem with windows based but they could not help with that (as you stated). Thanks for the information.

That would've been a solution for your site only.I'm talking that GoDaddy could (if they had the time and desire) design a panel for all of their users, and thus enable easy password protected folders on Windows for you and the rest of their clients.What I'm saying is that if one day you change your host from GoDaddy to someone else... look out for Windows hosting offers as well. Just because they use Windows doesn't inherently mean they don't allow password protection.