Redirect unauthorized users – Adobe Dreamweaver CC 2015 User Manual

671

Building applications visually

Last updated 6/3/2015

For example, if a user attempts to bypass the login page by typing the protected page’s URL in a browser, the user is
redirected to another page. Similarly, if you set the authorization level for a page to Administrator only users with
Administrator access privileges can view the page. If a logged-in user attempts to access the protected page without the
proper access privileges, the user is redirected to another page.

You can also use authorization levels to review newly registered users before granting them full access to the site. For
example, you may want to receive payment before allowing a user access to the member pages of the site. To do so, you
can protect the member pages with a Member authorization level and only grant newly registered users Guest
privileges. After receiving payment from the user, you can upgrade the user’s access privileges to Member (in the
database table of registered users).

If you do not plan to use authorization levels, you can protect any page on your site simply by adding a Restrict Access
To Page server behavior to the page. The server behavior redirects to another page any user who has not successfully
logged in.

If you do plan to use authorization levels, you can protect any page on your site with the following building blocks:

• A Restrict Access To Page server behavior to redirect unauthorized users to another page

• An extra column in your users database table to store each user’s access privileges

Regardless of whether you use authorization levels, you can add a link to the protected page that lets a user log out
and clears any session variables.

Redirect unauthorized users

To prevent unauthorized users from accessing a page, add a Restrict Access To Page server behavior to it. The server
behavior redirects the user to another page if the user attempts to bypass the login page by typing the protected page’s
URL in a browser, or if the user is logged in but attempts to access the protected page without the proper access
privileges.

Note: The Restrict Access To Page server behavior can only protect HTML pages. It does not protect other site resources such
as image files and audio files.

If you want to give many pages on your site the same access rights, you can copy and paste access rights from one page
to another.

Redirect unauthorized users to another page

1

Open the page you want to protect.

2

In the Server Behaviors panel (Window > Server Behaviors), click the Plus (+) button and select User Authentication
> Restrict Access To Page from the pop-up menu.

3

Select the level of access for the page. To allow only users with certain access privileges to view the page, select the
Username, Password, and Access Level option and specify the authorization levels for the page.

For example, you can specify that only users with Administrator privileges can view the page by selecting
Administrator in the authorization levels list.

4

To add authorization levels to the list, click Define. In the Define Access Levels list that appears, enter a new
authorization level, and click the Plus (+) button. The new authorization level is stored for use with other pages.

Ensure that the string for the authorization level matches exactly the string stored in your user database. For
example, if the authorization column in your database contains the value “Administrator”, enter Administrator, not
Admin, in the Name box.