Building a page only authorized users can access

Your web application can contain a protected page that only authorized users can access.

For example, if a user attempts to bypass the login page by typing the protected page’s URL in a browser, the user is redirected to another page. Similarly, if you set the authorization level for a page to Administrator, then only users with Administrator access privileges can view the page. If a logged-in user attempts to access the protected page without the proper access privileges, the user is redirected to another page.

You can also use authorization levels to review newly registered users before granting them full access to the site. For example, you may want to receive payment before allowing a user access to the member pages of the site. To do so, you can protect the member pages with a Member authorization level and only grant newly registered users Guest privileges. After receiving payment from the user, you can upgrade the user’s access privileges to Member (in the database table of registered users).

If you do not plan to use authorization levels, you can protect any page on your site simply by adding a Restrict Access To Page server behavior to the page. The server behavior redirects to another page any user who has not successfully logged in. For more information, see Redirecting unauthorized users to another page.

If you do plan to use authorization levels, you can protect any page on your site with the following building blocks:

• A Restrict Access To Page server behavior to redirect unauthorized users to another page (see Redirecting unauthorized users to another page)
• An extra column in your users database table to store each user’s access privileges (see Storing access privileges in the user database)

Whether you use authorization levels or not, you can add a link to the protected page that lets a user log out and clears any session variables. For more information, see Logging out users.