More Effective Access Control

With the release of WEBPLUS X2, Serif introduced a new Smart Object called Access Control. This is a simple login option that allows registered users of your site to gain access to protected pages - or pages that are only meant to be viewed by registered users of your site.

 

Despite it’s simplicity, its incorporation into a web site is still causing a degree of confusion for some WEBPLUS users. So let’s start by just going over the basics of using this object.

 

1. The access control object does not change your site in any way. Even if you incorporate such an object ALL your pages will still be seen by site visitors.
2. In order to restrict access to certain pages to registered AND logged-in users, you MUST protect those pages. You do this from the page properties dialog for the pages you wish to protect. Simply select the Page Security Tab and check the box that says “Protect page with a Password” Once this is done, ordinary, non-registered site visitors will NOT be able to access those pages. If they do attempt to access those pages, a pop-up window will display asking them for login information.
    

To recap, page protection is a two-step process. First, provide an access control on your site and 2, protect the pages that you wish to restrict access to.

 

Make It Simple for Your Site Visitors

 

Having got the basics out of the way, there are a few steps you can take to make visitors better understand what’s going on. I personally don’t like giving visitors the option of going directly to a protected page. It can be very disconcerting to click a link and then see a request for a Login. Its far better to advise your visitors that they are about to enter a protected area of your web site, and to offer some advice on what they need to do to proceed.

 

The easiest way to do this is to create a “Members Area” link on your main navigation. This should direct visitors to an UNPROTECTED page that explains what your members area is all about, and what people have to do to register as a member. In most cases, you simply tell them to click the “Sign-Up” link in your access control (usually placed in the header area of your master page). You can also advise visitors that if they are already registered members, they can click a link on the same page to enter their login information.

 

You should now create a PROTECTED page that welcomes visitors to your protected area and displays links to ALL your protected content. This is the page that you link from the UNPROTECTED members area page.  When the site is viewed, this is what happens.

 

1. The visitor clicks on your members area link and sees the page advising them to register or to proceed to login if they are already registered.
2. If they click the link to proceed to login, they will be transferred to your members welcome page. However because this page is a PROTECTED page, they will be presented with the pop-up login screen before they see the page.
3. If they successfully login, your members welcome page will display with all the links to all your other protected pages.

If the visitor is already logged into your site (maybe from your home page), they should get transferred to your members welcome page without seeing the pop-up login.

 

Finally, the basic rules to follow if you want to use this technique are:

 

• EXCLUDE ALL PROTECTED PAGES from your main site navigation. Instead, create a separate navigation element in your members area welcome page.
• Be sure to set PROTECTION on ALL pages that link from your members area page. If you don’t do this, non-registered members will still be able to access your protected pages by simply typing in the full URL of the pages. Protecting the members area welcome page only will not offer any protection for the other pages linked from that page.