Building a page in Dreamweaver that only authorized users can access

Note:

The user interface has been simplified in Dreamweaver CC and later. As a result, you may not find some of the options described in this article in Dreamweaver CC and later. For more information, see this article.

Your web application can contain a protected page that only authorized users can access.

For example, if a user attempts to bypass the login page by typing the protected page’s URL in a browser, the user is redirected to another page. Similarly, if you set the authorization level for a page to Administrator only users with Administrator access privileges can view the page. If a logged-in user attempts to access the protected page without the proper access privileges, the user is redirected to another page.

You can also use authorization levels to review newly registered users before granting them full access to the site. For example, you may want to receive payment before allowing a user access to the member pages of the site. To do so, you can protect the member pages with a Member authorization level and only grant newly registered users Guest privileges. After receiving payment from the user, you can upgrade the user’s access privileges to Member (in the database table of registered users).

If you do not plan to use authorization levels, you can protect any page on your site simply by adding a Restrict Access To Page server behavior to the page. The server behavior redirects to another page any user who has not successfully logged in.

If you do plan to use authorization levels, you can protect any page on your site with the following building blocks:

A Restrict Access To Page server behavior to redirect unauthorized users to another page
An extra column in your users database table to store each user’s access privileges
Regardless of whether you use authorization levels, you can add a link to the protected page that lets a user log out and clears any session variables.

To prevent unauthorized users from accessing a page, add a Restrict Access To Page server behavior to it. The server behavior redirects the user to another page if the user attempts to bypass the login page by typing the protected page’s URL in a browser, or if the user is logged in but attempts to access the protected page without the proper access privileges.

Note:

The Restrict Access To Page server behavior can only protect HTML pages. It does not protect other site resources such as image files and audio files.

If you want to give many pages on your site the same access rights, you can copy and paste access rights from one page to another.

Open the page you want to protect.

In the Server Behaviors panel (Window > Server Behaviors), click the Plus (+) button and select User Authentication > Restrict Access To Page from the pop‑up menu.

Select the level of access for the page. To allow only users with certain access privileges to view the page, select the Username, Password, and Access Level option and specify the authorization levels for the page.

For example, you can specify that only users with Administrator privileges can view the page by selecting Administrator in the authorization levels list.

To add authorization levels to the list, click Define. In the Define Access Levels list that appears, enter a new authorization level, and click the Plus (+) button. The new authorization level is stored for use with other pages.

Ensure that the string for the authorization level matches exactly the string stored in your user database. For example, if the authorization column in your database contains the value “Administrator”, enter Administrator, not Admin, in the Name box.

To set more than one authorization level for a page, Control‑click (Windows) or Command-click (Macintosh) the levels in the list.

For example, you can specify that any user with Guest, Member, or Administrator privileges can view the page.

Specify the page to open if an unauthorized user attempts to open the protected page.

Ensure that the page you choose is not protected.

Click OK.

Open the protected page and select the Restrict Access To Page server behavior listed in the Server Behaviors panel (not the one in the Plus (+) pop‑up menu).

Click the arrow button in the upper-right corner of the panel, and select Copy from the pop‑up menu.

The Restrict Access To Page server behavior is copied to your system’s Clipboard.

Open another page you want to protect in the same way.

In the Server Behaviors panel (Window > Server Behaviors), click the arrow button in the upper-right corner, and select Paste from the pop‑up menu.

Repeat steps 3 and 4 for each page you want to protect.

This building block is required only if you want certain logged-in users to have different access privileges. If you simply require users to log in, you don’t have to store access privileges.

To provide certain logged-in users with different access privileges, make sure your database table of users contains a column specifying each user’s access privileges (Guest, User, Administrator, and so on). The access privileges of each user should be entered in the database by the site administrator.

In most database applications, you can set a column to a default value each time a new record is created. Set the default value to the most common access privilege on your site (for example, Guest); then manually change the exceptions (for example, changing Guest to Administrator). The user now has access to all administrator pages.

Make sure each user in the database has a single access privilege, such as Guest or Administrator, not multiple privileges like User, Administrator. To set multiple access privileges for your pages (for example, all guests and administrators can see this page), set those privileges at the page level, not the database level.

When a user logs in successfully, a session variable is created that consists of the user name. When the user leaves your site, you can use the Log Out User server behavior to clear the session variable and redirect the user to another page (usually a goodbye or thank you page).

You can invoke the Log Out User server behavior when the user clicks a link or when a specific page loads.

Select text or an image on a page to serve as the link.

In the Server Behaviors panel (Window > Behaviors), click the Plus (+) button and select User Authentication > Log Out User.

Specify a page to open when the user clicks the link, and click OK.

The page is usually a goodbye or thank you page.

Open the page that will load in Dreamweaver.

The page is usually a goodbye or thank you page.

In the Server Behaviors panel, click the Plus (+) button and select User Authentication > Log Out User.

Select the Log Out When Page Loads option, and click OK.

Twitter™ and Facebook posts are not covered under the terms of Creative Commons.

Legal Notices | Online Privacy Policy

Build a page that only authorized users can access

About protected pages

Redirect unauthorized users

Redirect unauthorized users to another page

Copy and paste a page’s access rights to other pages on the site

Store access privileges in the user database

Log out users

Add a link to let users log out

Log out users when a specific page loads

Ask the Community

Contact Us