main.htm

<html>

<body>

<form action="login.asp" method="Post">

<input type="text" name="username" size="20"> 账号<br>

<input type="password" name="password" size="20"> 密码<br>

<input type="submit" value="进入">

</form>

</body></html>

login.asp

<%@Language=VBScript%>

<%Response.Buffer = True%>

<html>

<body>

<%

UserName = Request.Form("username")

Password = Request.Form("password")

Set MyConn=Server.CreateObject("ADODB.Connection")

MyConn.Open "Provider={Microsoft Access Driver (*.mdb)};

DBQ=D:\suifengqiwu\databases\test.mdb"

SQL = "Select * From tblLogin"

Set RS = MyConn.Execute(SQL)

If UserName = RS("UserName") And Password = RS("Password") Then

  Session("allow") = True

< !-----连接保护的页面------->

Else

  Response.Redirect "main.asp"

  RS.Close

  MyConn.Close

  Set RS = Nothing

  Set MyConn = Nothing

End If

%>

</body></html>

    做好了上面两个程序，再完善一下外围：把global.asa中的Session_Onstart加上 Session("allow") = False 语句，再在要保护的网页中加入下面的语句：

<% @Language=VBScript %>

<% Response.Buffer = True %>

<% If session("allow") = False Then Response.Redirect "main.asp" %>

[1]