Simplest ways to lock my admin page

Question

I have a simple web application that I've deployed to Microsoft Azure.

User.aspx
Admin.aspx

I am going to be the only admin so I don't want to put in authorization system if I don't have to. What are some simple ways to lock down my admin page so I can be the only admin and not have to login? Just looking to "keep honest people honest" kinda thing.

score 1 · Answer 1 · answered Apr 29 '17 at 21:00

Best solution would be not to publish the admin page to a public server. If possible, run a local instance instead which connects to the database.

Otherwise you can think of some possible (not the best) options, which you can also combine:

set some sort of identification in the url: Admin.aspx?user=admin&pwd=admin123&uniquecode=has4d2ehfw545fg

If any parameter is omitted then redirect to user.aspx.

in the Admin.aspx webform, add an extra input field containing some sort of (changing) information which the server can verify.
filter on IP address.

score 0 · Answer 2 · edited May 23 '17 at 12:10

0

Do a redirect based on client's IP address.

In the admin.aspx Page_load event check the IP address and if not whitelisted then redirect to Users.aspx.

To get users's IP address see this question.

edited May 23 '17 at 12:10

Community

1
1

answered Apr 29 '17 at 18:31

Dávid Molnár

9,032
6
30
48

Simplest ways to lock my admin page

2 Answers2