by NT user groups in an intranet environmentthis chapter focuses on simple form-based and script-based authentication. If you're working in the ASP, ColdFusion, or PHP server models, Dreamweaver has a solution for securing the Dorknozzle site in its User Authentication suite of server behaviors. NOTE Out-of-the-box, Dreamweaver includes a suite of server behaviors for authenticating users under the ASP, ColdFusion, and PHP server models only. If you're using ASP.NET, you'll have to purchase third-party extensions from the Macromedia Exchange if you don't want to do everything by hand. The second half of this chapter walks you through the process of working with forms authentication, writing the code by hand.   In combination with some simple coding techniques, this chapter enables you to accomplish the following tasks using these server behaviors: Log in users Restrict users based on username, password, and access level Log out users Create custom error messages Check for duplicate usernames Creating a Login Page The first step to securing any web application is to create a login page for your users. There'd be no point in creating an admin page, for instance, if just anyone could use it. Ideally what you want is an application that allows your users to register and navigate through the site based on access rights that you specify. What benefit does this provide? Assume that you would want everyone to come to your site and purchase items without the tedious task of becoming a registered user. The question becomes whether your users are repeat customers. If they are, they might have to type their personal information more than once, essentially ending up with more work than registering once the first time around. Another benefit of registering your users is that you can store all your users' shipping/billing information, giving them a streamlined experience as they purchase items. As a developer, you might want to generate emails to your registered users, alerting them of specials and bargains. There are many benefits and reasons for maintaining a list of registered users. For the most part however, the process is relatively straightforward. The user registers on your site. After they are registered, you will want them to access the site through a secure location, typically through a login page. You've seen login pages before; eBay, for instance, asks you to log in to its site before you bid on an item. You can see the correlation if you wanted to actually purchase something. How would the application know which shopping cart to place the item into? A login page enables you not only to maintain a list of registered users, but to create sessions (discussed later) for the users' experience while they're on your site. That way, if a customer wants to purchase something, that item is stored within the logged-in user's cart. You can create a login page for the Dorknozzle site by following these steps: 1. Create a new page by selecting File, New. Choose the Templates tab, select the template titled Login from the defined site, and click Create. NOTE Throughout the book, we've been working with the template titled template. The problem with using that template is that it contains the navigation menu. A user logging in for the first time shouldn't be able to see that menu until they've logged in. Because the Login template has the navigation menu completely removed, it's the perfect alternative for the Login page. 2. Select the text Content Goes Here from the Content editable region and delete it.