Re: The Form authentication trick

This WebDNA talk-list message is from

2000


It keeps the original formatting.
numero = 35412
interpreted = N
texte = Kenneth Grome wrote:> I tried it. Here's what happens when no previous username/password > values have been cached by the browser: > > 1- If I enter an invalid username/password, I get the browser's > authentication failed, try again dialog box. I have a easy solution for this, see below. > 2- If I enter a valid username/password, it works -- or it fails.I implemented a solution for this, see below. > 3- the visitor can never switch from one username/password value > to another -- instead he is always stuck with the FIRST valid values > enters, until he quits the browser.I have a solution for this too, see below. > Now, if you guys can come up with a solution to all of the problems I > have described here, then maybe I will consider this as a reasonable > solution for avoiding the browsers standard authentication system.I do have solution to all those problem, you will try those in a minute! Of course my 4 step explanation is the basic principle of the trick and there is a few additional things to write to handle all the situations. The solution to problem 1 and 2 is to rewrite some of the MultiGroupChecker to check if username/login is part of the users DB before going to the authentication procedure trick.The solution to problem 3 - which is the only real shortcoming, but COMMON TO REGULAR UGLY DIALOG AUTHENTICATION - which is only a problem for schizophrenic people as I have a security system which assign multiple users level to an account in place of assigning multiple user account with different level access to a user. The solution are: - quit your browser session before switching personality - use logout button that send the user to a page protected (on the same domain) to another group, which 'reset' his username/password settings. Then Login again. I have implemented solutions to all your aboves problems using WebCat on my intranet webapp. As a demo worth a thousand page of bullshit, I have setup a temporary demo page (screwing my intranet for a day) and you can try online today. Have a look : 1) try accessing this 'protected' website: http://demo.teamorganizer.net (you will get the ugly authentication dialog) or this specific 'protected page': http://demo.teamorganizer.net/test.tpl (this is a basic protected page for this demo)2) now go to http://www.teamorganizer.net try any login/password ... still no ugly authentication, if you enter a wrong login/password, i send you back to home (I could also write a nice error page, but I'm lazy today)3) now login on http://www.teamorganizer.net using those login/password: mylogin/mypassword Great! it worked! Try also http://demo.teamorganizer.net/test.tpl (it could be any protected page in fact). You can try this with all netscape/explorer version, to your heart content. I will delete that demo (as I had to remove all the menu options as this is normally my Intranet website) tomorrow. Enjoy! Brice -- Brice Le Blevennec, Digerati, ListDad, Ex Machina Interactive Architects S.A., Ex Nihilo Uno S.A. & Ex Machina Graphic Design S.P.R.L. Ex Machina Television SPRL NetBusiness S.A. ContactOffice Arkaos S.A. X-Pose 2.0 & Visualizer ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: The Form authentication trick (John Butler 2000)
  2. Re: The Form authentication trick (Kenneth Grome 2000)
  3. Re: The Form authentication trick (John Butler 2000)
  4. Re: The Form authentication trick (Glenn Busbin 2000)
  5. Re: The Form authentication trick (Kalin Mintchev 2000)
  6. Re: The Form authentication trick (ShrPAUL1@aol.com 2000)
  7. Re: The Form authentication trick (Kalin Mintchev 2000)
  8. Re: The Form authentication trick (John Butler 2000)
  9. Re: The Form authentication trick (Kalin Mintchev 2000)
  10. Re: The Form authentication trick (Kalin Mintchev 2000)
  11. Re: The Form authentication trick (Webcat 2000)
  12. Re: The Form authentication trick (John Butler 2000)
  13. Re: The Form authentication trick (Kalin Mintchev 2000)
  14. Re: The Form authentication trick (Kalin Mintchev 2000)
  15. Re: The Form authentication trick (Kalin Mintchev 2000)
  16. Re: The Form authentication trick (John Butler 2000)
  17. Re: The Form authentication trick (Kalin Mintchev 2000)
  18. Re: The Form authentication trick (John Butler 2000)
  19. Re: The Form authentication trick (Kalin Mintchev 2000)
  20. Re: The Form authentication trick (John Peacock 2000)
  21. Re: The Form authentication trick (Bob Minor 2000)
  22. Re: The Form authentication trick (John Butler 2000)
  23. Re: The Form authentication trick (Kalin Mintchev 2000)
  24. Re: The Form authentication trick (Brice Le Blevennec 2000)
  25. Re: The Form authentication trick (John Butler 2000)
  26. Re: The Form authentication trick (Kenneth Grome 2000)
  27. Re: The Form authentication trick (John Butler 2000)
  28. Re: The Form authentication trick (Kenneth Grome 2000)
  29. Re: The Form authentication trick (John Butler 2000)
  30. The Form authentication trick (Brice Le Blevennec 2000)
Kenneth Grome wrote:> I tried it. Here's what happens when no previous username/password > values have been cached by the browser: > > 1- If I enter an invalid username/password, I get the browser's > authentication failed, try again dialog box. I have a easy solution for this, see below. > 2- If I enter a valid username/password, it works -- or it fails.I implemented a solution for this, see below. > 3- the visitor can never switch from one username/password value > to another -- instead he is always stuck with the FIRST valid values > enters, until he quits the browser.I have a solution for this too, see below. > Now, if you guys can come up with a solution to all of the problems I > have described here, then maybe I will consider this as a reasonable > solution for avoiding the browsers standard authentication system.I do have solution to all those problem, you will try those in a minute! Of course my 4 step explanation is the basic principle of the trick and there is a few additional things to write to handle all the situations. The solution to problem 1 and 2 is to rewrite some of the MultiGroupChecker to check if username/login is part of the users DB before going to the authentication procedure trick.The solution to problem 3 - which is the only real shortcoming, but COMMON TO REGULAR UGLY DIALOG AUTHENTICATION - which is only a problem for schizophrenic people as I have a security system which assign multiple users level to an account in place of assigning multiple user account with different level access to a user. The solution are: - quit your browser session before switching personality - use logout button that send the user to a page protected (on the same domain) to another group, which 'reset' his username/password settings. Then Login again. I have implemented solutions to all your aboves problems using WebCat on my intranet webapp. As a demo worth a thousand page of bullshit, I have setup a temporary demo page (screwing my intranet for a day) and you can try online today. Have a look : 1) try accessing this 'protected' website: http://demo.teamorganizer.net (you will get the ugly authentication dialog) or this specific 'protected page': http://demo.teamorganizer.net/test.tpl (this is a basic protected page for this demo)2) now go to http://www.teamorganizer.net try any login/password ... still no ugly authentication, if you enter a wrong login/password, i send you back to home (I could also write a nice error page, but I'm lazy today)3) now login on http://www.teamorganizer.net using those login/password: mylogin/mypassword Great! it worked! Try also http://demo.teamorganizer.net/test.tpl (it could be any protected page in fact). You can try this with all netscape/explorer version, to your heart content. I will delete that demo (as I had to remove all the menu options as this is normally my Intranet website) tomorrow. Enjoy! Brice -- Brice Le Blevennec, Digerati, ListDad, Ex Machina Interactive Architects S.A., Ex Nihilo Uno S.A. & Ex Machina Graphic Design S.P.R.L. Ex Machina Television SPRL NetBusiness S.A. ContactOffice Arkaos S.A. X-Pose 2.0 & Visualizer ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/ Brice Le Blevennec

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

empty shopping cart message (1997) Platform Switch (1997) [FoundItems] solved - thanks (1997) Alternating colors (1997) Stymied by [ShowNext] with drop down list on a form (1998) Botched cart numbers in webmerchant 2.1x email with webcat 3 (1998) [OT] javascript field validation with encoded forms (2004) Can't Search field (1998) [WebDNA] Timestamp Converter (2015) WebDNA Max Proc Usage and httpd processor build up (2008) SQL (2004) [ListFiles] & [loop] (1998) WebCat2b12 CGI Mac - [shownext] problem (1997) Security hole in WebCat? (1999) Calculating multiple shipping... (1997) OK, here goes... (1997) Execute Applescript (1997) Time/date formatting %X doesn't work ... (1997) RequiredFields template (1997) using showpage and showcart commands (1996)