Re: The Form authentication trick

This WebDNA talk-list message is from

2000


It keeps the original formatting.
numero = 35412
interpreted = N
texte = Kenneth Grome wrote:> I tried it. Here's what happens when no previous username/password > values have been cached by the browser: > > 1- If I enter an invalid username/password, I get the browser's > authentication failed, try again dialog box. I have a easy solution for this, see below. > 2- If I enter a valid username/password, it works -- or it fails.I implemented a solution for this, see below. > 3- the visitor can never switch from one username/password value > to another -- instead he is always stuck with the FIRST valid values > enters, until he quits the browser.I have a solution for this too, see below. > Now, if you guys can come up with a solution to all of the problems I > have described here, then maybe I will consider this as a reasonable > solution for avoiding the browsers standard authentication system.I do have solution to all those problem, you will try those in a minute! Of course my 4 step explanation is the basic principle of the trick and there is a few additional things to write to handle all the situations. The solution to problem 1 and 2 is to rewrite some of the MultiGroupChecker to check if username/login is part of the users DB before going to the authentication procedure trick.The solution to problem 3 - which is the only real shortcoming, but COMMON TO REGULAR UGLY DIALOG AUTHENTICATION - which is only a problem for schizophrenic people as I have a security system which assign multiple users level to an account in place of assigning multiple user account with different level access to a user. The solution are: - quit your browser session before switching personality - use logout button that send the user to a page protected (on the same domain) to another group, which 'reset' his username/password settings. Then Login again. I have implemented solutions to all your aboves problems using WebCat on my intranet webapp. As a demo worth a thousand page of bullshit, I have setup a temporary demo page (screwing my intranet for a day) and you can try online today. Have a look : 1) try accessing this 'protected' website: http://demo.teamorganizer.net (you will get the ugly authentication dialog) or this specific 'protected page': http://demo.teamorganizer.net/test.tpl (this is a basic protected page for this demo)2) now go to http://www.teamorganizer.net try any login/password ... still no ugly authentication, if you enter a wrong login/password, i send you back to home (I could also write a nice error page, but I'm lazy today)3) now login on http://www.teamorganizer.net using those login/password: mylogin/mypassword Great! it worked! Try also http://demo.teamorganizer.net/test.tpl (it could be any protected page in fact). You can try this with all netscape/explorer version, to your heart content. I will delete that demo (as I had to remove all the menu options as this is normally my Intranet website) tomorrow. Enjoy! Brice -- Brice Le Blevennec, Digerati, ListDad, Ex Machina Interactive Architects S.A., Ex Nihilo Uno S.A. & Ex Machina Graphic Design S.P.R.L. Ex Machina Television SPRL NetBusiness S.A. ContactOffice Arkaos S.A. X-Pose 2.0 & Visualizer ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: The Form authentication trick (John Butler 2000)
  2. Re: The Form authentication trick (Kenneth Grome 2000)
  3. Re: The Form authentication trick (John Butler 2000)
  4. Re: The Form authentication trick (Glenn Busbin 2000)
  5. Re: The Form authentication trick (Kalin Mintchev 2000)
  6. Re: The Form authentication trick (ShrPAUL1@aol.com 2000)
  7. Re: The Form authentication trick (Kalin Mintchev 2000)
  8. Re: The Form authentication trick (John Butler 2000)
  9. Re: The Form authentication trick (Kalin Mintchev 2000)
  10. Re: The Form authentication trick (Kalin Mintchev 2000)
  11. Re: The Form authentication trick (Webcat 2000)
  12. Re: The Form authentication trick (John Butler 2000)
  13. Re: The Form authentication trick (Kalin Mintchev 2000)
  14. Re: The Form authentication trick (Kalin Mintchev 2000)
  15. Re: The Form authentication trick (Kalin Mintchev 2000)
  16. Re: The Form authentication trick (John Butler 2000)
  17. Re: The Form authentication trick (Kalin Mintchev 2000)
  18. Re: The Form authentication trick (John Butler 2000)
  19. Re: The Form authentication trick (Kalin Mintchev 2000)
  20. Re: The Form authentication trick (John Peacock 2000)
  21. Re: The Form authentication trick (Bob Minor 2000)
  22. Re: The Form authentication trick (John Butler 2000)
  23. Re: The Form authentication trick (Kalin Mintchev 2000)
  24. Re: The Form authentication trick (Brice Le Blevennec 2000)
  25. Re: The Form authentication trick (John Butler 2000)
  26. Re: The Form authentication trick (Kenneth Grome 2000)
  27. Re: The Form authentication trick (John Butler 2000)
  28. Re: The Form authentication trick (Kenneth Grome 2000)
  29. Re: The Form authentication trick (John Butler 2000)
  30. The Form authentication trick (Brice Le Blevennec 2000)
Kenneth Grome wrote:> I tried it. Here's what happens when no previous username/password > values have been cached by the browser: > > 1- If I enter an invalid username/password, I get the browser's > authentication failed, try again dialog box. I have a easy solution for this, see below. > 2- If I enter a valid username/password, it works -- or it fails.I implemented a solution for this, see below. > 3- the visitor can never switch from one username/password value > to another -- instead he is always stuck with the FIRST valid values > enters, until he quits the browser.I have a solution for this too, see below. > Now, if you guys can come up with a solution to all of the problems I > have described here, then maybe I will consider this as a reasonable > solution for avoiding the browsers standard authentication system.I do have solution to all those problem, you will try those in a minute! Of course my 4 step explanation is the basic principle of the trick and there is a few additional things to write to handle all the situations. The solution to problem 1 and 2 is to rewrite some of the MultiGroupChecker to check if username/login is part of the users DB before going to the authentication procedure trick.The solution to problem 3 - which is the only real shortcoming, but COMMON TO REGULAR UGLY DIALOG AUTHENTICATION - which is only a problem for schizophrenic people as I have a security system which assign multiple users level to an account in place of assigning multiple user account with different level access to a user. The solution are: - quit your browser session before switching personality - use logout button that send the user to a page protected (on the same domain) to another group, which 'reset' his username/password settings. Then Login again. I have implemented solutions to all your aboves problems using WebCat on my intranet webapp. As a demo worth a thousand page of bullshit, I have setup a temporary demo page (screwing my intranet for a day) and you can try online today. Have a look : 1) try accessing this 'protected' website: http://demo.teamorganizer.net (you will get the ugly authentication dialog) or this specific 'protected page': http://demo.teamorganizer.net/test.tpl (this is a basic protected page for this demo)2) now go to http://www.teamorganizer.net try any login/password ... still no ugly authentication, if you enter a wrong login/password, i send you back to home (I could also write a nice error page, but I'm lazy today)3) now login on http://www.teamorganizer.net using those login/password: mylogin/mypassword Great! it worked! Try also http://demo.teamorganizer.net/test.tpl (it could be any protected page in fact). You can try this with all netscape/explorer version, to your heart content. I will delete that demo (as I had to remove all the menu options as this is normally my Intranet website) tomorrow. Enjoy! Brice -- Brice Le Blevennec, Digerati, ListDad, Ex Machina Interactive Architects S.A., Ex Nihilo Uno S.A. & Ex Machina Graphic Design S.P.R.L. Ex Machina Television SPRL NetBusiness S.A. ContactOffice Arkaos S.A. X-Pose 2.0 & Visualizer ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/ Brice Le Blevennec

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Database changes (1998) WebCat2b13MacPlugIn - [shownext method=post] ??? (1997) Problem (1997) Trouble with Netscape (1998) Generating unique SKU from [cart] - Still Stumped... (1997) Will webdna execute before a [redirect]? (1999) Mapping .tmpl extension on NT (1998) READFILE command? (1998) Configuring E-mail (1997) webcat and OS 8 (1997) Date search - yes or no (1997) For those of you not on the WebCatalog Beta... (1997) Web Cat not returning html? (2000) Setting up shop (1997) Setting up WebCatalog with Retail Pro data (1996) using listfiles to build a database? more (2000) OBDC Support (1997) WebCat2 beta 11 - new prefs ... (1997) did I miss anything (1997) [WebDNA] Foreign characters (2009) (2009)