Re: The Form authentication trick
This WebDNA talk-list message is from 2000
It keeps the original formatting.
numero = 35412
interpreted = N
texte = Kenneth Grome wrote:> I tried it. Here's what happens when no previous username/password> values have been cached by the browser:> > 1- If I enter an invalid username/password, I get the browser's> authentication failed, try again dialog box. I have a easy solution for this, see below. > 2- If I enter a valid username/password, it works -- or it fails.I implemented a solution for this, see below. > 3- the visitor can never switch from one username/password value> to another -- instead he is always stuck with the FIRST valid values> enters, until he quits the browser.I have a solution for this too, see below. > Now, if you guys can come up with a solution to all of the problems I> have described here, then maybe I will consider this as a reasonable> solution for avoiding the browsers standard authentication system.I do have solution to all those problem, you will try those in a minute! Of course my 4 step explanation is the basic principle of the trick and there is a few additional things to write to handle all the situations. The solution to problem 1 and 2 is to rewrite some of the MultiGroupChecker to check if username/login is part of the users DB before going to the authentication procedure trick.The solution to problem 3 - which is the only real shortcoming, but COMMON TO REGULAR UGLY DIALOG AUTHENTICATION- which is only a problem for schizophrenic people as I have a security system which assign multiple users level to an account in place of assigning multiple user account with different level access to a user. The solution are: - quit your browser session before switching personality - use logout button that send the user to a page protected (on the same domain) to another group, which 'reset' his username/password settings. Then Login again. I have implemented solutions to all your aboves problems using WebCat on my intranet webapp. As a demo worth a thousand page of bullshit, I have setup a temporary demo page (screwing my intranet for a day) and you can try online today. Have a look : 1) try accessing this 'protected' website:http://demo.teamorganizer.net (you will get the ugly authentication dialog)or this specific 'protected page': http://demo.teamorganizer.net/test.tpl (this is a basic protected page for this demo)2) now go to http://www.teamorganizer.net try any login/password ... still no ugly authentication, if you enter a wrong login/password, i send you back to home (I could also write a nice error page, but I'm lazy today)3) now login on http://www.teamorganizer.net using those login/password: mylogin/mypasswordGreat! it worked! Try also http://demo.teamorganizer.net/test.tpl (it could be any protected page in fact). You can try this with all netscape/explorer version, to your heart content. I will delete that demo (as I had to remove all the menu options as this is normally my Intranet website) tomorrow. Enjoy! Brice--Brice Le Blevennec, Digerati, ListDad,
Ex Machina Interactive Architects S.A., Ex Nihilo Uno S.A. &Ex Machina Graphic Design S.P.R.L. Ex Machina Television SPRL NetBusiness S.A. ContactOffice Arkaos S.A. X-Pose 2.0 & Visualizer -------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/
Associated Messages, from the most recent to the oldest:
Kenneth Grome wrote:> I tried it. Here's what happens when no previous username/password> values have been cached by the browser:> > 1- If I enter an invalid username/password, I get the browser's> authentication failed, try again dialog box. I have a easy solution for this, see below. > 2- If I enter a valid username/password, it works -- or it fails.I implemented a solution for this, see below. > 3- the visitor can never switch from one username/password value> to another -- instead he is always stuck with the FIRST valid values> enters, until he quits the browser.I have a solution for this too, see below. > Now, if you guys can come up with a solution to all of the problems I> have described here, then maybe I will consider this as a reasonable> solution for avoiding the browsers standard authentication system.I do have solution to all those problem, you will try those in a minute! Of course my 4 step explanation is the basic principle of the trick and there is a few additional things to write to handle all the situations. The solution to problem 1 and 2 is to rewrite some of the MultiGroupChecker to check if username/login is part of the users DB before going to the authentication procedure trick.The solution to problem 3 - which is the only real shortcoming, but COMMON TO REGULAR UGLY DIALOG AUTHENTICATION- which is only a problem for schizophrenic people as I have a security system which assign multiple users level to an account in place of assigning multiple user account with different level access to a user. The solution are: - quit your browser session before switching personality - use logout button that send the user to a page protected (on the same domain) to another group, which 'reset' his username/password settings. Then Login again. I have implemented solutions to all your aboves problems using WebCat on my intranet webapp. As a demo worth a thousand page of bullshit, I have setup a temporary demo page (screwing my intranet for a day) and you can try online today. Have a look : 1) try accessing this 'protected' website:http://demo.teamorganizer.net (you will get the ugly authentication dialog)or this specific 'protected page': http://demo.teamorganizer.net/test.tpl (this is a basic protected page for this demo)2) now go to http://www.teamorganizer.net try any login/password ... still no ugly authentication, if you enter a wrong login/password, i send you back to home (I could also write a nice error page, but I'm lazy today)3) now login on http://www.teamorganizer.net using those login/password: mylogin/mypasswordGreat! it worked! Try also http://demo.teamorganizer.net/test.tpl (it could be any protected page in fact). You can try this with all netscape/explorer version, to your heart content. I will delete that demo (as I had to remove all the menu options as this is normally my Intranet website) tomorrow. Enjoy! Brice--Brice Le Blevennec, Digerati, ListDad, Ex Machina Interactive Architects S.A., Ex Nihilo Uno S.A. &Ex Machina Graphic Design S.P.R.L. Ex Machina Television SPRL NetBusiness S.A. ContactOffice Arkaos S.A. X-Pose 2.0 & Visualizer -------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/
Brice Le Blevennec
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
Listfiles path bug ... (2005)
[WebDNA] FileUpload (2014)
Cart questions (1997)
Database Term [brainfart] (2003)
Loops and [index] (1998)
RE: new cart IDs being assigned somehow (1997)
Problems with cybercash (2000)
Problems with dbcatalog.exe (1997)
Special delete ... (1997)
Cookie based session management Q (2002)
This list needs a digest: rant, rave... (1997)
Country & Ship-to address & other fields ? (1997)
search question (2001)
Error 11 (1996)
For those of you not on the WebCatalog Beta... (1997)
Bulk Email >>>>Any ideas? (2001)
Order not created error (1997)
[OT] Mac OSX and SSH Telnet (2000)
What about the fixes that were promised for 5.2 ? (2004)
syntax question, not in online refernce (1997)