Re: The Form authentication trick

This WebDNA talk-list message is from

2000


It keeps the original formatting.
numero = 35434
interpreted = N
texte = Kalin,yes for the purposes of this 'trick', [authenticate] works as well.when you say it worked the first time and after that.... do you mean that when using NN, you can't *change* NN's cached username/password values from one set to another? If so then yes, this does seem to be the biggest drawback (but no worse than using the standard ugly-dialog method). Brice said he is getting around that by having the user 'logout' which actually goes to another page protected to another group (or authenticated to another group). What does he mean? I am not sure. He said-The solution are: - quit your browser session before switching personality [or] - use logout button that send the user to a page protected (on the same domain) to another group, which 'reset' his username/password settings. Then Login again. I think he means have the user go to a page which will show the [protect] or [authenticate] if username/password are not *blank* (null values)... which resets the username/password values in NN cache back to as if fresh from launch (after the user enters *nothing* in the ugly dialogue box and proceeds). If not that, then I do not understand what he means, and would love to hear a more elaborate explanation. It would be nice if Brice would jump in to explain... Or when you said it worked the first time and after that.... did you mean that even if you *quit* NN and relaunch then it will not let you in even once? If so, then that is truely baffling. If so, then what it is that you and Ken have in common that Brice and I don't?I use the following (which *always* works to login after quitting and relaunching NN): browser=G3 MacOS 9.04, NN 4.7 server = Linux/intel , Webcat 3.08-JohnKalin Mintchev wrote:> hi Brice: > > 4) on protected.tpl (and others pages) > use the usual [protect groupname] tag > > this says [protect groupname]. can this work with [authenticate] too? > i saw and tryed the demo it works for me. > the thing is i'm trying it (the idea you posted in The Form > authentication trick) with the [authenticate] tag and i get the same > results described by Kenneth Grome. it worked the first time and after > that.... > it seems everything works fine untill the browser gets to that login2.tpl > is there something else i'm missing?. > this is what i do: > page #1: > form with input names password and username, action=logon1.html. > page #2: logon1.html > [showif NotFound=[lookup > db=/db/db.db&lookinField=user&value=[username]&returnField=user¬Found=NotFound]] > [redirect page1.html] > [/showif] > [showif [password]![lookup > db=/db/db.db&lookinField=user&value=[username]&returnField=pass¬Found=NotFound]] > [redirect page1.html] > [/showif] > [search > db=/db/db.db&groupsword=ww&wogroupsdatarq=[groups]&equserdatarq=[username]&eqpassdatarq=[password]] > [showif [numFound]=0] > [redirect page1.html] > [/showif] > [/search] > [redirect > http://[encrypt][username]:[password][/encrypt]@www.mysite.com/login2.html] > > page #3: logon2.html > in the header: > HTTP-EQUIV=REFRESH CONTENT=0;URL=http://www.mysite/protected.html> > the protected page has this in it: > [showif NotFound=[lookup > db=/db/db.db&lookinField=user&value=[username]&returnField=user¬Found=NotFound]] > [authenticate Unauthorized User] > [/showif] > [showif [password]![lookup > db=/db/db.db&lookinField=user&value=[username]&returnField=pass¬Found=NotFound]] > [authenticate Unauthorized User] > [/showif] > [search > db=/db/db.db&groupsword=ww&wogroupsdatarq=[groups]&equserdatarq=[username]&eqpassdatarq=[password]] > [showif [numFound]=0] > [authenticate Unauthorized User] > [/showif] > [/search] > > so when i put real username and passwrd in page1.html i reach login2.html > and then the ugly dialog box shows up. > it never shows me the protected.html. > if i enter the password and username again there everything is ok > > any comment will be helpful. > thanks. ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: The Form authentication trick (John Butler 2000)
  2. Re: The Form authentication trick (Kenneth Grome 2000)
  3. Re: The Form authentication trick (John Butler 2000)
  4. Re: The Form authentication trick (Glenn Busbin 2000)
  5. Re: The Form authentication trick (Kalin Mintchev 2000)
  6. Re: The Form authentication trick (ShrPAUL1@aol.com 2000)
  7. Re: The Form authentication trick (Kalin Mintchev 2000)
  8. Re: The Form authentication trick (John Butler 2000)
  9. Re: The Form authentication trick (Kalin Mintchev 2000)
  10. Re: The Form authentication trick (Kalin Mintchev 2000)
  11. Re: The Form authentication trick (Webcat 2000)
  12. Re: The Form authentication trick (John Butler 2000)
  13. Re: The Form authentication trick (Kalin Mintchev 2000)
  14. Re: The Form authentication trick (Kalin Mintchev 2000)
  15. Re: The Form authentication trick (Kalin Mintchev 2000)
  16. Re: The Form authentication trick (John Butler 2000)
  17. Re: The Form authentication trick (Kalin Mintchev 2000)
  18. Re: The Form authentication trick (John Butler 2000)
  19. Re: The Form authentication trick (Kalin Mintchev 2000)
  20. Re: The Form authentication trick (John Peacock 2000)
  21. Re: The Form authentication trick (Bob Minor 2000)
  22. Re: The Form authentication trick (John Butler 2000)
  23. Re: The Form authentication trick (Kalin Mintchev 2000)
  24. Re: The Form authentication trick (Brice Le Blevennec 2000)
  25. Re: The Form authentication trick (John Butler 2000)
  26. Re: The Form authentication trick (Kenneth Grome 2000)
  27. Re: The Form authentication trick (John Butler 2000)
  28. Re: The Form authentication trick (Kenneth Grome 2000)
  29. Re: The Form authentication trick (John Butler 2000)
  30. The Form authentication trick (Brice Le Blevennec 2000)
Kalin,yes for the purposes of this 'trick', [authenticate] works as well.when you say it worked the first time and after that.... do you mean that when using NN, you can't *change* NN's cached username/password values from one set to another? If so then yes, this does seem to be the biggest drawback (but no worse than using the standard ugly-dialog method). Brice said he is getting around that by having the user 'logout' which actually goes to another page protected to another group (or authenticated to another group). What does he mean? I am not sure. He said-The solution are: - quit your browser session before switching personality [or] - use logout button that send the user to a page protected (on the same domain) to another group, which 'reset' his username/password settings. Then Login again. I think he means have the user go to a page which will show the [protect] or [authenticate] if username/password are not *blank* (null values)... which resets the username/password values in NN cache back to as if fresh from launch (after the user enters *nothing* in the ugly dialogue box and proceeds). If not that, then I do not understand what he means, and would love to hear a more elaborate explanation. It would be nice if Brice would jump in to explain... Or when you said it worked the first time and after that.... did you mean that even if you *quit* NN and relaunch then it will not let you in even once? If so, then that is truely baffling. If so, then what it is that you and Ken have in common that Brice and I don't?I use the following (which *always* works to login after quitting and relaunching NN): browser=G3 MacOS 9.04, NN 4.7 server = Linux/intel , Webcat 3.08-JohnKalin Mintchev wrote:> hi Brice: > > 4) on protected.tpl (and others pages) > use the usual [protect groupname] tag > > this says [protect groupname]. can this work with [authenticate] too? > i saw and tryed the demo it works for me. > the thing is i'm trying it (the idea you posted in The Form > authentication trick) with the [authenticate] tag and i get the same > results described by Kenneth Grome. it worked the first time and after > that.... > it seems everything works fine untill the browser gets to that login2.tpl > is there something else i'm missing?. > this is what i do: > page #1: > form with input names password and username, action=logon1.html. > page #2: logon1.html > [showif NotFound=[lookup > db=/db/db.db&lookinField=user&value=[username]&returnField=user¬Found=NotFound]] > [redirect page1.html] > [/showif] > [showif [password]![lookup > db=/db/db.db&lookinField=user&value=[username]&returnField=pass¬Found=NotFound]] > [redirect page1.html] > [/showif] > [search > db=/db/db.db&groupsword=ww&wogroupsdatarq=[groups]&equserdatarq=[username]&eqpassdatarq=[password]] > [showif [numFound]=0] > [redirect page1.html] > [/showif] > [/search] > [redirect > http://[encrypt][username]:[password][/encrypt]@www.mysite.com/login2.html] > > page #3: logon2.html > in the header: > HTTP-EQUIV=REFRESH CONTENT=0;URL=http://www.mysite/protected.html> > the protected page has this in it: > [showif NotFound=[lookup > db=/db/db.db&lookinField=user&value=[username]&returnField=user¬Found=NotFound]] > [authenticate Unauthorized User] > [/showif] > [showif [password]![lookup > db=/db/db.db&lookinField=user&value=[username]&returnField=pass¬Found=NotFound]] > [authenticate Unauthorized User] > [/showif] > [search > db=/db/db.db&groupsword=ww&wogroupsdatarq=[groups]&equserdatarq=[username]&eqpassdatarq=[password]] > [showif [numFound]=0] > [authenticate Unauthorized User] > [/showif] > [/search] > > so when i put real username and passwrd in page1.html i reach login2.html > and then the ugly dialog box shows up. > it never shows me the protected.html. > if i enter the password and username again there everything is ok > > any comment will be helpful. > thanks. ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/ John Butler

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Email within tmpl ? (1997) Webmessage Hyperboard (1998) Date search - yes or no (1997) Re(2): grep matching (2003) Processing all html files through WebCat or Typhoon (1998) Server crash (1997) Exclamation point (1997) eCommerce Idea Patented? (2002) Mac Lockup Problems (1998) Size limit for tmpl editor ? (1997) Forms Search Questions (1997) WebCatalog vs. Cold Fusion (1998) Summarizing on two fields (1998) Wierd thing in ViewOrder.tpl (1999) select multiple (1997) Search Engine questions ... (2002) Using Plug-In while running 1.6.1 (1997) Danger of [newcart] (1999) WebCatalog for guestbook ? (1997) date (1998)