wwProcess::Authenticate

Authenticates a user based on the Authentication method specified in the cAuthentionMode. The method handles the entire Web process of Authentication and tracking a user via a Session (with an HTTP Cookie). Authentication modes supported are Basic, UserSecurity or . UserSecurity uses the wwUserSecurity class for authentication. Custom requires overriding the OnAuthenticateUser method which allows a custom authentication business process. The default is Basic which uses HTTP Basic Authentication.

The Authenticate method provides a comprehensive authentication hook to a Web Connection request and check for authentication easily from within your code. It allows using Basic Auth, the UserSecurity class, or a custom implementation based on username and password for authentication. This method is always accessible with Process.Authenticate() or alternately in Web Page code as THIS.Authenticate() (ie. on the wwWebPage class) which simply forwards to Process.Authenticate.

If Authentication succeeds the Process.cAuthenticatedUser property is set which you can check for the username that is authenticated in your code.

Basic Authentication

With Basic Auth all you need to provide is the authentication directive/user name. Call Authenticate with a parameter of ANY or WCINI or a username list (comma delimited) to authenticate for that specific user. Leave blank and authentication will always succeed - no authentication occurs. Basic Authentication works against Windows User Accounts and is managed by the Web Server itself.

The request fires and if not authenticates pops up a Windows Authentication box. You put in your username a

UserSecurity Authentication

This mechanism provides more control and uses a FoxPro class and a FoxPro table (by default) to authenticate users. You can optionally specify which class is used (must follow the wwUserSecurity interface or inherit from it) to authenticate, which allows overriding default behavior and operation of the class. The default mechanism looks up user info in a FoxPro table.

When authentication succeeds you can check the cAuthenticatedUser property which returns the user's login name. You can also access the oUserSecurity property to get full access to the currently selected user (Process.oUserSecurity.oUser) but note that this requires a database lookup which otherwise is performed only when logging in.

User Security Authentication stores authentication info in Session Variable which also means that Cookies must be enabled for this feature to work.

Custom Authentication

Works the same as UserSecurity except that you can override the OnAuthenticateUser() method of the wwProcess class. This method receives username and password and an out error message parameter. You can then implement your own business logic to authenticate the user based on these simple values.

o.Authenticate(lcUserName,lcErrorMessage,llNoForcedLogin)

Parameters

lcUserName
User Values

  • ANY - any user
  • WCINI - setting from wc.ini Admin User Setting
  • user1 - single user
  • group1 - single group
  • user1,user2,group1 - list of users & groups
  • blank string - Everybody gets in - not recommended!

Special Values

  • LOGOUT - Logs out the user
  • LOGIN - Shows the generic Login form

Logout You can also pass a parameter of Logout with UserSecurity logins which forces the request to remove the authentication value stored in the session object.

lcErrorMessage HTML Error message displayed when authentication fails as a string.

llNoForcedLogin If .T. only checks for a login but doesn't actually try to log the user in. This can be useful for allow admin logins on one page that can be checked for in other non-Admin pages.

Example

*** In the class header
cAuthenticationMode = "UserSecurity"

*** Global Authentication

FUNCTION OnLoad()

IF !Process.Authenticate("ANY")
   RETURN
ENDIF

this.lblMessage.Text = Process.cAuthenticatedUser + " " + ;
                       Process.oUserSecurity.oUser.Fullname
ENDFUNC

*** Method level Authentication
FUNCTION TestFunction

IF !THIS.Authenticate("ANY")
   RETURN
ENDIF

this.StandardPage("You've Authenticated as " + this.cAuthenticatedUser)

ENDFUNC



*** In the class header
cAuthenticationMode = "Basic"

FUNCTION TestFunction

IF !THIS.Authenticate("WCINI")
   RETURN
ENDIF

this.StandardPage("You've Authenticated as " + this.cAuthenticatedUser)
ENDFUNC

See also:

Class wwProcess

© West Wind Technologies, 1996-2018 • Updated: 02/20/16
Comment or report problem with topic