wwRequest::GetAuthenticatedUser

Returns the name of a user if he has been authenticated by the Web server. This variable gets set and stays set once a user has entered a valid username into the browser dialog box when prompted. The username is valid for a given Web server path and down and once set cannot be unset until the browser is shut down or another authentication request is made for the same user.

This method can check both Basic and Windows Auth values either seperately or combined.

o.getauthenticateduser(lnMode)

Return Value

String of the logged in user name, or blank if not logged in.

Parameters

lnMode
Optional - Determines what type of username to check for.

0 - Basic Auth then Windows Auth
1 - Basic Auth
2 - Windows Auth

Remarks

In order for an authentication request to succeed on the server Basic Authentication must be enabled on the server.

Note: Basic Authentication is a non-secure protocol that sits on top of HTTP. Passwords are passed as clear text (although encoded with a simple, easily breakable hash algorithm) and can be easily hijacked with a network sniffer. If you're worried about security make sure that your authentication request runs over SSL/HTTPS - when you do the entire request info is encrypted.

Also, check out the wwProcess::Login method which abstracts the login and authentication process into a single easy to use method.

Example

lcUserName=Request.GetAuthenticatedUser()
   
*** Did the user Authenticate
IF EMPTY(lcUserName)
   *** Send Password Dialog - on success this request will be rerun
   *** AFter 3 failures an error message will be displayed.
   THIS.oResponse.Authenticate(Request.GetServername())
   RETURN .T.
ENDIF

See also:

Class wwrequest | wwProcess::Authenticate

© West Wind Technologies, 1996-2019 • Updated: 01/07/08
Comment or report problem with topic