Login-in with FM8

[stuj1026]

The new forms based login is great but we have run into a small problem.

In FMP7 when logging into IWP a box used to come up asking for lagin and password. We also had some of our databases that bypassed the login and went directly to the database logging in as a guest.

With FMP8 I cant seem to bypass the login. When clicking the database we want It will always bring me to the form based login screen where I can choose guest.

Is there a way to go directly to the database bypassing the form..

Thanks for all who could help.

Stu

[cms7912]

This may help --

You can deep-link directly to the database from another webpage. When on the IWP opening page it lists the databases. Right-click and copy the link to the database you want. Such as:

http://127.0.0.1/fmi/iwp/cgi?-db=web%20user&-startsession

Hope this helps,

CMS

[John May - Point In Space]

With FMSA8, this now only works if Guest is the only user in the database that has IWP access.

- John

[Pat Monks]

Hi Stu,

I am fighting the same problem that you describe in your post. In IWP 8 you must always face the login dialog UNLESS the Guest account is the ONLY account in the file with IWP privileges. This means that it is not possible to breeze in with a no-login Guest account and then later relogin up to a higher level account with web privileges. This is too bad because that's exactly what is needed for most sites.

I am working to solve this but I have yet to get it to work correctly. Here is my plan:

Create a separate "landing pad" file with the Guest account being the ONLY account with IWP privileges. Make your IWP custom home page simply a redirect to this file. This "landing pad" file will accept a redirected user without an ugly login dialog popping up. Opening this file triggers a script that adds or enables a new "GuestPlus" account with web privileges and then uses the Relogin script step to assume its identity. Using its "GuestPlus" credentials the script transfers into the main solution file which has a range of accounts with various web privileges including the "GuestPlus". Hopefully this all happens within a couple of seconds under script control. After wandering around the public areas of your site as an esteemed "GuestPlus" a qualifed user could enter a more secure area after typing an account name and password into the first login dialog of his visit.

In very rough terms the perform script upon opening this "landing pad" file would do this:

Enable Account [Account Name: "GuestPlus" ; Activate ] ***Add or Activate the new Account***

Re-Login [Account Name: "GuestPlus" ; Password "GuestPlus" ; Nodialog ]

Open File ["MainWebsite"]

Enable Account [Account Name: "GuestPlus" ; Deactivate ] ***Reset for next user to come along***

At present I am not smart enough to actually make this work and I am not so young anymore and can't learn real fast. If you or someone with more smarts than I is able to mock up working files I would appreciate a post knowing how you got it to work.

Thanks for pondering this.

Pat Monks

Seattle, WA

206 343-0942

[email protected]

[John May - Point In Space]

Here's another option:

Force-authenticate with guest:

then, modify your IWP home page to detect for www.yourdomain.com

(using JavaScript) and rewrite to the direct address for your

database:

You can use separate secondary domains (db1.yourdomain.com,

db2.yourdomain.com...) to detect against if you need to specify

different databases to bounce to.

However, if the forced authentication is used again though, then it

won't normally clear the session first until the browser is

restarted, and instead of properly authenticating the main domain is

just gone to instead.

So, if you use the secondary domain tip above, you can just make an

index.html page that clears the session cookie, then re-visits the

forced authentication URL. Here's how I did it in Lasso:

[cookie_set: 'http-session'='', -expires='-1', -path='/fmi/iwp']

content="0;URL=http://www.yourdomain.com/fmi/iwp/cgi?acct=guest&login=Login&-authdb">

Got it? =)

- John

[Pat Monks]

Hi John,

Thank you for your reply outlining the force-authentication approach to logging a guest into an IWP enabled file.

I am not an experienced web developer, so I did not completely understand how to make use of the force-authentication URL that you described in the beginning. Would that sit in the IWP home page as well? Could I supply that to our ISP as the routing for our domain name?

Thanks,

Pat Monks

[hony707]

informative post