Re: The Form authentication trick

This WebDNA talk-list message is from

2000


It keeps the original formatting.
numero = 35386
interpreted = N
texte = I tried it. Here's what happens when no previous username/password values have been cached by the browser:1- If I enter an invalid username/password, I get the browser's authentication failed, try again dialog box. This is bad, because the whole idea is to avoid the authentication dialog box, but it's going to come up anyways if the visitor fails to enter the proper username/password values the first time.2- If I enter a valid username/password, it works -- or it fails. This doesn't seem to make any sense, right? well, here's what happened:The first time I tried it, it *seemed* to work, sort of ... (see #3 below). But every other time I tried it since the first time today, I have not been able to get it to work again. Now it ALWAYS pops up the browser's authentication dialog box, even when a valid username and password are entered -- and even after the browser is quit and relaunched in order to insure that no values remain cached.In fact, the only way to get past the authentication dialog in this situation is to re-enter the valid username/password *again* in the dialog box, after first entering them into the form on the ligin.html page.3- Even when it actually worked the *one and only time* I managed to get it to work today, there was still a serious problem:When I tried to use an invalid username/password -- after using valid values successfully -- the valid values remained in the browser's cache and were never replaced by the invalid ones. This is bad, because the visitor can never switch from one username/password value to another -- instead he is always stuck with the FIRST valid values enters, until he quits the browser.Now, if you guys can come up with a solution to all of the problems I have described here, then maybe I will consider this as a reasonable solution for avoiding the browsers standard authentication system. But until all these issues have been resolved, I am still convinced that I am 100% correct in my conclusion that it does NOT work (for me) on Netscape 4.7 Mac.If it works for you and everyone else in the world, then more power to you -- but since it fails to work for me, as I have explained time and time again, I'm not wasting any more of my time on it.>Short version: > >1) login.html : create a form with field username and password > and an action pointing to login1.tpl with method=post > >2) on login1.tpl put simply: > [redirect http://[username]:[password]@www.yoursite.com/login2.tpl] > >3) on login2.tpl put the following meta tag in the header of the page: > CONTENT=0;URL=http://www.yoursite.com/protected.tpl> > >4) on protected.tpl (and others pages) > use the usual [protect groupname] tag > >I use it daily since I found it (and sent my trick to the list), >a few month ago. It work fine with Netscape 4.7 and Explorer 4 >on Mac and Windows in both SSL and normal http. > >Tested sucessfully on the following server setup: >- Mac OS 8.6 + W*4.0 + WC PI 3.04 >- Mac OS 9.04 + W*4.2 + WC PI 4.01 > >Have fun, and give me your feedback. > >Brice >-- >Brice Le Blevennec, Digerati, ListDad, >Ex Machina Interactive Architects S.A., Ex Nihilo Uno S.A. & >Ex Machina Graphic Design S.P.R.L. >Ex Machina Television SPRL >NetBusiness S.A. ContactOffice >Arkaos S.A. X-Pose 2.0 & Visualizer > >------------------------------------------------------------- >This message is sent to you because you are subscribed to > the mailing list . >To unsubscribe, E-mail to: >To switch to the DIGEST mode, E-mail to > >Web Archive of this list is at: http://search.smithmicro.com/================================ Kenneth Grome, WebDNA Consultant 808-737-6499 http://webdna.net ================================------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: The Form authentication trick (John Butler 2000)
  2. Re: The Form authentication trick (Kenneth Grome 2000)
  3. Re: The Form authentication trick (John Butler 2000)
  4. Re: The Form authentication trick (Glenn Busbin 2000)
  5. Re: The Form authentication trick (Kalin Mintchev 2000)
  6. Re: The Form authentication trick (ShrPAUL1@aol.com 2000)
  7. Re: The Form authentication trick (Kalin Mintchev 2000)
  8. Re: The Form authentication trick (John Butler 2000)
  9. Re: The Form authentication trick (Kalin Mintchev 2000)
  10. Re: The Form authentication trick (Kalin Mintchev 2000)
  11. Re: The Form authentication trick (Webcat 2000)
  12. Re: The Form authentication trick (John Butler 2000)
  13. Re: The Form authentication trick (Kalin Mintchev 2000)
  14. Re: The Form authentication trick (Kalin Mintchev 2000)
  15. Re: The Form authentication trick (Kalin Mintchev 2000)
  16. Re: The Form authentication trick (John Butler 2000)
  17. Re: The Form authentication trick (Kalin Mintchev 2000)
  18. Re: The Form authentication trick (John Butler 2000)
  19. Re: The Form authentication trick (Kalin Mintchev 2000)
  20. Re: The Form authentication trick (John Peacock 2000)
  21. Re: The Form authentication trick (Bob Minor 2000)
  22. Re: The Form authentication trick (John Butler 2000)
  23. Re: The Form authentication trick (Kalin Mintchev 2000)
  24. Re: The Form authentication trick (Brice Le Blevennec 2000)
  25. Re: The Form authentication trick (John Butler 2000)
  26. Re: The Form authentication trick (Kenneth Grome 2000)
  27. Re: The Form authentication trick (John Butler 2000)
  28. Re: The Form authentication trick (Kenneth Grome 2000)
  29. Re: The Form authentication trick (John Butler 2000)
  30. The Form authentication trick (Brice Le Blevennec 2000)
I tried it. Here's what happens when no previous username/password values have been cached by the browser:1- If I enter an invalid username/password, I get the browser's authentication failed, try again dialog box. This is bad, because the whole idea is to avoid the authentication dialog box, but it's going to come up anyways if the visitor fails to enter the proper username/password values the first time.2- If I enter a valid username/password, it works -- or it fails. This doesn't seem to make any sense, right? well, here's what happened:The first time I tried it, it *seemed* to work, sort of ... (see #3 below). But every other time I tried it since the first time today, I have not been able to get it to work again. Now it ALWAYS pops up the browser's authentication dialog box, even when a valid username and password are entered -- and even after the browser is quit and relaunched in order to insure that no values remain cached.In fact, the only way to get past the authentication dialog in this situation is to re-enter the valid username/password *again* in the dialog box, after first entering them into the form on the ligin.html page.3- Even when it actually worked the *one and only time* I managed to get it to work today, there was still a serious problem:When I tried to use an invalid username/password -- after using valid values successfully -- the valid values remained in the browser's cache and were never replaced by the invalid ones. This is bad, because the visitor can never switch from one username/password value to another -- instead he is always stuck with the FIRST valid values enters, until he quits the browser.Now, if you guys can come up with a solution to all of the problems I have described here, then maybe I will consider this as a reasonable solution for avoiding the browsers standard authentication system. But until all these issues have been resolved, I am still convinced that I am 100% correct in my conclusion that it does NOT work (for me) on Netscape 4.7 Mac.If it works for you and everyone else in the world, then more power to you -- but since it fails to work for me, as I have explained time and time again, I'm not wasting any more of my time on it.>Short version: > >1) login.html : create a form with field username and password > and an action pointing to login1.tpl with method=post > >2) on login1.tpl put simply: > [redirect http://[username]:[password]@www.yoursite.com/login2.tpl] > >3) on login2.tpl put the following meta tag in the header of the page: > CONTENT=0;URL=http://www.yoursite.com/protected.tpl> > >4) on protected.tpl (and others pages) > use the usual [protect groupname] tag > >I use it daily since I found it (and sent my trick to the list), >a few month ago. It work fine with Netscape 4.7 and Explorer 4 >on Mac and Windows in both SSL and normal http. > >Tested sucessfully on the following server setup: >- Mac OS 8.6 + W*4.0 + WC PI 3.04 >- Mac OS 9.04 + W*4.2 + WC PI 4.01 > >Have fun, and give me your feedback. > >Brice >-- >Brice Le Blevennec, Digerati, ListDad, >Ex Machina Interactive Architects S.A., Ex Nihilo Uno S.A. & >Ex Machina Graphic Design S.P.R.L. >Ex Machina Television SPRL >NetBusiness S.A. ContactOffice >Arkaos S.A. X-Pose 2.0 & Visualizer > >------------------------------------------------------------- >This message is sent to you because you are subscribed to > the mailing list . >To unsubscribe, E-mail to: >To switch to the DIGEST mode, E-mail to > >Web Archive of this list is at: http://search.smithmicro.com/================================ Kenneth Grome, WebDNA Consultant 808-737-6499 http://webdna.net ================================------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/ Kenneth Grome

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Strange intermittent WebDNA problems (2008) Banners and sort of random display (1997) WebMerchant 3.0? (1998) WebCat2b13MacPlugIn - [shownext method=post] ??? (1997) WebCat editing, SiteGuard WAS:SiteAssociative lookup style? (1997) Multiple Merchant Accounts? (1997) READFILE command? (1998) Internet Explorer 6 Form problems (2005) Threaded Discussion (1998) [cart] not being interpreted inside [founditems] (1997) [SearchString] usage (1997) problems with 2 tags (1997) Smith Micro & e Frontier (2008) WebTen Memory Error with Plug-In (1998) AOL displays strange header info (2000) interesting Unix bug (2000) this works sometimes and sometimes not (1997) 911: testing if the field is empty (2000) [WebDNA] Reformatting database headers (2009) WebCat Bulletin Board Solution ? (1998)