WebServer Login

Hi,
I'm making a WebServer using ISAPI and I'd like know how can I make a login interface, let me be more clear, How do I know if the user is loged in my Site to make his request.
I'll appreciate any sample or idea.

Thanks....

NetBeto.
netbetoAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

EpsylonCommented:
0
geobulCommented:
Hi,


I usually use cookies for this purpose.
First of all you have a login HTML page where the user submits his/her name and password. Something like:
--------------
<HTML>
<HEAD><TITLE>My Web Site Login Page</TITLE></HEAD>
<BODY>
<FORM METHOD=POST ACTION="/your_path/MyScript.dll/login">

UserName :<INPUT TYPE=text     NAME="login" MAXLENGTH=10 SIZE=10>
Password :<INPUT TYPE=password NAME="passw" MAXLENGTH=10 SIZE=10>

<INPUT TYPE=submit NAME="LoginBtn" VALUE="Login">
<INPUT TYPE=reset VALUE="Clear">

</FORM>
</BODY>
</HTML>
-----------
where 'MyScript.dll' is the name of the your ISAPI program and '/login' is the 'command', corresponding with Action Item with PathInfo property = '/login'.


Reading login data and setting cookies :

{ /login web action item }
procedure TWebModule1.WebModule1WebActionItem1Action(Sender: TObject;
  Request: TWebRequest; Response: TWebResponse; var Handled: Boolean);
var
  slCookies : TStringList;
  login, passw : string;
begin
  slCookies := TStringList.Create;
  ...
  { reading values from the Request}
  login:=Request.ContentFields.Values['login'];
  passw:=Request.ContentFields.Values['passw'];
  { Verifying the login - check in a database table for example }
  ...
  { adding cookies to string list if access is granted }
  if .... then begin
    slCookies.Add('login='+login);
    slCookies.Add('passw='+passw);
    { set cookies in Response }
    Response.SetCookieField(slCookies,'','',Date,False);
    Response.Content := ..... { next HTML page after successful login }
  end else
    { something is not correct - set empty cookies }
    slCookies.Add('login='+'');
    slCookies.Add('passw='+'');
    { set cookies in Response }
    Response.SetCookieField(slCookies,'','',Date,False);
    Response.Content := .... { HTML page for error - access denied }
  end;
  .......
  Response.SendResponse;
  slCookies.Free;
end;


Reading cookies in the next requests to verify the user:

{ Another web action item }
procedure TWebModule1.WebModule1WebActionItem2Action(Sender: TObject;
  Request: TWebRequest; Response: TWebResponse; var Handled: Boolean);
var
  login, passw : String;
begin
  ...
  login := Request.CookieFields.Values['login'];
  passw := Request.CookieFields.Values['passw'];
  if login <> '' then begin
    ...
  end;
  ...
end;

Regards, Geo
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
netbetoAuthor Commented:
Listening...
0
Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

bryan7Commented:
listenning
0
netbetoAuthor Commented:
Hi Geo,
You said,
Reading cookies in the next requests to verify the user:

{ Another web action item }
procedure TWebModule1.WebModule1WebActionItem2Action(Sender: TObject;
  Request: TWebRequest; Response: TWebResponse; var Handled: Boolean);
var
  login, passw : String;
begin
  ...
  login := Request.CookieFields.Values['login'];
  passw := Request.CookieFields.Values['passw'];
  if login <> '' then begin
    ...
  end;
  ...
end;

Do I have to make some especial HTML to make requests after have loged on?? How can my ISAPI know about the last read Cookie??

Thanks,

NetBeto
0
geobulCommented:
Hi,

  Usually, after successful login, the server application sends main (index, default) HTML page to the client in response. Next requests are made from the main page (links, buttons etc.). In response to these requests the app sends another pages and so on.
  Your app can read login and pass cookies on every request (except login request because they are not set yet) in OnBeforeDispatch event handler and compare the values to the database.

  How can my ISAPI know about the last read Cookie?? - I do not understand what you mean.

Regards, Geo
0
netbetoAuthor Commented:
Hi,
"Your app can read login and pass cookies on every request" do you mean that every link on my main page after login must send the login informations??

Thanks,

NetBeto.
0
geobulCommented:
Hi,
When your app has already set login info as cookies, the client browser takes care about sending them in every request. Your app sets them once on login and can read them many times (and every time). Links on pages are not involved here. Cookies are sending always when the browser makes a request to the server.

Regards, Geo
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Delphi

From novice to tech pro — start learning today.