Solved

WebServer Login

Posted on 2000-03-30
8
572 Views
Last Modified: 2010-04-04
Hi,
I'm making a WebServer using ISAPI and I'd like know how can I make a login interface, let me be more clear, How do I know if the user is loged in my Site to make his request.
I'll appreciate any sample or idea.

Thanks....

NetBeto.
0
Comment
Question by:netbeto
8 Comments
 
LVL 13

Expert Comment

by:Epsylon
ID: 2670930
0
 
LVL 17

Accepted Solution

by:
geobul earned 100 total points
ID: 2672668
Hi,


I usually use cookies for this purpose.
First of all you have a login HTML page where the user submits his/her name and password. Something like:
--------------
<HTML>
<HEAD><TITLE>My Web Site Login Page</TITLE></HEAD>
<BODY>
<FORM METHOD=POST ACTION="/your_path/MyScript.dll/login">

UserName :<INPUT TYPE=text     NAME="login" MAXLENGTH=10 SIZE=10>
Password :<INPUT TYPE=password NAME="passw" MAXLENGTH=10 SIZE=10>

<INPUT TYPE=submit NAME="LoginBtn" VALUE="Login">
<INPUT TYPE=reset VALUE="Clear">

</FORM>
</BODY>
</HTML>
-----------
where 'MyScript.dll' is the name of the your ISAPI program and '/login' is the 'command', corresponding with Action Item with PathInfo property = '/login'.


Reading login data and setting cookies :

{ /login web action item }
procedure TWebModule1.WebModule1WebActionItem1Action(Sender: TObject;
  Request: TWebRequest; Response: TWebResponse; var Handled: Boolean);
var
  slCookies : TStringList;
  login, passw : string;
begin
  slCookies := TStringList.Create;
  ...
  { reading values from the Request}
  login:=Request.ContentFields.Values['login'];
  passw:=Request.ContentFields.Values['passw'];
  { Verifying the login - check in a database table for example }
  ...
  { adding cookies to string list if access is granted }
  if .... then begin
    slCookies.Add('login='+login);
    slCookies.Add('passw='+passw);
    { set cookies in Response }
    Response.SetCookieField(slCookies,'','',Date,False);
    Response.Content := ..... { next HTML page after successful login }
  end else
    { something is not correct - set empty cookies }
    slCookies.Add('login='+'');
    slCookies.Add('passw='+'');
    { set cookies in Response }
    Response.SetCookieField(slCookies,'','',Date,False);
    Response.Content := .... { HTML page for error - access denied }
  end;
  .......
  Response.SendResponse;
  slCookies.Free;
end;


Reading cookies in the next requests to verify the user:

{ Another web action item }
procedure TWebModule1.WebModule1WebActionItem2Action(Sender: TObject;
  Request: TWebRequest; Response: TWebResponse; var Handled: Boolean);
var
  login, passw : String;
begin
  ...
  login := Request.CookieFields.Values['login'];
  passw := Request.CookieFields.Values['passw'];
  if login <> '' then begin
    ...
  end;
  ...
end;

Regards, Geo
0
 

Author Comment

by:netbeto
ID: 2673850
Listening...
0
 
LVL 3

Expert Comment

by:bryan7
ID: 2678631
listenning
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 

Author Comment

by:netbeto
ID: 2701471
Hi Geo,
You said,
Reading cookies in the next requests to verify the user:

{ Another web action item }
procedure TWebModule1.WebModule1WebActionItem2Action(Sender: TObject;
  Request: TWebRequest; Response: TWebResponse; var Handled: Boolean);
var
  login, passw : String;
begin
  ...
  login := Request.CookieFields.Values['login'];
  passw := Request.CookieFields.Values['passw'];
  if login <> '' then begin
    ...
  end;
  ...
end;

Do I have to make some especial HTML to make requests after have loged on?? How can my ISAPI know about the last read Cookie??

Thanks,

NetBeto
0
 
LVL 17

Expert Comment

by:geobul
ID: 2703626
Hi,

  Usually, after successful login, the server application sends main (index, default) HTML page to the client in response. Next requests are made from the main page (links, buttons etc.). In response to these requests the app sends another pages and so on.
  Your app can read login and pass cookies on every request (except login request because they are not set yet) in OnBeforeDispatch event handler and compare the values to the database.

  How can my ISAPI know about the last read Cookie?? - I do not understand what you mean.

Regards, Geo
0
 

Author Comment

by:netbeto
ID: 2703845
Hi,
"Your app can read login and pass cookies on every request" do you mean that every link on my main page after login must send the login informations??

Thanks,

NetBeto.
0
 
LVL 17

Expert Comment

by:geobul
ID: 2704400
Hi,
When your app has already set login info as cookies, the client browser takes care about sending them in every request. Your app sets them once on login and can read them many times (and every time). Links on pages are not involved here. Cookies are sending always when the browser makes a request to the server.

Regards, Geo
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hello everybody This Article will show you how to validate number with TEdit control, What's the TEdit control? TEdit is a standard Windows edit control on a form, it allows to user to write, read and copy/paste single line of text. Usua…
In my programming career I have only very rarely run into situations where operator overloading would be of any use in my work.  Normally those situations involved math with either overly large numbers (hundreds of thousands of digits or accuracy re…
In this video I am going to show you how to back up and restore Office 365 mailboxes using CodeTwo Backup for Office 365. Learn more about the tool used in this video here: http://www.codetwo.com/backup-for-office-365/ (http://www.codetwo.com/ba…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now