WebServer Login

Hi,
I'm making a WebServer using ISAPI and I'd like know how can I make a login interface, let me be more clear, How do I know if the user is loged in my Site to make his request.
I'll appreciate any sample or idea.

Thanks....

NetBeto.
netbetoAsked:
Who is Participating?
 
geobulConnect With a Mentor Commented:
Hi,


I usually use cookies for this purpose.
First of all you have a login HTML page where the user submits his/her name and password. Something like:
--------------
<HTML>
<HEAD><TITLE>My Web Site Login Page</TITLE></HEAD>
<BODY>
<FORM METHOD=POST ACTION="/your_path/MyScript.dll/login">

UserName :<INPUT TYPE=text     NAME="login" MAXLENGTH=10 SIZE=10>
Password :<INPUT TYPE=password NAME="passw" MAXLENGTH=10 SIZE=10>

<INPUT TYPE=submit NAME="LoginBtn" VALUE="Login">
<INPUT TYPE=reset VALUE="Clear">

</FORM>
</BODY>
</HTML>
-----------
where 'MyScript.dll' is the name of the your ISAPI program and '/login' is the 'command', corresponding with Action Item with PathInfo property = '/login'.


Reading login data and setting cookies :

{ /login web action item }
procedure TWebModule1.WebModule1WebActionItem1Action(Sender: TObject;
  Request: TWebRequest; Response: TWebResponse; var Handled: Boolean);
var
  slCookies : TStringList;
  login, passw : string;
begin
  slCookies := TStringList.Create;
  ...
  { reading values from the Request}
  login:=Request.ContentFields.Values['login'];
  passw:=Request.ContentFields.Values['passw'];
  { Verifying the login - check in a database table for example }
  ...
  { adding cookies to string list if access is granted }
  if .... then begin
    slCookies.Add('login='+login);
    slCookies.Add('passw='+passw);
    { set cookies in Response }
    Response.SetCookieField(slCookies,'','',Date,False);
    Response.Content := ..... { next HTML page after successful login }
  end else
    { something is not correct - set empty cookies }
    slCookies.Add('login='+'');
    slCookies.Add('passw='+'');
    { set cookies in Response }
    Response.SetCookieField(slCookies,'','',Date,False);
    Response.Content := .... { HTML page for error - access denied }
  end;
  .......
  Response.SendResponse;
  slCookies.Free;
end;


Reading cookies in the next requests to verify the user:

{ Another web action item }
procedure TWebModule1.WebModule1WebActionItem2Action(Sender: TObject;
  Request: TWebRequest; Response: TWebResponse; var Handled: Boolean);
var
  login, passw : String;
begin
  ...
  login := Request.CookieFields.Values['login'];
  passw := Request.CookieFields.Values['passw'];
  if login <> '' then begin
    ...
  end;
  ...
end;

Regards, Geo
0
 
EpsylonCommented:
0
 
netbetoAuthor Commented:
Listening...
0
Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

 
bryan7Commented:
listenning
0
 
netbetoAuthor Commented:
Hi Geo,
You said,
Reading cookies in the next requests to verify the user:

{ Another web action item }
procedure TWebModule1.WebModule1WebActionItem2Action(Sender: TObject;
  Request: TWebRequest; Response: TWebResponse; var Handled: Boolean);
var
  login, passw : String;
begin
  ...
  login := Request.CookieFields.Values['login'];
  passw := Request.CookieFields.Values['passw'];
  if login <> '' then begin
    ...
  end;
  ...
end;

Do I have to make some especial HTML to make requests after have loged on?? How can my ISAPI know about the last read Cookie??

Thanks,

NetBeto
0
 
geobulCommented:
Hi,

  Usually, after successful login, the server application sends main (index, default) HTML page to the client in response. Next requests are made from the main page (links, buttons etc.). In response to these requests the app sends another pages and so on.
  Your app can read login and pass cookies on every request (except login request because they are not set yet) in OnBeforeDispatch event handler and compare the values to the database.

  How can my ISAPI know about the last read Cookie?? - I do not understand what you mean.

Regards, Geo
0
 
netbetoAuthor Commented:
Hi,
"Your app can read login and pass cookies on every request" do you mean that every link on my main page after login must send the login informations??

Thanks,

NetBeto.
0
 
geobulCommented:
Hi,
When your app has already set login info as cookies, the client browser takes care about sending them in every request. Your app sets them once on login and can read them many times (and every time). Links on pages are not involved here. Cookies are sending always when the browser makes a request to the server.

Regards, Geo
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.