[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 491
  • Last Modified:

Can't create Public documents as Anonymous, even though ACL is set to allow it

Hi

I am building an online shopping solution, but intend to run more than one of them on the same server. I am currently working on the user registration part, but because there may be multiple instances, I don't want the users to be stored in the common Domino Directory, I'd much rather than each copy of the application managed its own users. As there will be no really sensitive information stored (like credit card numbers etc., as I will be using WorldPay), I am happy with the slightly less secure setup this would provide, so I'm writing an Agent to handle the Login/Registration process.

Here are my ACL settings:

-Default-   -   Author   -   Create documents / Read public documents / Write public documents / Replicate or copy documents
Anonymous   -   Author   -   Create documents / Read public documents / Write public documents / Replicate or copy documents

However, when I submit a completed Form, whose Security tab says All readers and above / All authors and above / Available to Public Access users, I am presented with the standard Login page.

Why is this? Am I missing something?

Thanks,
Paul
0
PaulCutcliffe
Asked:
PaulCutcliffe
  • 5
  • 4
  • 2
  • +1
1 Solution
 
Bozzie4Commented:
There is not really a reason why you shouldn't use Domino authentication : you can create several addressbooks, and use Directory assistance to handle authentication.  If you really do an online shopping app., I would strongly recommend to use it !

if you don't, and you give Anonymous Author access, with Create Documents, a user should be able to create documents using ALL forms, even the ones that are not Public access.  However, there are some things to keep in mind:
- you need an Author field on the documents, with Anonymous in it, because if a user creates a document, saves it, and then tries to Edit it again, you will get a Login box.
- if you use Readers fields, the same goes (although I don't think you do)
- watch out for Agents (WebQueryOpen/WebQuerySave).  You may need to deselect the 'Run as Webuser' attribute

You can't build a secure application using a login - agent alone!  But if you use R6, you can take advantage of the new @sethttpheader stuff to read/write cookies with the authentication information.  You would then create a Session, using cookies.  In R5, this is a whole lot more labour-intensive.

cheers,

Tom
0
 
p_parthaCommented:
In the form create a field by name $PublicAccess and make it computed when composed and give "1" as the value.

THe steps you have made just make the form available to public access users and not the documents created by them.

Partha
0
 
Bozzie4Commented:
But it's not necessary to do so, because Anonymous = Author.  so he can create documents no matter what $PublicAccess says.  If Anonymous would be Reader, the $PublicAccess comes into play.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
PaulCutcliffeAuthor Commented:
Directory Assistance? So that's what that does - always wondered, but never thought I had a reason to find out!

Please bear with me for a day or three whilst I look into this new (to me) concept, & get my head around what I need to do.

Thanks to partha for explaining what is going wrong, but I feel that Bozzie4 is right in that now I know I can use a separate Directory for each instance of the application/website, I di indeed want to revert to using Domino security propoerly - I had convinced myself I didn't need to, but in reality, this was because I didn't think I could.

So, watch this space!

Paul
0
 
Bozzie4Commented:
Problem with DA is that it only supports a maximum of 4 other directories (I think).

This can be solved by using a server based Directory Catalog, while you are reading the help, check on that too....

cheers,

Tom
0
 
PaulCutcliffeAuthor Commented:
Ah, interesting. I will thoroughly check out both ideas in the Help/documentation.

Thanks again,
Paul
0
 
Sjef BosmanGroupware ConsultantCommented:
Just a note: for every user of a Domino server, Web or Notes, you need a CAL...
0
 
PaulCutcliffeAuthor Commented:
Client Access License - am I right in thinking that each & every registered user of a web application has to have a CAL, which costs in the region of (GBP) £46each?

I can see it now: "Before registering to use our online shopping site, please give us £46 for a license" - this is a complete show-stopper! It means we either can't use Domino, or if we do, we can't register the names in the Domino Directory, which is kinda funny, cos that brings me back to where I started this posting - trying to manually authenticate users in code, rather than using the Domino Directory & Domino's built-in security.

So, just to clarify, do I really have to pay IBM £46 per registered users, whilst having unlimited anonymous users for free? And is simply not listing them in the Domino Directory really a work-around for this?

Now I come to think about it, I have a really vague recollection of this being a factor in deciding not to use the Domino Directory before, I think I'd just forgotten that when starting this posting.

Thanks,
0
 
Sjef BosmanGroupware ConsultantCommented:
If I remember well, there seems to be an Unlimited Web CAL, something like 60 and over. There's another snag: whatever registration you use on Domino, if your users have to identify themselves somehow (even without the NAB) you seem to required to have a CAL for them... Hey, I'm just a pianoplayer! Don't shoot me! Get the right info from your Lotus BP. Or from the Internet.
0
 
PaulCutcliffeAuthor Commented:
Actually, it's probably fairer if I open a new question for the CAL issue, & keep this question on track for the allowing Anonymous users to create documents - see http://www.experts-exchange.com/Applications/Email/Lotus_Notes_Domino/Q_21201731.html

sjef bosman - I'd really appreciate your thoughts on this matter in the other question - thanks.

As for this question, I'm now going to go back to trying to get an anonymous user to create a document.
0
 
PaulCutcliffeAuthor Commented:
Having just added the $PublicAccess field, the site now allows me to create a document, but I've just noticed that there are already loads of these documents in existence, so I was previously adding them, I simply didn't know it, as it was displaying the doc that failed, not creating it.
0
 
Bozzie4Commented:
License wise, look at Express Utility server : that's 'cheaper' for authenticated users.  No mail, only applications !  It's a good point though ...

And yes, you would have created the documents, but just not able to edit them.  But the $PublicAccess field is not something you need to add perse, if you use the "Allow public access users..." property of the form, it will be added automatically (check the existing documents)

cheers

Tom
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 5
  • 4
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now