Solved

Multiple authentication prompts over web

Posted on 2006-07-21
10
189 Views
Last Modified: 2013-12-18
Hi Experts:

Can you shed some light on this for me? I have a small web application (basically just a form) that users can access through the browser, fill in information and save again (nothing fancy, I know).

For security:

- I have created a role called [NonAnon] and added a readers and authors field to the form, each containing that role.

- Because this is a public app, I am using what we call a lightweight account in the address book (a person document, but no certificate -- authentication only on a password string).

- I've listed this account in the ACL and assigned it the [NonAnon] role, with Editor access.

- The form itself allows authors and above to create and read documents.

- Anonymous access in the ACL is set to None.

It all works fine (i.e. prompts to authenticate on accessing the document through the web). And the document goes into edit mode fine when the edit button is clicked. But when the save button is clicked, the document prompts to authenticate again, and then saves. Subsequent changes to the document do not require any reauthentication.

So basically each session requires two bouts of authentication -- one when first accessing the document, and one when first saving.

I would like only one authentication prompt when the user first accesses, though, with all saves not requiring reauthentication.

Any thoughts?

-Ke
0
Comment
Question by:kkiddie
  • 5
  • 2
10 Comments
 
LVL 46

Expert Comment

by:Sjef Bosman
ID: 17155953
Do you have logging enabled, e.g. domlog.nsf? Check whether in both cases the same URL was used, e.g. using
    http: //www.domain.com/filename.nsf/view/doc?OpenDocument
and
    http: //11.22.33.44/filename.nsf/view/doc?OpenDocument
might refer to the save server, but AFAIK the server considers it to come from a new user and will therefore require a new login.
   
0
 

Author Comment

by:kkiddie
ID: 17156226
They are logging with domlog.nsf, but for some reason today's traffic doesn't seem to be posted yet... I'll keep checking.

It's an good idea, but I don't think the URL is at issue.

I can tell you that the URL when accessing, (e.g. http: //www.domain.com/filename.nsf/view/doc?OpenDocument) is the same domain when the document goes into edit mode (e.g. http: //www.domain.com/filename.nsf/view/doc?EditDocument), and that the form method POST URL generated by Notes is a relative path and so should just be grabbing the domain from the address bar...
0
 
LVL 46

Expert Comment

by:Sjef Bosman
ID: 17157515
Ah, no, not always true. There are some Domino-generated URLs that are just plain wrong, despite the good intentions, although things have improved enormously since 4.6. If you use URLs yourself, they'll be correct, no doubt. Some URLs though, generated by agents and $$Return things could go terribly wrong. I hope that's corrected by now, but I can't tell because we used to generate ALL those URL's using one function, just to avoid URL changes.

Today's traffic? Try a view refresh with F9. Traffic should be in that database immediately. What Notes/Domino releases are you on?
0
 
LVL 46

Accepted Solution

by:
Sjef Bosman earned 125 total points
ID: 17157528
Some links that might come in handy:
    http:Q_20339652.html "Double Login to web application"
    http:Q_20397274.html "Double-authentication on web"
    http:Q_20380934.html "Help Required - Asking authentication twice in same application"
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 63

Assisted Solution

by:Zvonko
Zvonko earned 125 total points
ID: 17159421
Hello Ke,
isn't on the Form in Designer a property to default open the Document in Edit mode? Use that and you have solved two problems at once: no Button for Edit mode needed and only one authentication (for Edit) needed.

0
 
LVL 46

Expert Comment

by:Sjef Bosman
ID: 17159442
That's cheating!! ;-)
0
 
LVL 63

Expert Comment

by:Zvonko
ID: 17159477
Sorry, what? I do not get you? Or do you mean Zvonko reads what zvonko has written? There can be only One! :)
0
 
LVL 46

Expert Comment

by:Sjef Bosman
ID: 17159531
No, I meant putting the document in Edit mode is cheating. It doesn't solve the problem, it's just a bypass.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Lotus Notes 8.5 1 140
Add code to Lotus Notes view column 2 116
attaching a file lotus notes 4 108
ESXCLI upgrade command 1 79
For Desktop Techs: How to retain a user's Notes configuration data when swapping out the end user's computer. (Assuming that you are not upgrading to a completely different version of Notes client) All you need to do is: 1) install Notes o…
Notes Document Link used by IBM Notes is a link file which aids in the sharing of links to documents in email and webpages. The posts describe the importance and steps to create a Lotus Notes NDL file in brief.
This tutorial gives a high-level tour of the interface of Marketo (a marketing automation tool to help businesses track and engage prospective customers and drive them to purchase). You will see the main areas including Marketing Activities, Design …
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now