Can you shed some light on this for me? I have a small web application (basically just a form) that users can access through the browser, fill in information and save again (nothing fancy, I know).
- I have created a role called [NonAnon] and added a readers and authors field to the form, each containing that role.
- Because this is a public app, I am using what we call a lightweight account in the address book (a person document, but no certificate -- authentication only on a password string).
- I've listed this account in the ACL and assigned it the [NonAnon] role, with Editor access.
- The form itself allows authors and above to create and read documents.
- Anonymous access in the ACL is set to None.
It all works fine (i.e. prompts to authenticate on accessing the document through the web). And the document goes into edit mode fine when the edit button is clicked. But when the save button is clicked, the document prompts to authenticate again, and then saves. Subsequent changes to the document do not require any reauthentication.
So basically each session requires two bouts of authentication -- one when first accessing the document, and one when first saving.
I would like only one authentication prompt when the user first accesses, though, with all saves not requiring reauthentication.