HELP: Authentication

Seppo Sahi wrote:
Are you making something like an extranet? If so, I'd recommend you
doing this in a bit different way. ViewerGroups is handled in very early
state (before sending HTML headers). One problem is also that
'midcom-template' is run only after checking the ViewerGroups, which
makes it impossible to override headers set by Midgard.

There is a nice workaround, which allows you to stay in the original
URI. You could have something like this set in <(ROOT)> style element:

---

<?php
if (substr($_MIDGARD['uri'], 0, 8) !== 'extranet' || $_MIDGARD['user'])
{
?>
<(content)>
<?php
}
else
{
<(login)>
}
?>

---

and then create a style element called 'login':

---

<form method="POST" action="&(midgard.uri);">
 <fieldset>
  <legend>Protie login</legend>
  <label for="midcom-template-username">
   Username:
   <input type="text" name="midcom_site[username]"
id="midcom-template-username" size="20" />
  </label>
  <label for="midcom-template-password">
   Password:
  <input type="password" name="midcom_site[password]"
id="midcom-template-password" size="20" />
  </label>
  <input class="loginform-submit-button" type="submit"
name="midcom_site[login]" value="Login" />
  <div class="disclaimer">
   This site uses the secure NemeinAuthentication library for
authentication.
   Please ensure that your browser allows cookies to be set by this server.
  </div>
 </fieldset>
</form>

---

You can see that this method relies on URI name spacing and is in this
example set for the first level node 'extranet'. This isn't a handy way
to deal with AIS, since you have to hard-code the parts which require
authentication.

If someone has a better idea, I wouldn't mind hearing it.

> BTW. Is there a bug in AIS when setting UserGroup permissions. The
> folder always disappears from the navigation whenever I change it’s
> UserGroup permission.

It shouldn't disappear if you have logged in but yes, it will disappear
if ViewerGroups is set to a group the person viewing doesn't belong to.
This you can take as a feature.


--
Arttu Manninen

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@...
For additional commands, e-mail: user-help@...

> Are you making something like an extranet?

Yes.

> If so, I'd
> recommend you doing this in a bit different way. ViewerGroups
> is handled in very early state (before sending HTML headers).
> One problem is also that 'midcom-template' is run only after
> checking the ViewerGroups, which makes it impossible to
> override headers set by Midgard.

Ok. This clears out a lot of things for me.

Ok this works now. I already figured out how I can check user's group
and that way implement different authorization levels (at least I think
so :). Great!

...but I have A problem with IE cache now. IE likes to give a cached
copy for the user no matter what. So user is not redirected to the login
page in IE once he has been on the extranet once. I have Midgard caches
disabled. Is adding some cache control into HTTP headers the only way to
get it work? Can I just add them to the beginning of my ROOT style or do
I have to configure Apache to send the proper headers?

> > BTW. Is there a bug in AIS when setting UserGroup permissions. The
> > folder always disappears from the navigation whenever I change it's
> > UserGroup permission.
>
> It shouldn't disappear if you have logged in but yes, it will
> disappear if ViewerGroups is set to a group the person
> viewing doesn't belong to. This you can take as a feature.

Strange because I think I tried to check if navigation would behave like
you say it should but I remember that was not the case. I might be wrong
and I can check it out once I have time.

Seppo



---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@...
For additional commands, e-mail: user-help@...

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

I have hit a strang bug in midgard 1.7.3
Here is the Plot i had in mind:
- - Midgard 1.7.3 set up under SuSE 9.3 (had to compile since no rpms exist for 9.3)
- - create default host works fine
- - every other host i set up in there should have it's own blobdir, rootdir and cachedir (vhost conf changed accordingly)

Now the Bug:
I add a new Company in Aegir
It gets created
BUT: the attachment site points to /attachment
The GUID is missing - should be /attachment/long_number_that_represents_the_guid

Therefore I get errors when trying to add attachments in Aegir in the new host.

Is this a known bug?
Should i rather use the midgard-site-creation wizard?

Any hints appreciated...

Thanx,

Alex
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (MingW32)

iD8DBQFDqbBR6ByBlKPys/0RAmbzAJ99wI+14tTdiOi3fktAs9A+43U+eACfbpDt
Y2hxknAPKDeKyVhZJyUpWFw=
=55SV
-----END PGP SIGNATURE-----


---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@...
For additional commands, e-mail: user-help@...

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Update:

> Now the Bug:
> I add a new Company in Aegir
> It gets created
> BUT: the attachment site points to /attachment
> The GUID is missing - should be
> /attachment/long_number_that_represents_the_guid

Deleted all evidence of midgard 1.7.3 and installed 1.6.3
Bug seems to be gone...

Alex
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (MingW32)

iD8DBQFDqbxL6ByBlKPys/0RAkXbAKCPbwmcwPI0oJv/mZyrmES7eiatOQCfXuDV
Xm5RaJw8C+qSpQ+Tkg7SuOk=
=oJ8X
-----END PGP SIGNATURE-----


---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@...
For additional commands, e-mail: user-help@...