secured login page

hey guys!

joel here from malaysia. do u guys have any tutorial on how to create a secured login page with user name and password using natural and adabas with IIS as the web server? i would be very grateful for any help.

thanks in advance!

regards,
joel

Is your Adabas/Natural on the mainframe or open systems? If you have EntireX Communicator, you can use that to do your forms authentication with aspx.net. If you have EntireX Security configured also, you can use your mainframe userid/password for authentication.

my adabas/natural is on windows system. so i need entireX communicator to create authentication form? wut about entireX security? i need to purchase that as well? thanks.

EntireX Security is included with EntireX Communicator package.

thanks douglas. but is there any way to create a secured web login using natural web interface?

can anyone help me?

Why not switch on server security for your directory nwwcgi/nwwisapi is placed,
or the nwwcgi/nwwisapi directly?
Additional why not switch on https?
The User ID requested from the IIS will be passed automatically from your nwwcgi to your EXX/Natural.
Note: Your RPC server has to run with AUTOLOGON (because http server does not deliver passwords to “cgi” programs).

thanks for the prompt reply. i really appreciate it.

i will work on it ASAP.

ok, weihnac…

i have tried enabling the IIS security using basic authentication on the nww directory. i can login. however, i can’t seem to find a way to log out or clear the so called “session”. I did a bit of research over the net, and have found that there is no way to clear the login details without closing the entire browser.

so my question is, how do i overcome this using natural? or i need to use another party programming language?

Yes - if you have once specified a authentication - the browser is so smart to deliver this authentication as long as your bowser session is open,
or you have checked “remember my password” during authentication - for ever.

Why do you need a logoff?
There is no session context that has been saved at the natural session and you need to logoff from.

The rpc server does a automatically a logon at the beginnig of your request and a logoff after the request has finished.

Do I miss something?

hmmm…actually i’m not using the RPC method. i’m using DCOM technique (NaturalX and Natural Web Server Extension) which from my understanding doesn’t involve rpc server? (correct me if i’m wrong)

another issue i face is that i want to create a secured site for different users. in other words, different user has different views based on the login. how do i implement this?

thanks in advance.

If you only want to see who has loged on and deliver different pages, then you can just secure your nwwdcgi an then check REMOTE_USER delivered from your http server:

PERFORM W3READ-ENVIRONMENT-TO-DYNAMIC "REMOTE_USER" "S" AUSER

Then all users may run as the same Natural user - which shurely doesn’t matter if you don’t perform updates…

On the other hand if want to use DCOM - then you can change the settings of the DCOM Server especially the “lauching user” … in conjunction with your IIS settings … which is more complicated.

in other words, i can’t use the perform command :

PERFORM W3READ-ENVIRONMENT-TO-DYNAMIC “REMOTE_USER” “S” AUSER

in DCOM environment, right?

so how to do it DCOM environment? can explain more in detail? e.g. “launching user” …

The REMOTE_USER will be set from the http server if a page is secured with http server security - how to - depends on the http server you use. See the documentation of your http server e.g. IIS:
http://msdn.microsoft.com/library/en-us/iissdk/html/21b3be8f-d4ed-4059-8e21-6cba2c253006.asp?frame=true

This works regardless if you use nww with rpc or dcom.

For changing the permissions starting your DCOM server please have a look at the Natural documentation e.g.:
http://techcommunity.softwareag.com/ecosystem/documentation/natural/nat621win/ops/ops-nxcfg.htm
and/or
http://techcommunity.softwareag.com/ecosystem/documentation/natural/nat621win/ops/ops-nxdcom.htm
… my knowledge there is very limited - I prefer to use RPC.

thanks for the links weihnac.

good news! i’ve managed to use the “PERFORM W3READ-ENVIRONMENT” to retrieve the login name.

what i did was changing the nwwdgi.ini file, by including another variable called REMOTE_USER. :lol:

now, i want to check out the links that you have just suggested.