Authentication
Username:  
Password:
  > Home
> User Guide
v Reference
    > Introduction
    v CROFT
       o Resource Allocation
       o Authentication
       o Scheme
    > BEE Variables
    > BEE Syntax
    > BEE Commands
    > Database Operation
    > Content Management
    > Objects and Classes
    > Interface with others
    o Glossary
> Portal Object
> Development Guide


Shortcuts
sys Class
debug Class
Intrinsic Conversions
>> Reference >> CROFT >> Authentication <=  =>      <  1  >  
Authentication How BEE provides member login (Auth)

When a visitor login to a web site by providing a username and password, all the web page program needs to do to authenticate the user is one single command: "login".  CROFT will automatically search for the Owner-Service Duple by matching the longest idURL with the URL of the web page.  Then use the found Owner-Service Duple to look up the Authentication Mechanism Specification (AMS) with the Owner-Server Duple to find the user table for a password check.

An AMS contains the user table name and its database access specification such as the type, host, database and table name (similar to DAS previously mentioned).  The AMS also contains the password encryption method, the Administrator Access Level, and a mapping of the six essential fields: UserName, Password, Realm, AccessLevel, Active and Expiry.

The field names of the six essential fields in the user table needs to be entered into their corresponding AMS mapping field, unless their names are exactly as the default (UserName, Password, Realm, AccessLevel, Active and Expiry).  If a field is missing from the user table, a value needs to be entered in the AMS mapping field with a leading '#' to tell CROFT to use the value for that field instead of retrieving it from the user table.

A username acceptable by the BEE Web Site is in the format of either username (e.g. john) or username@realm (e.g. john@warehouse).  This allows the web application to group users into different name spaces or use different user tables (identified by the realm), even one from another "friendly" web site.  (Please see Affiliate access level in the BEE Variable section under "sys" class.)

Upon authentication, the system will first find the Owner-Service Duple by matching the longest idURL as described before.  Secondly, the AMS is identified using the Owner-Service Duple and the "realm" specification in the "username" parameter (either passed in through the @ suffix of the username, or as a separate parameter.  If not found, the "*" realm will be used (wild-card realm).

Once the AMS is identified, the system will access the user table based on the information in the AMS.  The user record will be identified by the username and the realm field if the Realm field mapping exists.  (The Realm field is a field in the user table that indicates the Realm that the user belongs to.  You can have different realms in different user tables, or one user table for different Realms identified in the realm field of the user table.)

Next, the password obtained from the user record will be matched based on the encryption mechanism specified in the AMS.

If the user login is successful (password match), then all the fields in the user record will be loaded into the sys%auth array, which may contains site specific attributes like sys%auth:Name, sys%auth:Tel, sys%auth:TaxCode, etc.

Previous Page       Next Page

Accsoft Computer Technology Pty Ltd     ABN: 98 065 617 549
PO Box 892, Epping NSW 1710         Level 1, Epping Office Park, 242 Beecroft Rd, Epping NSW 2121, Australia
Tel: Sydney - (02)98691668     National - 1300-881668         Fax: (02)98691866
© Copyright 2003 Accsoft Computer Technology Pty Ltd