| Prev | Next | mainResponder Verbs > mainResponder.security > httpAuthentication |
mainResponder.security.httpAuthentication
| Syntax |
mainResponder.security.httpAuthentication (realm, pta=nil, groupname="default", memberList=nil, securityLevel=0, fldebug=false, domain="/", noncesExpireAfterMinutes=15)
|
| Params |
realm is a string containing a human-readable name for the set of protected pages. The client is meant to display it to the user when prompting for the username and password. pta is the optional address of the param table for this request. If it's unspecified, all elements of the param table are assumed to be in scope. groupname is either a string containing the name of a top-level table in members.root or the address of a table. It defaults to "default". memberList is an optional list of usernames. If it's provided, only the listed members of the specified membership group will be authenticated. securityLevel is a number between 0 and 3, defaulting to 0. fldebug is a boolean defaulting to false. If it's true, debug information is logged to the debugHttpAuthentication section of the log database. domain is an optional string defaulting to a slash. The HTTP client should consider all documents whose URIs begin with domain to be subject to the same authentication requirements as the current document. noncesExpireAfterMinutes determines the life-time of nonce values used for Digest Authentication . The default is 15 minutes.
|
| Action |
Tries to authenticate the client based on the submitted credentials.
|
| Returns |
True if the client could be successfully authenticated, generates a script error otherwise.
|
| Examples |
mainResponder.security.httpAuthentication ("Control Panel", memberList:"Admin", domain:"/controlPanel") » true
|
| Errors |
If authentication fails, this script generates a scripterror that will instruct mainResponder.respond to return either a 401 Unauthorized, 403 Forbidden, or 400 Bad Request response to the client.
|
| Notes |
This script is meant to be called from a #security script or possibly a controlAccess callback. It's used to provides security for the control panel site in mainResponder.root, see mainResponder.controlPanel.["#security"] for an example of how to call this script. A security level of 0 means that only Basic Access Authentication is active. This is the weakest authentication scheme. A security level of 1 means that both Basic and Digest Access Authentication are active. It's the client's choice. A security level of 2 means that only Digest Access Authentication is active. A security level of 3 means that only Digest Access Authentication is active. This is the most secure of the supported authentication scheme. In Frontier 6, only Basic Access Authentication, i.e. security level 0, is supported. Since Digest Access Authentication requires the computation of MD5 hashes, it is only supported in Frontier 6.1 and higher where the string.hashMD5 verb is available. An introduction to Basic Access Authentication and Digest Access Authentication is available at http://frontier.userland.com/stories/storyReader$2159 To learn more about Basic Access Authentication and Digest Access Authentication refer to RFC 2617. If you need to protect sensitive data, it's critically important that you understand the features and limitations of both authentication schemes. If the protection offered by these schemes is not sufficient for your purposes, you probably need to look into running Frontier behind a SSL- or TLS-enabled webserver. The domain and noncesExpireAfterMinutes parameters are only relevant for Digest Access Authentication. Detailed information about mainResponder's membership group format is available from the Frontier Site.
|
| See Also |
mainResponder.members.getMembershipTable mainResponder.members.getMemberTable
|
| Prev | Next | mainResponder Verbs > mainResponder.security > httpAuthentication |
