How to implement a login form page and a dedicated failure page

With this scenario, when a client request a protected page, the login form is returned:

Then, if the user type in an invalid login/password pair a specific error page is displayed:

 

To implement this scenario you need to define a login form and a login failure page

  • Launch the DAF Configuration Tool
  • Open the Filter Properties for you site
  • Choose Tab [HTML Login Form]

  • In field [Login Form Msg] enter the address of your login form file and create a login form file based on the sample below:

    SAMPLE LOGIN FORM SOURCE CODE
    ---------------------------------------------------------------------

    <HTML>
    <HEAD>
    <TITLE>Login form</TITLE>
    </HEAD>

    <BODY>
    <TITLE>Password Protected Area</TITLE>
    <CENTER>
    <H1>Password Protected Area <br></H1>
    #ERROR_DESCRIPTION#
    <br>
    <FORM METHOD="POST" ACTION="#LOGINSCRIPT#">
    <TABLE BORDER=0 WIDTH="50%" >
    <TR>
    <TD></TD>
    <TD align="center"><H3>Please Log In</H3></TD>
    </TR>
    <TR>
    <TD WIDTH="100">User Name</TD>
    <TD><INPUT type=text name="Username" value="" size=30 maxlength=25></TD>
    </TR>
    <TR>
    <TD>Password</TD><TD>
    <INPUT type=password name="Password" value="" size=30 maxlength=25>
    <INPUT type=hidden name="CNXDATA" value="#CNXDATA#">
    </TR>
    <TR>
    <td>&nbsp;</td>
    <TD align="center"><INPUT TYPE="SUBMIT" VALUE="Login" ></TD>
    </TR>
    <TR>
    <td></td>
    <TD align="left">&nbsp;</TD>
    </TR>
    </TABLE></FORM>
    </CENTER>
    #SERVERNAME_URL_QUERYSTRING#<br>
    #NOW# - #FAMILY_ERRCODE#.#SHORT_ERRCODE#
    </body>
    </HTML>

    ---------------------------------------------------------------------
     

  • In field [Login Failure Msg] type a file name including a token #ISANONYMOUS#

    for example:

        file:#DAFWebFilesDir#session\failure#ISANONYMOUS#.htm

    Token #ISANONYMOUS# will resolve as 1 if the request is anonymous and 0 otherwise.
     
  • Make sure to name your login failure file with a "0" associated to the #ISANONYMOUS#. This way the login failure page won't be displayed in reply to an anonymous request for a protected resource..

    for example:

        c:\wwwroot\dafdata\webfiles\session\failure0.htm
     

    SAMPLE LOGIN FAILURE SOURCE CODE
    ---------------------------------------------------------------------

    <HTML>
    <HEAD>
    <TITLE>Login Failure</TITLE>
    </HEAD>

    <BODY>
    <CENTER>
    <H1>LOGIN FAILURE <br></H1>
    #ERROR_DESCRIPTION#
    <br><br>
    <A href="#LOGINFORM#?CNXDATA=#CNXDATA#">Retry</A>
    </CENTER>
    <br>
    <hr>
    #NOW# - #ERRORCODE#

    </body>
    </HTML>

    ---------------------------------------------------------------------