Login Form Type Configuration

Overview

A site security handler may be configured to allow users to log in via the Standard Authentication popup box or an HTML Login form.


       Standard Authentication popup box


                                    HTML Login form sample page

 

The [Login Form Type] window may be used to configure,

  • the logon type: HTML Login Form or Basic authentication

and, for HTML Login form only,

  • the logon and failure pages content
  • the logon scenario (always SSL, protected home page...)

To open the [Login Form Type] configuration Window:

  • Launch the DAF Configuration Tool
  • Expand your local computer
  • Expand item [IIS Sites Security Handlers]
  • Rigth click on a site and choose item [Security Handler...]

All text fields above may contain a Message, a Url, or a Text string.

 [Standard Authentication popup box (Basic authentication)]

Select this option to use the Standard authentication popup box. When this mode is enabled, all other settings on this window have no effect.

 [HTML Login Form]

Select this option to use an HTML Login form.

With this mode Session State must be Enabled

 [Except for User-Agents]

Data type: Text strings, comma separated.

For example: *FrontPage*,*Visual-Studio*.

In some case, the server must use Basic authentication even if HTML Login form is enabled. For example, FrontPage will handle correctly a credentials request only if it receive a HTTP failure status 401. 

The content of this field will be searched in the User Agent client information, if found HTML Login form is disabled and basic authentication is used.

 [Always use a SSL Connection to logon a user] & [SSL Port]

Select this option to force an SSL connection to logon a user. If client request a protected page via an unsecure connection the login form will be displayed via a redirection to initiate a secure connection.

If other then 443, specify the TCP/IP secure port in field SSL Port.

 [always forward to the Protected area Home page]

Select this option to always redirect to client towards a protected area home page whatever was the page requested before authentication.

 [always use a SSL connection]

Select this option to force the client to use an SSL connection after a successful authentication. When disabled, the same connection type (secure/unsecure) is used before and after authentication.

 [Login Form Msg]

Data type: Message

This message should contain the HTML login form source code, it is returned by the server when a client is required to authenticate.

Default value: file:#DAFWebFilesDir#\session\logon.htm

1. For a Login Form Msg defined as a file:

HTML Login form requirements:

The form ACTION should be "#LOGINSCRIPT#"

<FORM METHOD="POST" ACTION="#LOGINSCRIPT#">

and the form must contain the following input fields:

<INPUT type=text name="Username" value="">
<INPUT type=password name="Password" value="">
<INPUT type=hidden name="CNXDATA" value="#CNXDATA#">
<INPUT TYPE="SUBMIT" VALUE="Login">
</FORM>

Optional HTML fields:

- "UrlOnSuccess" to define a custom Url towards which the client should be redirected in case of a succesfull log on:

    <INPUT type=hidden name="UrlOnSuccess" value="http://<my web site>/logonok.asp">

- "EmptyLoginUrl" to define a custom Url towards which the client should be redirected if no credentials are provided:

    <INPUT type=hidden name="EmptyLoginUrl" value="http://<my web site>/logonok.asp">

2. For a Login Form Msg defined as a Url:

For example:

url:/session/logonform.asp
url:https://<my web site>/session/logonform.asp?cnxdata=#cnxdata#
url:/session/logonform.asp?IsAnonymous=#IsAnonymous#&ErrCode=#ErrorCode#&ErrString=#ERROR_DESCRIPTION#

HTML Login form requirements:

The form ACTION should be "/dcmd/iis/<site ID>/logon.htm", where may be <Site ID> to log on the current IIS site  "0", or an explicit IIS site ID:

<FORM METHOD="POST" ACTION="/dcmd/iis/453622/logon.htm">

and the form must contain the following input fields:

<INPUT type=text name="Username" value="">
<INPUT type=password name="Password" value="">
<INPUT TYPE="SUBMIT" VALUE="Login">
</FORM>

Optional HTML fields:

- "UrlOnSuccess" to define a custom Url towards which the client should be redirected in case of a succesfull log on:

    <INPUT type=hidden name="UrlOnSuccess" value="http://<my web site>/logonok.asp">

- "EmptyLoginUrl" to define a custom Url towards which the client should be redirected if no login/password are provided:

    <INPUT type=hidden name="EmptyLoginUrl" value="http://<my web site>/logonok.asp">
 

If the initial client request is needed further, for example to retreive, in the protected home script, the Url requested initially, it is necessary to provide the connection data with the credentials.

a. The token #cnxdata# must be added to the login form msg url:

url:https://<my web site>/session/logonform.asp?cnxdata=#cnxdata#

b. The connection data must be inserted in the form as a hidden field:

<INPUT type=hidden name="<%= request.querystring("CNXDATA") %>" value="">
 

See also:
How to implement a login form page containing a failure description
How to implement a login form page and a dedicated failure page
How to implement a login form on a home page
How to define custom DAF error description message (#ERROR_DESCRIPTION#)

How to use the requested Url after a successful log-on
How to use "UrlOnSuccess" HTML input field

 [Login Script Url]   

Data type: Url

This Url is the address of the DAF Engine able to handle the authentication request. In most case the default value do not nned to be changed.

Default value: /dcmd/iis/#SiteID#/logon.htm

Despite the ".htm" extension, this Url actually involve the DAF Engine.

 [Log Off Url:]

Data type: Url (Relative only)

The Url will be interpreted by DAF as a log off request.

Default value: logoff.htm

 [Log Off Msg]

Data type: Message

The Message is returned by the server on client log off (Log Off Url requested).

Tokens supported:

  • LOGOFF_IS_SUCCESS:1=success, 0=error
  • LOGOFF_RESULT_CODE: Error code
  • LOGOFF_RESULT_MSG: Error description

To use an ASP script to report the logoff result to the user:

1) Specify an ".asp" script as the "Log Off Url": logoff.asp

2) Define an "Log Off Msg" as an "url:" with a DIFFERENT file name.

For example:
Log Off Url: logoff.asp
Log Off Msg: url:/Session/logoffmsg.asp?Code=#LOGOFF_RESULT_CODE#

Default value: file:#DAFWebFilesDir#session\logoff.htm

 [Login Failure Msg]

 Data type: Message

This message is returned by the server to notify the client of a failure to process request due to permission. Usually, it will present an error message. If the message is empty or refer to a file which does not exist the login form is displayed.

For failure message defined as a url, the token "#IgnoreAnonymousHit#" may be used to not redirect towards the failure url in case of an anonymous hit (beta 10 build 5913 and above).

For example:
Login Failure Msg: url:/failure.asp?ErrorCode=#ErrorCode#
Login Failure Msg: url:/failure.asp?ErrorCode=#ErrorCode##IgnoreAnonymousHit#
Login Failure Msg: url:https://<my site>/failure.asp?ErrorCode=#ErrorCode##IgnoreAnonymousHit#
Login Failure Msg: file:/session/failure.asp?ErrorCode=#ErrorCode#

For failure message defined as a Url, it is strongly recommended to not display a login form in the failure message. If you wish to display on the same page a failure notice and a login form you should handle the display of the failure message in the login form msg define as a url pointing a script.

Default value: empty

If this data include images, make sure to store these files in a DMZ directory.

See also:
How to define custom DAF error description message (ERROR_DESCRIPTION)

 [Protected area Home Page Url]

Data type: Url

This data is used only if option [always forward to the Protected area Home page] is checked. When active, the client will always be redirected towards this Url fater a successful logon.

To set the requested URL as a query string parameter, define a protected area home page as below:

/ProtectedHomePage.asp?URL=#URL#

 [DMZ Directory Url]

Data type: Url

This Url define an always unprotected area (called DMZ directory.) In several cases, images or pages must be stored in a DMZ directory.

For example:

- images included in a failure notification page need to be displayed even if access is denied to the client (account expired or disabled, IP Filtering...).
- rollover images also need to be stored in a DMZ directory. Otherwise, each request generated by a rollover would reset the inactivity delay counter.


See also:

How to implement a login form page
How to implement a login form on a home page

How to define custom DAF error description message (ERROR_DESCRIPTION)
How to implement a secure (SSL) login page
How to implement an ASP login script
How to use a central authentication server
How to insert an image on a login form or a failure page