HTTP Server Data Store

This feature allows to define a HTTP Server as the user Data Store via a custom Url. DAF will query the Url specified to process authentication requets. 

When an HTTP Server is used as a Data Store, it is strongly recommeded to configure DAF in a way it will NOT  query the HTTP Server for each hit processed. There is two solutions to achieve this goal: Enable the User DB Cache ([User Database Settings/Cache]) and/or the User Session State ([User Database Settings/Session]).

By design, the HTTP Server is seen by DAF as a simple data store and not as validation server. In other words, if  the HTTP server provide user properties DAF will check if the password provided by the client is valid to grant or deny accesses. Therefore, if the User DB Cache is enabled, DAF will be able to store (in its cache) user properties returned by the HTTP Server, including in reply to a user login submitted with a wrong password. This way all following client hits using the same login will be processed with no need to query the HTTP Server.

1. HTTP Server query format:

DAF will submit queries via POST requests with the following format:

POST /custompath.asp HTTP/1.1
Host: <IP Address>
User-Agent: DAFClient/5.0
Content-Type: application/x-www-form-urlencoded
Content-Length: <content length>

Login=<user login>&Password=<user password>&DAFGroups=<DAF groups>&IPAddress=<Client IP address>&UserAgent=<User Agent>

For example:

Login=john&Password=left&DAFGroups=&IPAddress=192.168.0.14&UserAgent=Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR 1.0.3705; .NET CLR 1.1.4322)

2. HTTP Server reply expected format:

DAF Expects the following format for replies:

2.a If the user login is found:
(even with a wrong password provided by the client)

<CPhysicalDBEntry:100>[login],[Password],[Mapped NT Login],[Mapped NT password],[DAF Groups],[ExpirationDate],[Last visit date],[NbVisits],[Disabled],[ConcurrentAccessMax],[email],[NbWrongPassword],
</CPhysicalDBEntry>

The format for field "ExpirationDate" must be: YYYY-MM-DD


For example:

<CPhysicalDBEntry:100>John,left,,,grp1;grp2;grp3;grp4;grp5,2005-05-05,2003-03-03 19:14:27,8,0,0,myemail@domain.com,0,
</CPhysicalDBEntry>

 

2.b If the user login is Not found:

<ErrCode>0x02010000</ErrCode><ErrMsg>User Not Found</ErrMsg>

2.c If an error occurs will processing the request:

<ErrCode>[Error Number]</ErrCode><ErrMsg>[Error Message]</ErrMsg>

Where [Error Number] should different than zero and 0x02010000 and [Error Message] a string. These informations will be written in the DAF Logs.

For example:

    <ErrCode>5</ErrCode><ErrMsg>Can't connect to database</ErrMsg>

3. Current Limitations:

- the request body is not encrypted
- SSL connections with the remote server are not supported
- "User DB Local Copy" feature is not supported

4. ASP script sample:

The following ASP will allow user "john" to log in with password "left":

<%

Login = request.form("Login")

if strcomp(Login,"John",1)=0 then
    response.write "<CPhysicalDBEntry:100>John,left,,,,,,0,0,0,,0,</CPhysicalDBEntry>"
else
    response.write "<ErrCode>0x02010000</ErrCode><ErrMsg>User Not Found</ErrMsg>"
end if

%>