Using Web Manager
The BlueZone ASP Web Manager has a number of ways to automate the login of users to the system, making the login process completely transparent to the end user. See Note on Passwords, Note on Failed Logins.
Login is performed via the default.asp or the login_act.asp page, both located at the root of the Web Manager application directory. By forming an appropriate URL, you may login to the SWM application. See Login Options for available options.
By placing the following link on a web page, you can directed a user to www.yourServer.com and have them Login with the LoginID of user123.
<a href="http://www.yourServer.com/swm/login.asp?LoginID=user123"> Click Here to Connect to Host</a>
NOTE Any number of key/value pairs may be passed in the URL by following the form ?LoginID=user123&foo=bar&foo1=bar1.
Also, any text passed via the URL must be URL encoded text, as specified by RFC 1738: Uniform Resource Locators (URL) specification. URL encoding of a character consists of a "%" symbol, followed by the two-digit hexadecimal representation (case-insensitive) of the ISO-Latin code point for the character. E.G. a "space" must be encoded to "%20", so foo=My Text must be encoded to foo=My%20Text
Login is performed via the login.asp or the login_act.asp page, both located at the root of the Web Manager application directory. By directing the action of a form on another Web page you may send login information to login.asp. See Login Options for available options.
By placing the following form on a web page, you can directed a user to www.yourServer.com and have them Login with the LoginID of user123.
<input type="hidden" name="LoginID" value="user123">
<input type="submit" value="submit">
NOTE The above form uses a hidden variable for the LoginID, this could just have easily been a visible text input field named LoginID. Also, the method of the form could be either GET or POST. POST passes the variables in the header of the HTTP request, while GET passes the variables in a URL. POST text does not need to be URL encoded, while GET text must be.
Use login_act.asp to redirect user back to original page and when password is required.
Login_act.asp will allow you to login to the application with either LoginID and Password or just LoginID (if password is not required), it does not support LoginID=NT,String, IP,HOST or SHORTHOST. The main use of login_act.asp is that upon login failure, it will redirect the user back to the referring page. Therefore, you may have a link on the page www.SomeServer.com/links/ that points to www.myServer.com/swm/login_act.asp. If the login fails, the user will end up right back at www.SomeServer.com/links/. This allows Web Manager to remain transparent to the user, who never sees the login screen.
Use login.asp to prefill LoginID or to use options when password is not required.
Login.asp supports LoginID=NT,String, IP,HOST or SHORTHOST. It does not support LoginID/Password automated login. Upon failure, users are redirected to the login screen.
There are a number of available login options available to administrators of the Web Manager application. Use either the URL or FORM methods described above to pass the following key/value pairs.
Passing LoginID=String will attempt to login to the Web Manager with the LoginID of "String".
This option is for browsers logging into a page with NT challenge response. Once a users successfully negotiates the NT challenge response, the browser makes the user name variable available to the server. Web Manager will then attempt to login with the user name as provided by the user.
Web Manager will determine the IP address of the client machine and use it as the LoginID.
Web Manager will use the reverse DNS lookup service provided by IIS to determine the host name of the client machine. Web Manager will then use the host name as the LoginID. The reverse DNS lookup will attempt to find the machine name registered with the DNS server and will return the full machine name, in the form: "myMachine.myDomain.com". If no DNS entry is found, IIS will return the WINS name of the client machine. If no WINS name is found, IIS will return the IP address of the client machine.
NOTE Reverse DNS lookup must be enabled on the Web service of the IIS server, by default it is disabled. If reverse DNS is disabled, IIS will return the IP address of the client machine, which makes LoginID=HOST behave exactly the same as LoginID=IP. Consult your documentation for details on enabling reverse DNS lookup.
This option works identically to LoginID=HOST, with the exception that if Web Manager receives a full machine name string of the form: "myMachine.myDomain.com", it will then substring the string up to the first dot (.). Thus "myMachine.myDomain.com" would become "myMachine" which Web Manager will use as the LoginID.
Passing pWord=String will attempt to login to the Web Manager with the password of "String". E.G. pWord=openSesame.
NOTE For security reasons, it is very unwise to pass passwords in clear text over the Internet, or to write them out in URLs or FORM variables which can be viewed in the HTML source code. The pWord variable is provided as a convenience and may be used safely if appropriate security measures are taken. Use login_act.asp for loginID/pWord combinations, login.asp will simply prefill the loginID and force the user to enter a password.
If the administrator has configured Web Manager so that passwords are required for a user to login, then Web Manager will present a LoginID and password page to the user. If one of the above automated login options above is used, then Web Manager will prefill the LoginID with its determined value. If both a login option and the pWord option are used, then Web Manager will automatically perform the login (only via login_act.asp).
If passwords are not required, or if the pWord option is used in conjunction with a LoginID option, then the user will not see the LoginID and password page. They will transparently login and have host screens launched.
When performing automated logins, if the login fails:
Login.asp will present the user with the login screen.
Login_act.asp will determine the URL of the referring page and will redirect the user back to that page.