The BlueZone ASP Web Manager has a number of ways to automate the log in of users to the system, making the login process
completely transparent to the end user.
Log in is performed through the
default.asp or the
login_act.asp page, both located at the root of the Web Manager application directory. By forming an appropriate URL, you can log in to
the SWM application. See
Login Options for available options.
Logging in through a URL
By placing the following link on a web page, you can directed a user to www.yourServer.com and have them log in with the login ID of user123.
<a href="http://www.yourServer.com/swm/login.asp?LoginID=user123"> Click Here to Connect to Host</a>
Note
Any number of key/value pairs can be passed in the URL by following the form
?LoginID=user123&foo=bar&foo1=bar1.
Also, any text passed via the URL must be URL encoded text, as specified by RFC 1738: Uniform Resource Locators (URL) specification.
URL encoding of a character consists of a percent sign (%), followed by the two-digit hexadecimal representation (case-insensitive)
of the ISO-Latin code point for the character. For example, a space must be encoded to %20, so foo=My Text must be encoded to foo=My%20Text
Logging in through a form
By placing the following form on a web page, you can directed a user to
www.yourServer.com and have them log in with the login ID of
user123.
<form action="http://www.yourServer.com/swm/login.asp" method="POST">
<input type="hidden" name="LoginID" value="user123">
<input type="submit" value="submit">
</form>
Note
The above form uses a hidden variable for the
LoginID, this could just have easily been a visible text input field named
LoginID. Also, the method of the form could be either GET or POST. POST passes the variables in the header of the HTTP request, while
GET passes the variables in a URL. POST text does not need to be URL encoded, while GET text must be.
login.asp vs. login_act.asp
login.asp
Use
login.asp to populate
LoginID or to use options when a password is not required.
login.asp supports LoginID=NT,String, IP,HOST, or SHORTHOST. It does not support login ID/password automated log in. Upon failure,
users are redirected to the login screen.
login_act.asp
Use
login_act.asp to redirect the user back to original page and when password is required.
login_act.asp allows you to login to the application with either LoginID and Password or just LoginID (if password is not required), it does not support LoginID=NT,String, IP,HOST, or SHORTHOST. The main use of login_act.asp is that upon login failure, it redirects the user back to the referring page. Therefore, you can have a link on the page
www.SomeServer.com/links/ that points to www.myServer.com/swm/login_act.asp. If the log in fails, the user is brought back at www.SomeServer.com/links/. This allows Web Manager to remain transparent to the user, who never sees the login screen.
Login options
There are a number of available login options available to administrators of the Web Manager application. Use either the
URL or FORM methods described above to pass the following key/value pairs.
LoginID=String
Passing
LoginID=String attempts to login to the Web Manager with the login ID of
String.
Usage: http://www.myServer.com/swm/login.asp?LoginID=user123
LoginID=NT
This option is for browsers logging into a page with NT challenge response. Once a users successfully negotiates the NT challenge
response, the browser makes the user name variable available to the server. Web Manager then attempts to log in with the
user name as provided by the user.
Usage: http://www.myServer.com/swm/login.asp?LoginID=NT
LoginID=IP
Web Manager determines the IP address of the client machine and uses it as the login ID.
Usage: http://www.myServer.com/swm/login.asp?LoginID=IP
LoginID=HOST
Web Manager uses the reverse DNS lookup service provided by IIS to determine the host name of the client machine. Web Manager
then uses the host name as the login ID. The reverse DNS lookup attempts to find the machine name registered with the DNS
server and returns the full machine name, in the form
myMachine.myDomain.com. If no DNS entry is found, IIS returns the WINS name of the client machine. If no WINS name is found, IIS returns the IP
address of the client machine.
Note
Reverse DNS lookup must be enabled on the Web service of the IIS server, by default it is disabled. If reverse DNS is disabled,
IIS returns the IP address of the client machine, which makes
LoginID=HOST behave exactly the same as
LoginID=IP. Consult your documentation for details on enabling reverse DNS lookup.
Usage: http://www.myServer.com/swm/login.asp?LoginID=HOST
LoginID=SHORTHOST
This option works identically to
LoginID=HOST, with the exception that if Web Manager receives a full machine name string of the form
myMachine.myDomain.com, it then substrings the string up to the first dot (.). Thus
myMachine.myDomain.com becomes
myMachine which Web Manager uses as the login ID.
Usage: http://www.myServer.com/swm/login.asp?LoginID=SHORTHOST
pWord=String
Passing
pWord=String attempts to log in to the Web Manager with the password of
String. E.G.
pWord=openSesame.
Note
For security reasons, it is very unwise to pass passwords in clear text over the Internet, or to write them out in URLs or
FORM variables which can be viewed in the HTML source code. The pWord variable is provided as a convenience and can be used
safely if appropriate security measures are taken. Use
login_act.asp for login ID/password combinations,
login.asp simply populates the login ID and forces the user to enter a password.
Usage: http://www.myServer.com/swm/login_act.asp?LoginID=String&pWord=String
Note on passwords
If the administrator has configured Web Manager so that passwords are required for a user to log in, then Web Manager presents
a login ID and password page to the user. If one of the above automated login options above is used, then Web Manager populates
the LoginID with its determined value. If both a login option and the pWord option are used, then Web Manager automatically performs the log in (only through login_act.asp).
If passwords are not required, or if the pWord option is used in conjunction with a LoginID option, then the user does not see the login ID and password page. They transparently log in and host screens launch.
Note on failed logins
When performing automated logins, if the log in fails:
|
• |
login.asp presents the user with the login screen.
|
|
• |
login_act.asp determines the URL of the referring page and redirects the user back to that page.
|