Server setting is for Basic Authentication. Giving the user a url to authenticate e.g., mynsf.nsf?opendatabase&login’, they are ‘authenticated’ throughout the app…I’ve placed @username computed text throughout and can see this. I see the username everywhere instead of ‘Anonymous’. Variation: skip the first log-in and instead try and edit a document but Anonymous user must log in to edit, I’m creating url ‘somedocument?EditDocument&login’, which works as they are prompted, log-in, and presented ‘somedocument’ in edit mode (ACL allows them to edit). Yet they now are not seemingly ‘authenticated’ in other parts of the site - they are now ‘Anonymous’ in view navigagtors, pages, etc…Is this expected behavior? With Basic Auth are you authenticated only at the level at which you perform the authentication, so going in at the database level (opendatabase&login) grants .nsf-wide access to the extent of your acl permissions, where just doing an ‘editdocument&login’ or ‘openpage&login’ only authenticates you at/to those elements and actions? Users seem more ‘logged-in’ with opendatabase&login thatn with any other action&login.
Been a long time since I’d done any domino web apps and wanted to understand this distinction. I know w/ Session Authentication and the default or a custom login form you, are tracked the entire session on that server, as if you were connected via rpc with your Notes Id…thanks for any clarification/enlightenment.
Subject: Basic authentication behavior on ‘opendatabase&login’
You are correct in that /path/db.nsf/view/document?editdocument will authenticate a user to the document level, while /path/db.nsf?opendatabase will authenticate on the database level. This is how basic authentication works. The correct term here is Realm, and is based on where in the directory structure you are when authenticating.
If you authenticate on /names.nsf?opendatabase, then you will be authenticated in the entire directory structure.
When I say directory structure, I mean the directory structure that the web browser sees. In that context, db.nsf and view are directories, and document is a html file.
Edit: Just to clarify: When authenticated in one directory, you have access to that directory and all subdirectories.
Subject: RE: Basic authentication behavior on ‘opendatabase&login’
Thanks for your reply. The bears out in my additional fiddling. As when, after I’ve authenticated only at the doc level (thedocument?opendocument&login) I navigate to a view with a url that’s simply ‘myview?openview’ … the $$viewform opens with the appropriate embedded view but I’m clearly back to being Anonymous…however when I do a ‘myview?Openview&login’ I’m taken to the view, no longer anonymous. I bring this all up as I’m trying to come up with a way - and there may not be one - to run under basic authentication but keep from having to execute ‘opendatabse&login’ after a user has traversed through the site. The default launch option executes and they are taken back to a ‘home’ page, whisking them from some content page they would have liked to edit. When I provide the ‘editdocument&login’ url for their convenience, they log-in and stay at that page, now in edit mode…but of course are anonymous at various non-document level areas of the site. I’m more familiar with session authentication and had to come to terms with this difference. thanks again.
Subject: RE: Basic authentication behavior on ‘opendatabase&login’
The solution would be to create a database in the root directory (directly in the data directory) that would have Anonymous set to No access, thus forcing login, and have your users start from that database. That way, they will be logged in to the root realm, which will contain the entire directory structure.