I’m trying to make a page to allow my web users to reset thier passwords based on a secret question. If they answer the question correctly an agent will kick off and reset the password. The problem I’m facing is that names.nsf is not allowed to be opened by an anonymous user, therefore the agent can’t run and reset the password. Does anyone have a solution for reseting web passwords when a user has forgotten their old passwords?
Thanks,
Gil
Subject: RE; Password changing
The application where your users submits the password change, doesnt need to be in names.nsf. They could submit the password change request in a seperate database (as anonymous) and a scheduled agent with the correct permissions, could read those requests and update person doc in names.nsf if the security challenge was valid.
Alan
Subject: web agent
Hi Alan,
I have it in a separate NSF file, I was trying to call the agent as a web user on submit. That’s where I get the anonymous user can’t read names.nsf. Is it possible to run the agent as an anonymoust web user against names.nsf?
Thanks,
Gil
Subject: RE: Agent
I’m pretty sure there are Agent properties to “Run As Web User” and “Run on behalf of” which is what your looking for i think…
Alan
Subject: No, Run on behalf is ignored in web agents
Run on behalf is ignored on the web, the web uses run as web user which has a similar function.Run as web user that is turned on would give him anonmous user, so what he wants is to run as signer (which means turning off the run as web user, and signing the agent with that has proper access). See my previous post for details.
Subject: agent securty
The effective user of the agent is controlled by the flag which is called ‘run as web user’. How do you have that agent set? If you have as a web user the agent runs as anonumous and since anonymous is not allowed into names.nsf the user can’t access it. However, if you set your agent to run as agent signer and sign it with an id that has access to names.nsf you will be able to access it.