Date:  03/20/2007 10:35:40 AM Msg ID:  003365
From:  FoxWeb Support Thread:  003362
Subject:  Re: Auth
This capability has been built into the upcoming FoxWeb 4.0.  You can't do what you want with FoxWeb 3.  A possible work-around would be to have the browser send the user id and password back to the server.  The simplest way to do this is with a redirect:
 
... Code that gets the password from other application
Response.Redirect("scriptname.fwx?secUserID=XXX&secPassword=YYY")
Response.End
 
FoxWeb Support Team
support@foxweb.com email
Sent by Rob Thomas on 03/19/2007 09:04:01 PM:
 >>>>>> have the user id and password in your FoxWeb code and want to pass it to the Auth class for programmatic authentication
 This is the case...
Thanks Rob..
Sent by FoxWeb Support on 03/19/2007 10:23:12 AM:
Please give us a bit more info on your needs.  Do you already have the user id and password in your FoxWeb code and want to pass it to the Auth class for programmatic authentication, or do you want to link to a FoxWeb script from another web application and pass the userid and password in the link?  If it's the latter, you can do so by passing the user id and password in the query string:
http://servername/path/scriptname.fwx?secUserID=XXX&secPassword=YYY 

Please note that this is not a very secure technique and should not be used for applications that involve really sensitive information.  The two problems I can think of are:

  • The URLs remain in the browser cache and history, which means that they can be recalled later -- even after the user logs out.  In order to remove the password the user would have to clear the browser history and close the browser.
  • The password will visible in the browser's location bar, so any individuals looking over the operator's shoulder will be able to see it.  In the past we have seen users mitigating this problem by immediately redirecting the user to a different URL that does not contain the password, using the Response.Redirect method.
FoxWeb Support Team
support@foxweb.com email
Sent by Rob Thomas on 03/18/2007 11:45:48 PM:
Is there a way to authenticate a user without using a form?
I already have the User and Password from another program that I just want to pass to Auth without forcing the user to authenticate again.
Rob Thomas