Date:  09/16/2009 01:55:27 PM Msg ID:  004032
From:  FoxWeb Support Thread:  004024
Subject:  Re: Verifying user is logged on in FoxWeb
So, are you implying that the asp site uses some sort of custom forms authentication? If yes, then your solution could work (as long as you can modify some of the asp code to insert and invalidate the cookies), but you need to be really careful to not miss anything.
FoxWeb Support Team
support@foxweb.com email
Sent by Ali Koumaiha on 09/16/2009 08:20:39 AM:
I was thinking the ASP side would drop a cookie for me with an hour expiration that contains the UserID (which i would use to locate anything about the user).

if the cookie is expired, i'd redirect them to the Main login page of ASP, otherwise, id continue.

if they logout from the ASP, then ASP would remove the cookie or expire it for me.

will that sorta works??
Sent by FoxWeb Support on 09/13/2009 06:53:24 PM:
What kind of authentication does the portal use? Does it have some kind of custom forms-based authentication, or does it use Basic authentication, in conjunction with Windows user accounts?
For forms-based authentication it may be possible to integrate the two systems, by passing tokens around in cookies, POST data, or the query string, but this is not very secure, because there's no way to invalidate a token once is expires, or the user logs out.
One option would be to use an HTTP component to make an HTTP request to a special ASP page from every protected fwx page. Your code should look for the authentication cookie used by the ASP application (I assume there is one) and include it in the custom HTTP request. The target of the request should be an ASP page that returns a different response, depending on whether the user is logged in, or not. This solution is a bit complicated and involves a performance hit, due to the additional requests, so it may not be feasible.
If the ASP site uses Basic authentication, then you could configure FoxWeb to "Use Web server's directory mappings" and enable the same type of authentication for the folders where your FoxWeb scripts are located. For a discussion of this option refer to the HTTP-Basic Authentication section of the Controlling Access to your Scripts topic of the FoxWeb documentation.
FoxWeb Support Team
support@foxweb.com email
Sent by Ali Koumaiha on 09/13/2009 07:04:58 AM:
Hi guys!

My new client in the works, is going to (hopefully) sign the agreement and agree for me to develop a custom web app that ties in to his current VFP ERP system.

I will be installing the following:

vfp9
FoxWeb 4.3
IIS win2k3 server.

However, he currently have a Web Portal running for his clients that is built in in asp (the web pages are .asp extensions).

He does not want 2 separate user/pwd for his clients (one for the asp and one for the fwx side).

he wants the asp to be the main log in, as it hosts his portal and other existing links etc..

I need to make sure the fwx are authenticated as well, since it ties in to the accounting system.

What's the best way for me to make sure that if a user clicked on a link (or typed in the url), i want to make sure that the fwx checks somethings (a cookie? a session?) and see if it was authenticated?

Can i have the asp side drop a cookie upon login in with the userid? and if they logout remove the cookie?

what's the best way to accomplish this?