Where Developers Matter
Integrated Development Environments for Windows, Java, and Web Developers
|
| Log On

Domain authentication with WebSnap

Abstract: This article presents a component that adds a network domain authentication feature to WebSnap. By Gokhan Ergul.

Complete source code for the component and a test project can be found on CodeCentral, here.

If you've had the pleasure of using Delphi 6, you know by now that -- among a zillion other things -- it performs a lot of tasks with snap: BizSnap, DataSnap, and the brand new WebSnap. The new components and gizmos are nice, and they reflect an important truth. Borland has proved once again its expertise in developing open and extensible frameworks.

WebSnap is of course no exception, as I am about to demonstrate. The component shown below adds just a few blocks over the architecture already laid by Borland's WebSnap architects.

Out of the box, WebSnap offers components to add log0in facilities to your Web sites, and does that without requiring you to write a single line of code (that's the "snap" part). Renowned TeamB member Nick Hodges has already shown how to do that in a previous community article, so I'll just skip to the issue at hand.

If you've already done some work with WebSnap, you're probably tempted to write a dozen Web-based pet applications just for sport, or perhaps to facilitate your office productivity -- a Web-based to-do list for you and your colleagues, a calendar with your appointments on it, a bug-tracking system for your products -- well, you name it. Now, those apps won't be quite as slick if they don't require users to log on, so you'll have to manage user lists and passwords for each app you put on your intranet.

Well that's pesky, at best. And unnecessary, if you have a Windows NT/2000 network somewhere around, since it would surely provide you with authentication facilities without much hassle, and you wouldn't have to ask your users to remember yet another Web-site password to use your apps.

My DomainLoginFormAdapter component solves this problem: It takes the username and password supplied on the log-in page and passes them to the Win32 log-on API to perform behind-the-scenes authetication through the designated domain or server. If the log-on attempt succeeds, the user name is added to the WebUserList component of your WebSnap application and WebSnap processing continues as usual.

The implementation is actually quite easy. The key part is to override the log-in mechanism supplied by TLoginFormAdapterLoginAction to call the log-on API:

TDomainLoginFormAdapterLoginAction = class(TLoginFormAdapterLoginAction)
protected
  procedure ImplExecuteActionRequest(AActionRequest: IActionRequest; AActionResponse: IActionResponse); override;
end;

ImplExecuteActionRequest, which is practically the same as its overriden version, calls DoDomainLogin:

with TCustomDomainLoginFormAdapter(Adapter) do begin
...
    if UserList <> nil then
      UserID := DoDomainLogin
    else
      UserID := UserName;
...

This code in turn resorts to Win32's LogonUser API call to perform the authentication. If the call succeeds, the user is added to the WebUserList for WebSnap to refer to it later. And that's about it. Easy, huh?

Please be warned that log-on API is available only on Windows NT/2000 (and most probably on XP), so this component will not work on a Win9x. But you surely use a real operating system on your development/deployment machines, right?

Another requirement of the log-on API is that the calling process must have the SE_TCB_NAME privilege, which is granted through the "Act as part of operating system" access right. This shouldn't be an issue on deployment machines, since system-level services already have that privilege granted, so your WebSnap application running as a process under IIS will have no difficulty. But if you're developing and testing your application on Web App Debugger, you should make sure that right is granted to the logged-on user on your NT/2000 box.

So much for warnings -- let's get back to work.

To get it all working, all you need to do is create your WebSnap app as usual, and then put a TDomainLoginFormAdapter component on your log-in page instead of a TLoginFormAdapter. Set the DomainName property to the name of the domain/server that will authenticate your users, and you're all set. Run the app, enter your domain user name and password, and log on!

Now other thoughts spring to mind, but, hey, those will require a little more coding...

Gokhan Ergul is a Delphi user since Delphi 1, and grows to like it more with every new version. He can be found watching Galatasaray games and Star Trek TNG episodes, reading sociology and sci-fi books when he's not coding -- which is not so often!

Published on: 12/6/2001 10:27:43 AM

  Latest Comments  View All Add New RSS ATOM

Move mouse over comment to see the full text
Reply  Posted by Clinton Johnson on Feb 21 2002
<this message deleted>

Server Response from: BDN10A
   

Rating

   Share This
 

Borland® Copyright© 1994 - 2008 Borland Software Corporation. All rights reserved. Contact Us  |   Site Map  |   Legal Notices  |   Privacy Policy  |   Report Software Piracy