Ahh. I see it now. Great, Scott. You should send me a consulting invoice. :-) Thanks, Mark Mark D. Walter Senior Programmer/Analyst CCX, Inc. mwalter@xxxxxxxxxx http://www.ccxinc.com web400@scottkleme nt.com Sent by: To web400-bounces@mi Web Enabling the AS400 / iSeries drange.com <web400@xxxxxxxxxxxx> cc 03/10/2005 02:50 Subject PM Re: [WEB400] Switching Profiles Please respond to Web Enabling the AS400 / iSeries <web400@midrange. com> Hi Mark, > I'm generating a new profile token from the user profile in positions > 254 to 263 of the status data structure. It would be QTMHHTTP in this > case. Any ideas? I did it differently... instead of using the user profile that's listed in the PSDS, I actually grabbed a profile handle to the current userid BEFORE I switched, then I set that profile handle as active again after I was done. I use a lot of utility subprocedures in service programs, so it's really hard to post my code in a manner that would allow you to actually compile and run it -- I'd have to send you all of my utilities as well, which could turn into a whole production... But, here's a code snippet... hopefully it'll help you figure it out: *+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ * CGI_RunWithUserAuthority(): Run procedure w/User's Authority * * The HTTP Server (Powered by Apache) has the capability of * verifying a user's login w/the iSeries password file and * generating a profile token. When that configuration is * set up, this subprocedure can be called to run a subprocedure * under the authority of the given user. * * peFilename = (input) name of file that contains parameter * format of CGI data to send to callback. * * peCallback = (input) Procedure to call back with this info. * * Returns *ON if successful, *OFF otherwise. *+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ P CGI_RunWithUserAuthority... P B export D CGI_RunWithUserAuthority... D PI 1N D peCallback * procptr value D Callback PR extproc(peCallback) D wwHandle s 12A D wwB64Token s 64A varying D wwToken s 32A D wwErrMsg s 80A varying D wwErr ds likeds(ErrorCode) D inz(*likeds) D wwRC s 1N /free // // Check if we received a profile token from the Web server // and if so, decode the base64. // if (mygetenv('HTTP_AS_AUTH_PROFILETKN') = *NULL); SetError(CGI_NOTOKEN: 'No Profile Token Provided.'); return *OFF; endif; wwB64Token = %str(mygetenv('HTTP_AS_AUTH_PROFILETKN')); base64_decode( %addr(wwB64Token) + 2 : %len(wwB64Token) : %addr(wwToken) : %size(wwToken) ); // // Save the current security settings in wwHandle, // then switch to run with the authenticated user's // authority. // QSYGETPH('*CURRENT': '*NOPWD': wwHandle); QSYSETPT(wwToken: wwErr); if (wwErr.BytesAvail > 0); util_compose('QCPFMSG *LIBL' : wwErr.MsgID : wwErr.MsgData : wwErrMsg : %size(wwErrMsg)); SetError(CGI_BADTKN: wwErrMsg); QSYRLSPH(wwHandle); return *OFF; endif; // // Get the CGI parms & run the procedure // wwRC = *ON; monitor; Callback(); on-error; wwRC = *OFF; SetError(CGI_PRCCRSH: 'Callback procedure crashed.'); endmon; // // Reset back to the original user profile // QWTSETP(wwHandle); QSYRLSPH(wwHandle); return wwRC; /end-free P E So, the above routine is stored in a service program where it can be called by any/all of my CGI programs. Each CGI program's mainline looks like this: if CGI_RunWithUserAuthority(%paddr(DoRealWork)) = *OFF; ErrorMsg = CGI_Error(); // call a subprocedure to send the error msg to // the support staff. endif; *inlr = *on; // if appropriate That's the whole mainline... Everything else in the CGI program runs under the user's authority, and is placed in the DoRealWork() subprocedure (or another subprocedure that it calls...) That way, no matter what goes wrong, the program will still complete normally and still switch back to the original user. I know that this doesn't directly answer your question -- but since my service program seems to work okay, I thought maybe it'd help you to try my method. Good Luck -- This is the Web Enabling the AS400 / iSeries (WEB400) mailing list To post a message email: WEB400@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options, visit: http://lists.midrange.com/mailman/listinfo/web400 or email: WEB400-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/web400.