Re: User Authentication -- WEB400

Actually what I am trying now is just using web facing. I wrote some RPG 
ILE apps that will display the information to my users using sub files and 
then put a web facing project on top of it. The bonus I see with this is 
that every RGP die hard in our shop can do maintenance on the applications 
or add new ones. This way the only thing that I am exclusively responsible 
for is the web facing piece of it, this takes a little of the burden off 
of me. It seems to work okay for my purposes, and it performs fairly well 
when I try it from an OLD 98 machine with a dial up connection, this 
surprised me.

Now my issue is security.
If I put a web validation list for the / directory I would have thought 
this would prompt me for a user name when hitting my application. If I hit 
the index page it does, but if I enter the entire address (i.e. 
server:1000/AppDirectory) I can get right to it with no prompt for user 
and password. Anyone tell me how I should set the security up for my 
application to use a validation list???
I will want to use SSL too, but will tackle that after I get this piece 
working.

Sorry, a bit new to this world. If it were .NET and IIS I could get in 
there and do all this, now I find myself fumbling around.
Is the Web Admin interface the only GUI type admin for this stuff?? I 
don't like it........

Thanks!

    Dave Reiher
    System Analyst
    Prairie Farms Dairy - Corporate
    Ph: 217.854.2547 ext. 254
    dreiher@xxxxxxxxxxxxxxxx



Tom Jedrzejewicz <tomjedrz@xxxxxxxxx> 
Sent by: web400-bounces@xxxxxxxxxxxx
08/31/2005 07:34 PM
Please respond to
Web Enabling the AS400 / iSeries <web400@xxxxxxxxxxxx>


To
Web Enabling the AS400 / iSeries <web400@xxxxxxxxxxxx>
cc

Subject
Re: [WEB400] User Authentication






Recapping and adding thoughts ...

On 8/29/05, Dave Reiher/prairiefarms <DReiher@xxxxxxxxxxxxxxxx> wrote:
> 
> For starters, they currently log in to an old web site using an ID we
> assigned to them and it is their account number. I can't use a number as 
a
> user profile on the 400, can I?
> If I could do that, then I would just create each one of these as a 
usrprf
> and let that be my validation.


Better (as noted by several folks) to use validation lists. You can 
programmatically update the list from your list of users (or even directly 

from your customer maintenance program). 

I would really like to do that and place each report in the users folder,
> but then there are 2000 folders (2000 is a pretty static number), would
> that be an issue on the IFS??
> They are small reports, most are one page. So I don't believe that space
> would be a problem and each user would never have more than 4 reports
> which would always be overwritten each night or week or month.


If all of the reports are small, why not generate them on the fly, 
directly 
into HTML, using CGIDEV2 or one of the other CGI gateway simplifiers. 

The user connects to the site, is authenticated (against the validation 
list) and is presented with the "menu" page. When a report is selected, a 
program generates the "report" in HTML and sends it back to the driver. It 

is also possible (although I don't know how) to generate a PDF file on the 

fly.

Then you don't have to worry about managing 2000 folders and 8000 reports.

Not real sure where I want to go from here.......


Ain't technology grand?!