Login in and client_username

classic Classic list List threaded Threaded
14 messages Options
Reply | Threaded
Open this post in threaded view
|

Login in and client_username

Marc Vos-3
Hello everyone,

I've encountered something really weird. To start, here's the code:

Client_username: [client_username], size: [client_username->size]

I use Lasso security, Lasso 8.0.4/5, Mac OS X 10.3.9.

1) When I call the URL http://<ip>/test.lasso without any username, the
browser pops up a login dialog, which is correct. When I enter the username
and password, this is the result:

Client_username: mytestuser, size: 10

2) Now I quit the browser to logout, start it up again and enter the
following URL:

http://mytestuser:password@<ip>/test.lasso

A) IE says incorrect syntax, which it nowadays is. So I can't log in.
B) FireFox warns me that I'm about to login. Okay by me, I click okay and I
am logged in. This is what I get:

Client_username: mytestuser, size: 10

3) I quit the browser again, start it up and use the common URL:

http://<ip>/test.lasso?-username=mytestuser&-password=password

This is where the weird thing happens: I am being logged in BUT this is my
output:

Client_username: , size: 0

The Lasso variable 'client_username' is EMPTY !?


Does anybody have a clue?


-Marc Vos
* * * * * * * * * * * * * * * * * * * * * * * *
Goodyear Dunlop Tires Germany GmbH
Private:  http://marc.vos.net/
* * * * * * * * * * * * * * * * * * * * * * * *




--
------------------------------
Lasso Support: http://support.omnipilot.com/
Search the list archives: http://www.listsearch.com/lassotalk.lasso
Manage your list subscription:  
http://www.listsearch.com/lassotalk.lasso?manage
Reply | Threaded
Open this post in threaded view
|

Re: Login in and client_username

Olivier Miossec


> A) IE says incorrect syntax, which it nowadays is. So I can't log in.
This syntaxe is no longer permited with lastest IE version


---
Olivier Miossec
AIM/ichat omiossec
--
http://www.lasso-developpeur.net
--

Need a Lasso consultant ?
(Lasso, Java, Databases Consultant ...)
http://www.lasso-developpeur.net/oliviermiossec/

--
------------------------------
Lasso Support: http://support.omnipilot.com/
Search the list archives: http://www.listsearch.com/lassotalk.lasso
Manage your list subscription:  
http://www.listsearch.com/lassotalk.lasso?manage
Reply | Threaded
Open this post in threaded view
|

Re: Login in and client_username

Marc Vos-3
In reply to this post by Marc Vos-3
Olivier,

I know and that's not the issue, the issue is number 3: an empty
client_username variable when I am logged in.

-Marc


On 06-06-2005 11:44, "Olivier Miossec" <[hidden email]> wrote:

>
>
>> A) IE says incorrect syntax, which it nowadays is. So I can't log in.
> This syntaxe is no longer permited with lastest IE version
>
>
> ---
> Olivier Miossec
> AIM/ichat omiossec
> --
> http://www.lasso-developpeur.net
> --
>
> Need a Lasso consultant ?
> (Lasso, Java, Databases Consultant ...)
> http://www.lasso-developpeur.net/oliviermiossec/



--
------------------------------
Lasso Support: http://support.omnipilot.com/
Search the list archives: http://www.listsearch.com/lassotalk.lasso
Manage your list subscription:  
http://www.listsearch.com/lassotalk.lasso?manage
Reply | Threaded
Open this post in threaded view
|

Re: Login in and client_username

Wade Maxfield
In reply to this post by Marc Vos-3
>Hello everyone,
>
>I've encountered something really weird. To start, here's the code:
>
>Client_username: [client_username], size: [client_username->size]
>
>I use Lasso security, Lasso 8.0.4/5, Mac OS X 10.3.9.
>
>1) When I call the URL http://<ip>/test.lasso without any username, the
>browser pops up a login dialog, which is correct. When I enter the username
>and password, this is the result:
>
>Client_username: mytestuser, size: 10
>
>2) Now I quit the browser to logout, start it up again and enter the
>following URL:
>
>http://mytestuser:password@<ip>/test.lasso
>
>A) IE says incorrect syntax, which it nowadays is. So I can't log in.
>B) FireFox warns me that I'm about to login. Okay by me, I click okay and I
>am logged in. This is what I get:
>
>Client_username: mytestuser, size: 10
>
>3) I quit the browser again, start it up and use the common URL:
>
>http://<ip>/test.lasso?-username=mytestuser&-password=password
>
>This is where the weird thing happens: I am being logged in BUT this is my
>output:
>
>Client_username: , size: 0
>
>The Lasso variable 'client_username' is EMPTY !?
>
>Does anybody have a clue?
>

Yep.  [client_username] returns the value of the username as specifed
by the web browser using HTTP authentication.  When the browser pops
up the dialog box for authentication, that is HTTP authentication.
You are probably using the entered values for your own authentication
by calling [client_username] in your inline.

When you use the common URL
test.lasso?-username=mytestuser&-password=password,  username is
being supplied as a GET parameter, which is totally different.

http://httpd.apache.org/docs/howto/auth.html has lots of info about
HTTP authentication.

  - Wade

--
------------------------------
Lasso Support: http://support.omnipilot.com/
Search the list archives: http://www.listsearch.com/lassotalk.lasso
Manage your list subscription:  
http://www.listsearch.com/lassotalk.lasso?manage
Reply | Threaded
Open this post in threaded view
|

Re: Login in and client_username

Marc Vos-3
In reply to this post by Marc Vos-3
Hi Wade,

Sure it's different, but any way I call the page, Lasso logs me in. So
[client_username] should be available, regardless of GET or POST. And I, as
a programmer shouldn't have to worry about how a user logs in. Lasso takes
care of that.

-Marc

On 06-06-2005 12:01, "Wade Maxfield" <[hidden email]> wrote:

>> Hello everyone,
>>
>> I've encountered something really weird. To start, here's the code:
>>
>> Client_username: [client_username], size: [client_username->size]
>>
>> I use Lasso security, Lasso 8.0.4/5, Mac OS X 10.3.9.
>>
>> 1) When I call the URL http://<ip>/test.lasso without any username, the
>> browser pops up a login dialog, which is correct. When I enter the username
>> and password, this is the result:
>>
>> Client_username: mytestuser, size: 10
>>
>> 2) Now I quit the browser to logout, start it up again and enter the
>> following URL:
>>
>> http://mytestuser:password@<ip>/test.lasso
>>
>> A) IE says incorrect syntax, which it nowadays is. So I can't log in.
>> B) FireFox warns me that I'm about to login. Okay by me, I click okay and I
>> am logged in. This is what I get:
>>
>> Client_username: mytestuser, size: 10
>>
>> 3) I quit the browser again, start it up and use the common URL:
>>
>> http://<ip>/test.lasso?-username=mytestuser&-password=password
>>
>> This is where the weird thing happens: I am being logged in BUT this is my
>> output:
>>
>> Client_username: , size: 0
>>
>> The Lasso variable 'client_username' is EMPTY !?
>>
>> Does anybody have a clue?
>>
>
> Yep.  [client_username] returns the value of the username as specifed
> by the web browser using HTTP authentication.  When the browser pops
> up the dialog box for authentication, that is HTTP authentication.
> You are probably using the entered values for your own authentication
> by calling [client_username] in your inline.
>
> When you use the common URL
> test.lasso?-username=mytestuser&-password=password,  username is
> being supplied as a GET parameter, which is totally different.
>
> http://httpd.apache.org/docs/howto/auth.html has lots of info about
> HTTP authentication.
>
>   - Wade



--
------------------------------
Lasso Support: http://support.omnipilot.com/
Search the list archives: http://www.listsearch.com/lassotalk.lasso
Manage your list subscription:  
http://www.listsearch.com/lassotalk.lasso?manage
Reply | Threaded
Open this post in threaded view
|

Re: Login in and client_username

Wade Maxfield
In reply to this post by Marc Vos-3
>Hi Wade,
>
>Sure it's different, but any way I call the page, Lasso logs me in. So
>[client_username] should be available, regardless of GET or POST. And I, as
>a programmer shouldn't have to worry about how a user logs in. Lasso takes
>care of that.
>
>-Marc
>
>On 06-06-2005 12:01, "Wade Maxfield" <[hidden email]> wrote:
>
>>>  Hello everyone,
>>>
>>>  I've encountered something really weird. To start, here's the code:
>>>
>>>  Client_username: [client_username], size: [client_username->size]
>>>
>>>  I use Lasso security, Lasso 8.0.4/5, Mac OS X 10.3.9.
>>>
>>>  1) When I call the URL http://<ip>/test.lasso without any username, the
>>>  browser pops up a login dialog, which is correct. When I enter the username
>>>  and password, this is the result:
>>>
>>>  Client_username: mytestuser, size: 10
>>>
>>>  2) Now I quit the browser to logout, start it up again and enter the
>>>  following URL:
>>>
>>>  http://mytestuser:password@<ip>/test.lasso
>>>
>>>  A) IE says incorrect syntax, which it nowadays is. So I can't log in.
>>>  B) FireFox warns me that I'm about to login. Okay by me, I click okay and I
>>>  am logged in. This is what I get:
>>>
>>>  Client_username: mytestuser, size: 10
>>>
>>>  3) I quit the browser again, start it up and use the common URL:
>>>
>>>  http://<ip>/test.lasso?-username=mytestuser&-password=password
>>>
>>>  This is where the weird thing happens: I am being logged in BUT this is my
>>>  output:
>>>
>>>  Client_username: , size: 0
>>>
>>>  The Lasso variable 'client_username' is EMPTY !?
>>>
>>>  Does anybody have a clue?
>>>
>>
>>  Yep.  [client_username] returns the value of the username as specifed
>>  by the web browser using HTTP authentication.  When the browser pops
>>  up the dialog box for authentication, that is HTTP authentication.
>>  You are probably using the entered values for your own authentication
>>  by calling [client_username] in your inline.
>>
>>  When you use the common URL
>>  test.lasso?-username=mytestuser&-password=password,  username is
>>  being supplied as a GET parameter, which is totally different.
>>
>>  http://httpd.apache.org/docs/howto/auth.html has lots of info about
>>  HTTP authentication.
>>
>  >   - Wade

Hmmm. I always thought [client_username] only returned the value
specified via HTTP authentication. But after carefully re-reading the
tag description (
http://ldml.omnipilot.com/LDMLReference.0.LassoApp?tag=12 ), I think
your results from test 3 are incorrect/buggy.  From what the tag
description says, it should probably return the value passed to the
page as you expected.  What other code have you got on test.lasso?
You haven't got [client_username] inside an inline of any kind?

- Wade


--
------------------------------
Lasso Support: http://support.omnipilot.com/
Search the list archives: http://www.listsearch.com/lassotalk.lasso
Manage your list subscription:  
http://www.listsearch.com/lassotalk.lasso?manage
Reply | Threaded
Open this post in threaded view
|

Re: Login in and client_username

Marc Vos-3
In reply to this post by Marc Vos-3
Wade,

I discovered this because our pages have to be called from another site as
of today, without having the user to login twice. I.e. The user logs in on
site 1 and they provide a clickable URL to site 2. We use the same username
and password on both sites.

Site 1 has nothing to do with Lasso whatsoever. So we agreed to use the old
syntax (number 2) which is now being blocked in MSIE. Okay, I said, I'll see
what Lasso offers. The Lasso manual says that we have three ways to login
(see page 39 of the Lasso 8 manual). Nowhere in the manual can you find that
when you use method 3 (-username&-password) the client_username variable
remains empty.

So I created a test-page with the following:

 // Lasso security
 [auth_group: 'somegroup']

 <html>
    <body>
        client_username: [client_username], [client_username->size]<br>
        action_params: [action_params], [action_params->size]<br>
        client_getparams: [client_getparams], [client_getparams->size]<br>
        [client_getparams->find('-username')->first->second]
    </body>
</html>

When you use this, you'll see that only with method number 3,
client_username remains empty.

-Marc

On 06-06-2005 12:41, "Wade Maxfield" <[hidden email]> wrote:

>> Hi Wade,
>>
>> Sure it's different, but any way I call the page, Lasso logs me in. So
>> [client_username] should be available, regardless of GET or POST. And I, as
>> a programmer shouldn't have to worry about how a user logs in. Lasso takes
>> care of that.
>>
>> -Marc
>>
>> On 06-06-2005 12:01, "Wade Maxfield" <[hidden email]> wrote:
>>
>>>>  Hello everyone,
>>>>
>>>>  I've encountered something really weird. To start, here's the code:
>>>>
>>>>  Client_username: [client_username], size: [client_username->size]
>>>>
>>>>  I use Lasso security, Lasso 8.0.4/5, Mac OS X 10.3.9.
>>>>
>>>>  1) When I call the URL http://<ip>/test.lasso without any username, the
>>>>  browser pops up a login dialog, which is correct. When I enter the
>>>> username
>>>>  and password, this is the result:
>>>>
>>>>  Client_username: mytestuser, size: 10
>>>>
>>>>  2) Now I quit the browser to logout, start it up again and enter the
>>>>  following URL:
>>>>
>>>>  http://mytestuser:password@<ip>/test.lasso
>>>>
>>>>  A) IE says incorrect syntax, which it nowadays is. So I can't log in.
>>>>  B) FireFox warns me that I'm about to login. Okay by me, I click okay and
>>>> I
>>>>  am logged in. This is what I get:
>>>>
>>>>  Client_username: mytestuser, size: 10
>>>>
>>>>  3) I quit the browser again, start it up and use the common URL:
>>>>
>>>>  http://<ip>/test.lasso?-username=mytestuser&-password=password
>>>>
>>>>  This is where the weird thing happens: I am being logged in BUT this is my
>>>>  output:
>>>>
>>>>  Client_username: , size: 0
>>>>
>>>>  The Lasso variable 'client_username' is EMPTY !?
>>>>
>>>>  Does anybody have a clue?
>>>>
>>>
>>>  Yep.  [client_username] returns the value of the username as specifed
>>>  by the web browser using HTTP authentication.  When the browser pops
>>>  up the dialog box for authentication, that is HTTP authentication.
>>>  You are probably using the entered values for your own authentication
>>>  by calling [client_username] in your inline.
>>>
>>>  When you use the common URL
>>>  test.lasso?-username=mytestuser&-password=password,  username is
>>>  being supplied as a GET parameter, which is totally different.
>>>
>>>  http://httpd.apache.org/docs/howto/auth.html has lots of info about
>>>  HTTP authentication.
>>>
>>>   - Wade
>
> Hmmm. I always thought [client_username] only returned the value
> specified via HTTP authentication. But after carefully re-reading the
> tag description (
> http://ldml.omnipilot.com/LDMLReference.0.LassoApp?tag=12 ), I think
> your results from test 3 are incorrect/buggy.  From what the tag
> description says, it should probably return the value passed to the
> page as you expected.  What other code have you got on test.lasso?
> You haven't got [client_username] inside an inline of any kind?
>
> - Wade
>



--
------------------------------
Lasso Support: http://support.omnipilot.com/
Search the list archives: http://www.listsearch.com/lassotalk.lasso
Manage your list subscription:  
http://www.listsearch.com/lassotalk.lasso?manage
Reply | Threaded
Open this post in threaded view
|

Re: Login in and client_username

Fletcher Sandbeck
In reply to this post by Marc Vos-3
On 6/6/05 at 12:14 PM by [hidden email] (Marc Vos):

>Hi Wade,
>
>Sure it's different, but any way I call the page, Lasso logs me in. So
>[client_username] should be available, regardless of GET or POST. And I, as
>a programmer shouldn't have to worry about how a user logs in. Lasso takes
>care of that.

All of the [Client_...] tags return information about the current HTTP request that the client made.  [Client_Username] and [Client_Password] only return a value if the username and password were sent using one of the available authorization schemes in the HTTP request from the header.  This will happen when you enter a username and password into a dialog box presented by a Web browser or when you enter a username and password into a URL like http://username:password@....

The tag you are looking for is [Admin_CurrentUsername].  This tag returns the username from Lasso Security whose permissions are being used to execute the current block of code.  This tag will return the current authenticated username no matter what method of authentication was used.

[fletcher]
--
Fletcher Sandbeck                         [hidden email]
Lasso Product Specialist              [hidden email]
OmniPilot Software, Inc.                http://www.omnipilot.com

--
------------------------------
Lasso Support: http://support.omnipilot.com/
Search the list archives: http://www.listsearch.com/lassotalk.lasso
Manage your list subscription:  
http://www.listsearch.com/lassotalk.lasso?manage
Reply | Threaded
Open this post in threaded view
|

Re: Login in and client_username

Marc Vos-3
In reply to this post by Marc Vos-3
Hi Fletcher,

THanks for the answer, I will try this and see if I get the same results.

This all is not quite clear in the manual. In the manual it looks as if
[client_username] holds completely different data as [admin_currentusername]
does, but you say it is the same. Then why does [client_username] exist? Or
why are there two different ones?

-Marc Vos
* * * * * * * * * * * * * * * * * * * * * * * *
Goodyear Dunlop Tires Germany GmbH
Private:  http://marc.vos.net/
* * * * * * * * * * * * * * * * * * * * * * * *




On 06-06-2005 17:56, "Fletcher Sandbeck" <[hidden email]> wrote:

> On 6/6/05 at 12:14 PM by [hidden email] (Marc Vos):
>
>> Hi Wade,
>>
>> Sure it's different, but any way I call the page, Lasso logs me in. So
>> [client_username] should be available, regardless of GET or POST. And I, as
>> a programmer shouldn't have to worry about how a user logs in. Lasso takes
>> care of that.
>
> All of the [Client_...] tags return information about the current HTTP request
> that the client made.  [Client_Username] and [Client_Password] only return a
> value if the username and password were sent using one of the available
> authorization schemes in the HTTP request from the header.  This will happen
> when you enter a username and password into a dialog box presented by a Web
> browser or when you enter a username and password into a URL like
> http://username:password@....
>
> The tag you are looking for is [Admin_CurrentUsername].  This tag returns the
> username from Lasso Security whose permissions are being used to execute the
> current block of code.  This tag will return the current authenticated
> username no matter what method of authentication was used.
>
> [fletcher]



--
------------------------------
Lasso Support: http://support.omnipilot.com/
Search the list archives: http://www.listsearch.com/lassotalk.lasso
Manage your list subscription:  
http://www.listsearch.com/lassotalk.lasso?manage
Reply | Threaded
Open this post in threaded view
|

Re: Login in and client_username

Fletcher Sandbeck
In reply to this post by Marc Vos-3
On 6/6/05 at 9:38 PM by [hidden email] (Marc Vos):

>Hi Fletcher,
>
>THanks for the answer, I will try this and see if I get the same results.
>
>This all is not quite clear in the manual. In the manual it looks as if
>[client_username] holds completely different data as [admin_currentusername]
>does, but you say it is the same. Then why does [client_username] exist? Or
>why are there two different ones?

[Client_Username] reports the username that was sent with the authentication information in the HTTP request header.  [Admin_CurrentUsername] reports the user which Lasso will use to determine what permissions apply to the currently running block of code.  One is giving you information about the HTTP request (or the client request) and the other is giving you information about Lasso's built-in security (or administration).  [Client_Username] will report the same value all the way down a page.  [Admin_CurrentUsername] will change within inlines that have -Username and -Password parameters and also within privileged custom tags.

[fletcher]
--
Fletcher Sandbeck                         [hidden email]
Lasso Product Specialist              [hidden email]
OmniPilot Software, Inc.                http://www.omnipilot.com

--
------------------------------
Lasso Support: http://support.omnipilot.com/
Search the list archives: http://www.listsearch.com/lassotalk.lasso
Manage your list subscription:  
http://www.listsearch.com/lassotalk.lasso?manage
Reply | Threaded
Open this post in threaded view
|

Re: Login in and client_username

Marc Vos-3
In reply to this post by Marc Vos-3
Aha! So that's the difference. Thanks for the explanation.

Thanks,

-Marc Vos


On 06-06-2005 22:38, "Fletcher Sandbeck" <[hidden email]> wrote:

> On 6/6/05 at 9:38 PM by [hidden email] (Marc Vos):
>
>> Hi Fletcher,
>>
>> THanks for the answer, I will try this and see if I get the same results.
>>
>> This all is not quite clear in the manual. In the manual it looks as if
>> [client_username] holds completely different data as [admin_currentusername]
>> does, but you say it is the same. Then why does [client_username] exist? Or
>> why are there two different ones?
>
> [Client_Username] reports the username that was sent with the authentication
> information in the HTTP request header.  [Admin_CurrentUsername] reports the
> user which Lasso will use to determine what permissions apply to the currently
> running block of code.  One is giving you information about the HTTP request
> (or the client request) and the other is giving you information about Lasso's
> built-in security (or administration).  [Client_Username] will report the same
> value all the way down a page.  [Admin_CurrentUsername] will change within
> inlines that have -Username and -Password parameters and also within
> privileged custom tags.
>
> [fletcher]



--
------------------------------
Lasso Support: http://support.omnipilot.com/
Search the list archives: http://www.listsearch.com/lassotalk.lasso
Manage your list subscription:  
http://www.listsearch.com/lassotalk.lasso?manage
Reply | Threaded
Open this post in threaded view
|

Re: Login in and client_username

Marc Vos-3
In reply to this post by Marc Vos-3
Fletcher,

But still, what you are saying would make it mandatory for Lasso to also
fill [client_username] and [client_password] when a user logs in with
-username&-password because only then I will have the correct username, also
when I'm in an inline which is called with, say, a fixed username and
password... so I still think that an empty [client_username] is incorrect.

So I hereby put in a feature request to also fill [client_username] and
[client_password] with values passed as GET parameters.

What do you think? And what could be a reason not to do this?


Regards,

-Marc Vos
* * * * * * * * * * * * * * * * * * * * * * * *
Goodyear Dunlop Tires Germany GmbH
Private:  http://marc.vos.net/
* * * * * * * * * * * * * * * * * * * * * * * *



On 06-06-2005 22:38, "Fletcher Sandbeck" <[hidden email]> wrote:

> On 6/6/05 at 9:38 PM by [hidden email] (Marc Vos):
>
>> Hi Fletcher,
>>
>> THanks for the answer, I will try this and see if I get the same results.
>>
>> This all is not quite clear in the manual. In the manual it looks as if
>> [client_username] holds completely different data as [admin_currentusername]
>> does, but you say it is the same. Then why does [client_username] exist? Or
>> why are there two different ones?
>
> [Client_Username] reports the username that was sent with the authentication
> information in the HTTP request header.  [Admin_CurrentUsername] reports the
> user which Lasso will use to determine what permissions apply to the currently
> running block of code.  One is giving you information about the HTTP request
> (or the client request) and the other is giving you information about Lasso's
> built-in security (or administration).  [Client_Username] will report the same
> value all the way down a page.  [Admin_CurrentUsername] will change within
> inlines that have -Username and -Password parameters and also within
> privileged custom tags.
>
> [fletcher]



--
------------------------------
Lasso Support: http://support.omnipilot.com/
Search the list archives: http://www.listsearch.com/lassotalk.lasso
Manage your list subscription:  
http://www.listsearch.com/lassotalk.lasso?manage
Reply | Threaded
Open this post in threaded view
|

Re: Login in and client_username

Marc Vos-3
In reply to this post by Marc Vos-3
Here's a custom taggie for those who use [client_username] throughout a
page:

// Needed as long as Lasso does not fill the client_username
// with the GET parameters.
define_tag('mv_username');
    if (client_username->size != 0);
        local('usr') = client_username;
    else(client_getparams->find('-username')->first->second->size != 0);
        local('usr') = client_getparams->find('-username')->first->second;
    else(admin_currentusername->size != 0);
        local('usr') = admin_currentusername;
    else;
        local('usr') = 'ANYUSER';
    /if;
    return(#usr);  
/define_tag;


Regards,

-Marc Vos
* * * * * * * * * * * * * * * * * * * * * * * *
Goodyear Dunlop Tires Germany GmbH
Private:  http://marc.vos.net/
* * * * * * * * * * * * * * * * * * * * * * * *




On 06-06-2005 17:56, "Fletcher Sandbeck" <[hidden email]> wrote:

> On 6/6/05 at 12:14 PM by [hidden email] (Marc Vos):
>
>> Hi Wade,
>>
>> Sure it's different, but any way I call the page, Lasso logs me in. So
>> [client_username] should be available, regardless of GET or POST. And I, as
>> a programmer shouldn't have to worry about how a user logs in. Lasso takes
>> care of that.
>
> All of the [Client_...] tags return information about the current HTTP request
> that the client made.  [Client_Username] and [Client_Password] only return a
> value if the username and password were sent using one of the available
> authorization schemes in the HTTP request from the header.  This will happen
> when you enter a username and password into a dialog box presented by a Web
> browser or when you enter a username and password into a URL like
> http://username:password@....
>
> The tag you are looking for is [Admin_CurrentUsername].  This tag returns the
> username from Lasso Security whose permissions are being used to execute the
> current block of code.  This tag will return the current authenticated
> username no matter what method of authentication was used.
>
> [fletcher]



--
------------------------------
Lasso Support: http://support.omnipilot.com/
Search the list archives: http://www.listsearch.com/lassotalk.lasso
Manage your list subscription:  
http://www.listsearch.com/lassotalk.lasso?manage
Reply | Threaded
Open this post in threaded view
|

Re: Login in and client_username

Fletcher Sandbeck
In reply to this post by Marc Vos-3
On 6/7/05 at 9:58 AM by [hidden email] (Marc Vos):

>Fletcher,
>
>But still, what you are saying would make it mandatory for Lasso to also
>fill [client_username] and [client_password] when a user logs in with
>-username&-password because only then I will have the correct username, also
>when I'm in an inline which is called with, say, a fixed username and
>password... so I still think that an empty [client_username] is incorrect.
>
>So I hereby put in a feature request to also fill [client_username] and
>[client_password] with values passed as GET parameters.
>
>What do you think? And what could be a reason not to do this?

The reason is that [Client_Username] is informative.  It tells you what value was actually passed in the HTTP request header.  If no username was passed in the HTTP request header then this tag will not have a value.

[fletcher]
--
Fletcher Sandbeck                         [hidden email]
Lasso Product Specialist              [hidden email]
OmniPilot Software, Inc.                http://www.omnipilot.com

--
------------------------------
Lasso Support: http://support.omnipilot.com/
Search the list archives: http://www.listsearch.com/lassotalk.lasso
Manage your list subscription:  
http://www.listsearch.com/lassotalk.lasso?manage