|
|
|
|
|
|
|
|
|
|
|
|
|
|
How to use cookies with Notes and the Web (continued)
If, however, your Web agents run with the Web user's security rather than the agent signer, then the cookie jar database will require Reader access for user anonymous. This is essential to allow an anonymous user access to run agents. In this case, ensure that the Hide from Web Users tick on the Notes views (accessible from the properties InfoBox when in the Design Views view) is set -- this prevents canny Web users from viewing cookies directly and breaching security. If only a Notes user can create a cookie document and a Web user has no access other than to be authenticated, then the security circle is complete.
Since any Notes user with Depositor rights can create a cookie, for tighter security specify Notes users or groups given Depositor rights rather than setting the default access to Depositor.
For even tighter security, multiple cookie jar databases can be created, with Notes users only given Depositor rights for the cookie jars which match the systems they absolutely require. This would prevent a developer with permission for one Web-enabled database from designing a form to create a cookie and then authenticating himself with that cookie on another Web database for which he has no permission.
Code for creating a cookie
Two sample sets of cookie creation code are included below: one for formula language and another for LotusScript. This code, or its equivalent, can be incorporated into other Notes databases, which make Web calls to a Domino server immediately before the URL is opened.
Each sample creates a new cookie document in the remote Notes/Web Authentication database, sets an expiration date, and then calls a test Web agent. This agent runs an authentication check to ensure that the database is being run from that Notes page and no other.
Creating a cookie with a Notes formula
The following code can be used in a Notes button, hotspot, or action. This code expires in one hour.
LotusScript cookies
The following script can be pasted into a button or action or adapted for a QueryOpen/PostOpen event. This cookie has a 30 minute expiration time.
Sub Click(Source As Button)
Dim session As New NotesSession
Dim Doc As NotesDocument
Dim Cookie As Variant
' set random cookie value
Cookie=Evaluate("@Unique")
' create cookie document in remote database
Dim db As New NotesDatabase("","")
Call db.Open("ServerName","NWAuthen.nsf")
Set doc=New NotesDocument(db)
doc.Form="Cookie"
doc.Cookie=Cookie
doc.ExpireAt=Evaluate("@Adjust(@Now;0;0;0;0;30;0)")
doc.RequestedBy=session.CommonUserName
doc.RequestedAt=Now
Call doc.Save(True,True)
Delete doc
' now call a sample web agent with authentication
Set ws = New NotesUIWorkspace
ws.UrlOpen "http://localhost/NWAuthen.nsf/SampleWebAgent?OpenAgent&;X="+Cookie(0)
End Sub
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
-- Advertisement --
Learn Notes and Domino 8 at your place and pace!
Learn Notes and Domino in your office and/or home! TLCC's highly acclaimed distance learning courses for users, developers, and admins will enhance your career and your resume.
The many included activities and demos will make you a pro! Expert instructor help is a click away.
Click here to try a FREE demo course!! |
-- Advertisement --
Teamstudio Edition 25 has shipped
It's finally here! Now that Teamstudio Edition 25 has shipped, listen to our latest Tool Time audio program to find out what's changed. Updates to all your favorite Teamstudio tools will be discussed.
Plus, you'll get an introduction to Teamstudio Undo (formerly known as Teamstudio Snapper).
Tap here to get started! |
|
|
|
|
|
|
|
|
|
|
