Focal Point Banner


As of December 1, 2020, Focal Point is retired and repurposed as a reference repository. We value the wealth of knowledge that's been shared here over the years. You'll continue to have access to this treasure trove of knowledge, for search purposes only.

Join the TIBCO Community
TIBCO Community is a collaborative space for users to share knowledge and support one another in making the best use of TIBCO products and services. There are several TIBCO WebFOCUS resources in the community.

  • From the Home page, select Predict: WebFOCUS to view articles, questions, and trending articles.
  • Select Products from the top navigation bar, scroll, and then select the TIBCO WebFOCUS product page to view product overview, articles, and discussions.
  • Request access to the private WebFOCUS User Group (login required) to network with fellow members.

Former myibi community members should have received an email on 8/3/22 to activate their user accounts to join the community. Check your Spam folder for the email. Please get in touch with us at community@tibco.com for further assistance. Reference the community FAQ to learn more about the community.


Focal Point    Focal Point Forums  Hop To Forum Categories  WebFOCUS/FOCUS Forum on Focal Point     Single sign-on with ASP.NET?

Read-Only Read-Only Topic
Go
Search
Notify
Tools
Single sign-on with ASP.NET?
 Login/Join
 
<fgpotter>
posted
Hi there,

I'm a WebFOCUS newbie, building an ASP.NET application which will use WebFOCUS as the reporting subsystem. I need to authenticate users in ASP.NET (using Forms authentication and a SQL Server database table to check passwords and look up role information). Based on a user's role, I want them to be able to see different information in reports (ie, some users can see certain records, and other users can see other records). Some of my questions include:

* How can I pass user credentials from ASP.NET over to the WebFOCUS client?
* How can WebFOCUS check the user's credentials in the same SQL Server table that I'm using in ASP.NET?
* How do I restrict which specific database rows a user can see based on the user's roles?

I've looked through the WebFOCUS security documentation, which seems to imply that the WebFOCUS Client, WebFOCUS Server, and database have separate authentication configurations, and I can't tell whether they talk to each other.

In fact, I find the WebFOCUS documentation (and the application as a whole) to be one of the most confusing computing systems I've had to deal with in my 20 years of application development. So please accept my apologies if the answers to my questions are in the manuals -- maybe someone can at least tell me where to start?

Thanks a bunch in advance.
 
Report This Post
Master
posted Hide Post
It's true that the WebFOCUS Server, MRE and Dashboard each have separate logons. But it's also completely possible to have all sign-ons, from server, to MRE, to dashboard, be done from a single set of credentials and on one single webpage or ASP. The security credentials can be operating system hosted or hosted in a DBMS or LDAP repository (you would access DBMS or LDAP hosted credentials via what we elegantly call "the WebFOCUS security exits").

There are actually articles on single-sign-on in the WebFOCUS Newsletter; you can find backissues on the support.ibi.com site.

Happy Hunting!
 
Posts: 919 | Registered: March 26, 2003Report This Post
Expert
posted Hide Post
fgpotter, i do almost the same thing. i read an access database via an .asp file for my user credentials. then these values are passed along to webfocus as &vars, i.e. form parameters just like any other form parameters in any ordinary form that uses its 'action' to call the webfocus cgi. Once you pass the usercreds as parameters onward to a focexec, you can then program whatever you like. if you want to see a sample, PM me and ill be back in town in a week.
oh yeah and i totally agree with you about the manuals. and i'm a focus oldtimer!
 
Posts: 3811 | Location: Manhattan | Registered: October 28, 2003Report This Post
<IBI Sean>
posted
fgpotter:

Check out the WebFOCUS Security and Administration manual. It deals with each of the topics you are asking about. Of course, that may be the doc that you have already read through.

Here are some specific responses to your questions, with lots of if's since many specifics weren't provided:

* How can I pass user credentials from ASP.NET over to the WebFOCUS client?
[IBI Sean] If both userid/passwd are available in your application then you can pass them in your call to the WFServlet. If the passwd is encrypted then you will need to add in the hashing algorithm onto the WebFOCUS Client via the scripting language (probably call the function in site.wfs).

Depending on which WebFOCUS features you are using (self-service reporting or MR) you will need to supply different credentials.

* How can WebFOCUS check the user's credentials in the same SQL Server table that I'm using in ASP.NET?
[IBI Sean] For what purpose? Is this to determine application authorizations or data access? If you are using MR and require authorizations then check out MR Security Exits (esp. MREXT5). The Sec&Admin manual describes what is possible with this exit. This exit is programmtically included at the WF Client/web tier.

If this is to determine data access rules then you probably want to lookup the rules on the Server side. You can do this through scripting logic in user/site profiles (see edasprof.prf). You can also write an exit on the server to securely do your lookups and business logic (see PVUIDXT/Pre-verify User Exit).

* How do I restrict which specific database rows a user can see based on the user's roles?
[IBI Sean] There are a number of places where to implement this security: Database, user profiles on Rptg Server, via DBA statements in Master Files, and through FILTERs. Of course, these rules could also be hard-coded into your reporting application but sites typically prefer the server-side options for maintainability.

I'd recommend reading up on each of these topics to decide how to best implement in your situation. The distributed web architecture of WebFOCUS makes it difficult to offer a one-size fits all security reference -- that's why we offer all the tools for doing so but not necessarily the specific answers.

On the Techsupport web site we have a Security link that does contain some best practices and recommended configurations for sites with specific needs. That may provide some additional research material for you.

Good luck!
Sean
 
Report This Post
  Powered by Social Strata  

Read-Only Read-Only Topic

Focal Point    Focal Point Forums  Hop To Forum Categories  WebFOCUS/FOCUS Forum on Focal Point     Single sign-on with ASP.NET?

Copyright © 1996-2020 Information Builders