Need to check that user is signed in to application

This forum is for all Flare issues related to the HTML5, WebHelp, WebHelp Plus, and Adobe Air Targets
Post Reply
chines
Jr. Propeller Head
Posts: 3
Joined: Wed Feb 09, 2011 4:04 pm

Need to check that user is signed in to application

Post by chines »

Every ASPX page in my company's Web application checks that the user is signed in to the application before displaying the page. One of our clients recently discovered that our WebHelp is available to anyone who types in the correct Web address. They consider this a security hole. My company now wants to put checks around each of the WebHelp pages, so that it will check that the user is signed in to the application before displaying a Help page.

What do we need to do for this to happen? How can we authenticate users in HTML pages? In the ASPX pages, they make a call to a separate file, which does the checking.
i-tietz
Propellus Maximus
Posts: 1219
Joined: Wed Oct 24, 2007 4:13 am
Location: Fürth, Germany

Re: Need to check that user is signed in to application

Post by i-tietz »

Your application is online and the help too? Then it's the business of the sys admin: there's sth like session ids that expire as soon as the session is closed.
Inge____________________________
"I need input! - Have you got input?"
LTinker68
Master Propellus Maximus
Posts: 7247
Joined: Thu Feb 16, 2006 9:38 pm

Re: Need to check that user is signed in to application

Post by LTinker68 »

I have not tried this myself, but you can use WebHelp Plus for the output and specify that its pages end in .aspx. Then in the masterpage you could add the code that does the checking to see if the user is logged in -- when you build the output, that code will be added to every topic, or at least every topic that points to the masterpage. (So if you use multiple masterpages in your project and the output, then you need to add the ASP code to each masterpage.)
Image

Lisa
Eagles may soar, but weasels aren't sucked into jet engines.
Warning! Loose nut behind the keyboard.
Doug Eaton
Propeller Head
Posts: 68
Joined: Tue Feb 19, 2008 9:47 am

Re: Need to check that user is signed in to application

Post by Doug Eaton »

Does anyone have additional experience related to this issue? Although our secure web-based application requires a login, WebHelp can be accessed by entering the url of a Help page. Among other concerns, this raises an export-control issue. Help should be easy to access within the application, but as difficult to get to from outside of the application as is any other content in the application.
Post Reply