Security to prevent unauthorized users from accessing help

[Leah]

Users of our application must have log in credentials. Once logged in, the user will be able to access the online help system. Furthermore, we must have security in place that prevents unauthorized users from accessing online help. For example, if a logged in user sends another user (an unauthorized user who doesn’t have access to our application) a link to the online help, that user must not be able to access the help.

Can someone please explain to me how to set this up in Flare?

Do I have to put in code on every page that checks whether the user has access to the online help system?

Is there another way to accomplish this?

I have to be able to test this and prove that we can enforce this security to our internal QA and IT teams.

[RamonS]

Flare doesn't have means to control security as the implementation varies. My suggestion is to use user authentication at the web server level if that is what the web app (I assume) is using as well. Otherwise the security service for the application needs to be extended to also cover the help and that may mean adding custom code (JavaScript) into the help. The security that the web app uses needs to be replicated in the help. You can see if including the applicable script(s) in a master page provides for the desired outcome.

[Leah]

What does "applicable script(s) in a master page" mean?

[RamonS]

Applicable scripts - the scripts necessary to have the help system consume the security services of the web application
master page - the master page of the Flare project, that way you only have to insert the script once and it gets replicated automatically in every topic that uses that master page...at least as far as the theory goes.

In the end is the WebHelp nothing else than a part of the web application with the difference that it mainly serves up static content.

[Richard Ferrell]

Your webserver would need to be the control point, Flare doesn't have the ability to control access to topics