Kbase P144279: How to use CLIENT-PRINCIPAL to authenticate users
| Autor |
Progress Software Corporation - Progress |
| Acesso |
Público |
| Publicação |
22/01/2010 |
|
Status: Unverified
GOAL:
How to use CLIENT-PRINCIPAL to authenticate users
GOAL:
How to use an external authentication mechanism with 4GL
FACT(s) (Environment):
All Supported Operating Systems
OpenEdge 10.1x
OpenEdge 10.2x
FIX:
In order to use an external system to authorize/authenticate an user logged in the database, do the following steps:
1 - Enable the auditing in the database. Refers to solution How to enable auditing for a Progress 10.1x database ?
2 - For testing purposes, enforce run-time security. Refers to solution What is runtime security?
3 - Define that a certain table can be queried only by an specific user and do not define a user table in the database.
4 - Go to the database and define a authentication system domain. Start the Data Administration and go to Admin->Security->Authentication System -> Authentication System Domains. Once there, hit the create button to create a domain. This domain along with its key, has to be the one used by the applications. A database can have as many domains as it needs, usually being one domain for each application that access this database.
5 - Do a test application like this:
DEFINE VARIABLE hCP AS HANDLE.
DEFINE VARIABLE MyUUID as RAW.
DEFINE VARIABLE Base64UUID as CHARACTER.
CREATE CLIENT-PRINCIPAL hCP.
MyUUID = GENERATE-UUID.
Base64UUID = BASE64-ENCODE(MyUUID).
hCP:SESSION-ID = Base64UUID.
hCP:USER-ID="user1". /* whatever user that would have proper access to your tables */
hCP:DOMAIN-NAME="test". /* domain name from the database */
hCP:SEAL("mykey"). /* it has to be the same key from the database */
SET-DB-CLIENT(hCP). /* instead of using setuserid that relies on _user, this function set the database user id to be the user-id attribute */
run <your application>.p /* from that point on, your database user is already set */