DAF 4.X Home Page

DAF Documentation Home

DAF Authentication Process

 

authstep.gif (13875 bytes)

1
When IIS receives an HTTP from the network, it will forward to DAF the login and password entered by the user.
2

 

 DAF looks for the server IP address. If a user list is attached, DAF will search for the specified login and password. If the user is found, the process continues toward step 3, if not toward step 2A.
2A
2B
The Web user was not found in the DAF data source, if option "Forward NT unfound DAF user to NT" is enabled, DAF forwards the login and password to NT/IIS and the HTTP request will now be  processed as if DAF was not installed. If the option is disabled, the HTTP request will end here, returning a "401 Access Denied" HTTP status.
3
4
The received user was found in the DAF user list and is valid. DAF will now search in the requested directory for a file DAFAUTH.INI. If a file is found DAF will check the access permission for the specified user, if it turns out that access should be denied, the HTTP request will end here, returning a "401 Access Denied" HTTP status. If no file is found, or if DAFAUTH.INI file enables the user to access the requested resource, the process continues with step 5.
5

 

 Most of the work is done, the user is valid and access is granted regarding DAF security (DAFAUTH.INI file). If a mapped NT user was defined to this Web user, DAF will map it and forward it to NT/IIS.
6

 

 If IIS receives from DAF an empty string as the user, it will be replaced by the default IIS anonymous user (IUSR_XXXX). If not, IIS will try to log the user. If it is a success, the process will continue with step 7.
7

 

 The NT user is valid. NT will now check NT access permission for the request resource for the current NT user. If access is granted, the process will continue with step 8. If access is denied, the HTTP request will end here, returning a "401 Access Denied" HTTP status. If the hard drive has a FAT file system, the process will continue with step 8.
8

 

 Since the DAF user is valid, access is granted regarding DAF security; and as the NT user is valid, access is granted regarding NT security and the requested resource is sent to the Web client.

Last update: Thursday, August 31, 2000 07:12