Custom Login Form

To customize the HTML Login Form

To customize the login form, simply start by reproducing the standard behavior with customized files, and only then modify the two involved scripts to implement the specific features or display.

To reproduce the standard behavior:

For these instructions, we will store the login scripts in directory "c:\wwwroot\daflogin" and assume that URL "/daflogin" is mapped to this same directory.

Launch the DAF Configuration Tool

• Select a Database
• Select Tab "Cookies & HTML Form"
• Make sure that "Use Cookies" and "use HTML Form" are checked
• Check "Use Custom Login Form"
• If needed, create a directory "c:\wwwroot\daflogin"
• If needed, map URL "/daflogin" to "c:\wwwroot\daflogin"
• Copy "dafloginform.asp" and "dafloginscript.asp" from directory "asp_samples" to directory "c:\wwwroot\daflogin"
• Make sure that the ACTION tag in file "dafloginform.asp" points to script "dafloginscript.asp"
• In tab "Cookies & HTML Form," specify "/daflogin/dafloginform.asp" as the "Login Form URL Path"
• Reload the database with the DAF Manager (on the DeskTop TaskBar)
• At this point, the standard behavior should be reproduced. With a Browser test this new configuration.

To customize the Login Form (dafloginform.asp):

To customize the login form, I recommend you modify file "dafloginform.asp." It is necessary to keep:

• form tag: <FORM METHOD="POST" ACTION="dafloginscript.asp">
• input field DAFLOGIN: <INPUT type=text name="DAFLOGIN" value="" size=30 maxlength=25>
• input field DAFPASS: <INPUT type=password name="DAFPASS" value="" size=30 maxlength=25>

Aside from this, any code may be added. For example, other input fields or dynamic information to display.

To customize the Login Script (dafloginscript.asp):

Regarding the login script (dafloginscript.asp) all code is necessary and MUST remain as is. However, it is possible to add custom code above the script. For example, this can be used to process extra input fields in the Login form.

  The added code should NOT display any information. This is because the script ends with a call to "response.redirect" that will fail if any information was displayed before it is called.

More Information

The main purpose of scripts "dafloginscript.asp" and "dafloginlogin.asp" is to set two cookies, one to save the user login and one to save the password. As long as the cookies are defined with the correct names ("DAFLOGIN" and "DAFPASS") they will be used by the filter to authenticate the user sending an HTTP request; regardless how these cookies were set.

A simple solution to set cookies is to use one HTML file to display a form. Then have the user input processed by an ASP script that will simply read the fields to set the cookies. Unfortunately, this scenario would not work for several reasons:

1. It is necessary to encrypt the password before saving it as a cookie. This precaution is important because most browsers will look for cookies information in a text file, and therefore, if the password was not encrypted anyone who could access the cookies text file could easily retrieve the login and password.
2. If the cookies should not end with the session it is necessary to specify an expiration date
3. To be user friendly it is much better to forward the user toward the previously requested URL when he presses "Login" on the login form.

Note that solutions to these problems must take into consideration that:

• The encryption of the password should use a different password for each database installed
• The expiration date may also be different for each database installed

When access is denied, file "/daflogin/dafloginform.asp" is displayed. This file contains a simple basic login form for which the ACTION tag is defined as script "dafloginscript.asp." It is this last login script that will set the cookies and handle the three features listed above.

Last update: Thursday, August 31, 2000 07:12