Board index » delphi » Logon application

Logon application


2004-06-29 08:25:20 PM
delphi79
Hi,
I want to keep a part of my website privat, for Delphi Developers only.
Is there somebody who can explain me the tricks to do this?
Or does anybody have a good example?
Thanks,
Anthony
 
 

Re:Logon application

Quote
Hi,

I want to keep a part of my website privat, for Delphi Developers only.
Is there somebody who can explain me the tricks to do this?
Or does anybody have a good example?

Thanks,

Anthony

Does this privacy concern a specific virtual directory (IIS), where all
documents are stored in you want to keep in privacy for signed users only?
If yes, you may restrict the acess to the site with a logonscreen (html)
to enter user and password when acessing this site and check these
information in the cgi with the Logonuser-API, before redirecting to the
documents on this site. Your CGI's only have to have a sessionmanagement
(like in PHP) to prevent the once logged-on user from having to login on
every reload of a site from this area of your web.
(User and password are to be stored somewhere on html-login and they are
represented by a unique session-id given to the client on logon. This id
then is always transferred to the clientbrowser and read from it to again
impersonate the process before any CGI-request ist done.)
I never tried but I think if you set the account for these virtual
directory like "anonymous-login=off" "integrated windows-
certification=yes" (security-tab in the Directory-properties-window of
your private dir in the IIS, and edit the account-data) and then let your
CGI-Scripts in this directory always impersonate the user that signed on
it will not be possible for an anonymous user to open docs in that
directory.
You can get more security by using certificates and SSL, so only clients
with installed certificate for this site can enter. The benefit of this
posibility will be the encryption of transferdata between client and
server. This protects these datastreams from being captured between
server and client to change this data/read this data ilegally.
You may offer these certificates, which can be generated by serveral
tools (for example some router have this option in their firmware) in a
download to a user signing up to te private area. The only thing to to
for your customer is to install the downloaded certificate after receipt.
But aware! There are to encryption-depths possible in windows, depending
on the installed servicepack which are not compatible!
If a client for example encryptes with 64 bit and the server does the
same with 128-bit no sensible communication can get on between them.
Greetings,
Oldman
--- posted by geoForum on delphi.newswhat.com