cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Possible to logon web dynpro application with encrypted pwd like MD5?

Go to solution
Former Member

on ‎03-21-2014 2:58 AM

0 Kudos

Hi All,

Could you please tell me what's the way you encrypt your webdynpro applications so that only authorized users can access? For user convenience, I plan to let user store their account locally and validate it online before open the application, however, considering the security reason, I cannot store plain password on client side. But the validation function module  SUSR_LOGIN_CHECK_RFC only accept plain password and the FM BAPI_USER_GET_DETAIL does return encrypted password, but I don't know the way it encrypts so I cannot check it either. How do you think I can do encrypt task then?

Also could you please explain the function of "Alternative Logon Procedure" in "Logon Data" tab for specific webdynpro application in transactio SICF? I'm thinking if it's the possible way to solve my issue.

Thank you very much!

Best Regards,

Jeff

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

ramakrishnappa
Active Contributor
‎03-21-2014 3:17 AM
0 Kudos 


Jeff liu wrote:


Could you please tell me what's the way you encrypt your webdynpro applications so that only authorized users can access?

To make the web dynpro applications accessible only by the authorized users, you can go for creating authorization object and assign the activity & attach authorization object to user profile.

In your WD applications, you can perform the authority check and show error screen for un-authorized users, else, the application runs normally.



Jeff liu wrote:


Also could you please explain the function of "Alternative Logon Procedure" in "Logon Data" tab for specific webdynpro application in transactio SICF?

The alternative logon procedure option is to modify the sequence of logon procedures to be performed on WD application.

For more information please refer the help document

Alternative Logon Order (SAP Library - Components of SAP Communication Technology)

Hope this helps you.

Regards,

Rama

Show replies
Show replies
Former Member
‎03-21-2014 6:29 AM
0 Kudos

Hi Rama,

For my first question, maybe I did not explain it clearly, actually my requirement is how to avoid the popup logon window when visiting the application anonymously. Users don't want to key in accounts each time they open the application in browser, so I want user to store their account information somewhere else and if they click some button or link, I attach the information with the URL calling webdynpro, with the format like http://xxx.com:8000/sap/bc/zservice?sap-client=300&uname=xxx&password=xxxx, then my webdynpro will parse it and try to logon with the parsed uname&pwd, if ok, then display the application, otherwise navigate to error page and let user key in username & password. Because they are combined into URL, obviously I can not use plain password, the ideal way is MD5, but if I encrypt it with MD5, I cannot decrypt it either. Do you have any better idea how to do the validation? Or you're greatly appreciated if you can help me out in a different way because I maybe stuck in a incorrect direction.

For my second question, thank you very much for the help, but I'm still not able to tell the difference of so many authentication methods. Would you mind giving me more detailed information?

Thanks again for your fast response!!

Jeff

ramakrishnappa
Active Contributor
‎03-21-2014 6:53 AM
0 Kudos

Hi Jeff,

if they click some button or link, I attach the information with the URL calling webdynpro, with the format like

As you mentioned, the WD application gets opened up on click of a link or button. It should not ask for user credentials again instead it should open the application if you have configured the SSO ( Single Sign On) Logon.

Please refer the below link

Password Logon Scenarios - Developing Web Dynpro ABAP Applications - SAP Library

Please get the help of your basis team for SSO logon settings.

Hope I understood your requirement in a right direction.



Alternative Logon Procedures:

There are many logon procedures available as below

  • Logon using HTTP fields
  • Logon with SSL certificates
  • Logon using SAP Logon Ticket (SSO)
  • HTTP Basic Authentication
  • Logon using SAP user and password (RFC logon)
  • Logon using SAML
  • Logon using user data stored in the service

The system checks the logon procedures one by one, if first fails, it checks next available logon procedure, so .. on

When you choose option "Alternative Logon procedures", you can define the sequence of the above logon procedures or you can delete the few.

Please refer the detail of all logon procedures in the below link

Alternative Logon Procedure - Components of SAP Communication Technology - SAP Library

Hope this helps you.

Regards,

Rama

Message was edited by: Ramakrishnappa Gangappa

Former Member
‎03-21-2014 8:02 AM
0 Kudos

Hi Rama,

So you mean I should consider SSO, I'm not basis guy so I don't know if it's difficult or not. But I don't think the basis guy in our company has the ability as he even doesn't try his dare to apply system patch, and also some of our users have requirements to be able to use it in mobile environment. I'm not sure whether SSO can work in mobile browser, maybe I should do some research on other types of account like internet user. However I'd like to thank you for the useful links, learnt quite a lot from that, I'll try on them and tell you later.

Regards,

Jeff

ramakrishnappa
Active Contributor
‎03-21-2014 9:14 AM
0 Kudos

Hi Jeff,

Please go through the space: NetWeaver Single Sign On

There are many documents / blog posts available to help you in configuring SSO.

Regards,

Rama

Former Member
‎04-06-2014 2:46 AM
0 Kudos

Hi Rama,

Sorry, have no much time to research on that in detail, instead, I did some simple Base64 encrypt for the password, that's simple for decryption, although it's not secure.

Regards,

Jeff

Answers (0)

Ask a Question