on 03-21-2014 2:58 AM
Hi All,
Could you please tell me what's the way you encrypt your webdynpro applications so that only authorized users can access? For user convenience, I plan to let user store their account locally and validate it online before open the application, however, considering the security reason, I cannot store plain password on client side. But the validation function module SUSR_LOGIN_CHECK_RFC only accept plain password and the FM BAPI_USER_GET_DETAIL does return encrypted password, but I don't know the way it encrypts so I cannot check it either. How do you think I can do encrypt task then?
Also could you please explain the function of "Alternative Logon Procedure" in "Logon Data" tab for specific webdynpro application in transactio SICF? I'm thinking if it's the possible way to solve my issue.
Thank you very much!
Best Regards,
Jeff
Jeff liu wrote:
Could you please tell me what's the way you encrypt your webdynpro applications so that only authorized users can access?
To make the web dynpro applications accessible only by the authorized users, you can go for creating authorization object and assign the activity & attach authorization object to user profile.
In your WD applications, you can perform the authority check and show error screen for un-authorized users, else, the application runs normally.
Jeff liu wrote:
Also could you please explain the function of "Alternative Logon Procedure" in "Logon Data" tab for specific webdynpro application in transactio SICF?
The alternative logon procedure option is to modify the sequence of logon procedures to be performed on WD application.
For more information please refer the help document
Alternative Logon Order (SAP Library - Components of SAP Communication Technology)
Hope this helps you.
Regards,
Rama
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Rama,
For my first question, maybe I did not explain it clearly, actually my requirement is how to avoid the popup logon window when visiting the application anonymously. Users don't want to key in accounts each time they open the application in browser, so I want user to store their account information somewhere else and if they click some button or link, I attach the information with the URL calling webdynpro, with the format like http://xxx.com:8000/sap/bc/zservice?sap-client=300&uname=xxx&password=xxxx, then my webdynpro will parse it and try to logon with the parsed uname&pwd, if ok, then display the application, otherwise navigate to error page and let user key in username & password. Because they are combined into URL, obviously I can not use plain password, the ideal way is MD5, but if I encrypt it with MD5, I cannot decrypt it either. Do you have any better idea how to do the validation? Or you're greatly appreciated if you can help me out in a different way because I maybe stuck in a incorrect direction.
For my second question, thank you very much for the help, but I'm still not able to tell the difference of so many authentication methods. Would you mind giving me more detailed information?
Thanks again for your fast response!!
Jeff
Hi Jeff,
if they click some button or link, I attach the information with the URL calling webdynpro, with the format like
As you mentioned, the WD application gets opened up on click of a link or button. It should not ask for user credentials again instead it should open the application if you have configured the SSO ( Single Sign On) Logon.
Please refer the below link
Password Logon Scenarios - Developing Web Dynpro ABAP Applications - SAP Library
Please get the help of your basis team for SSO logon settings.
Hope I understood your requirement in a right direction.
Alternative Logon Procedures:
There are many logon procedures available as below
The system checks the logon procedures one by one, if first fails, it checks next available logon procedure, so .. on
When you choose option "Alternative Logon procedures", you can define the sequence of the above logon procedures or you can delete the few.
Please refer the detail of all logon procedures in the below link
Alternative Logon Procedure - Components of SAP Communication Technology - SAP Library
Hope this helps you.
Regards,
Rama
Message was edited by: Ramakrishnappa Gangappa
Hi Rama,
So you mean I should consider SSO, I'm not basis guy so I don't know if it's difficult or not. But I don't think the basis guy in our company has the ability as he even doesn't try his dare to apply system patch, and also some of our users have requirements to be able to use it in mobile environment. I'm not sure whether SSO can work in mobile browser, maybe I should do some research on other types of account like internet user. However I'd like to thank you for the useful links, learnt quite a lot from that, I'll try on them and tell you later.
Regards,
Jeff
User | Count |
---|---|
87 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.