cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Open Appeon Web Page and Pass Credentials

Former Member

on ‎10-20-2015 8:50 PM

0 Kudos

Greetings All,

We have a portal that is built using Appeon.  Works great!!

I now need to create a link on another web page on our network (created using Visual Studio), call the home page of my Appeon portal and somehow pass a user id and flag (and maybe the ip address of the local machine) such that that the user is magically signed into the Appeon Portal.

There really is no secure data in the portal so I am not terribly worried about someone running off with state secrets.

Can someone kindly suggest a simple way to achieve this?

Thank you,

Paul

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
‎10-20-2015 9:01 PM
0 Kudos

you can get the user ip address at run time via an appeon call:  AppeonGetClientIp()

You can either send the username via commandparm, or the sessionid or whatever



from the appeon help:


Appeon supports the CommandParm function and the command line argument in the Open event of a PowerBuilder application. These features can be applied for implementing single sign-on. The command line argument can be passed to an Appeon application in the following way: http://192.0.1.94:8080/MyTest/index.htm?user=appeon&password=appeon This attaches the string “index.htm?arguments” to the end of the original application URL (“index.htm” must be included in the string).

Show replies
Show replies
Former Member
‎10-21-2015 1:19 PM
0 Kudos

Hi Mike;

  Great suggestion! 

FWIW: I do have one caveat though and that's the use of the "index.htm" part of the URL. In newer releases of Appeon because of multi-bitness and mutil-browser support, you will now see Appeon use ".../multi-browser_index.htm", ".../x32_application.htm" and/or ".../x64_application.htm" instead of the index.htm (or whatever in the future). 

    I would suggest that Paul use the plain application name instead. From your example above then the URL would become...  http://192.0.1.94/MyTest?user=appeon&password=appeon.  This will allow the Appeon loader to choose the correct ????.htm and still pass along the CommandLine argument(s).

Paul:

Suggestion1: I would also suggest tokenizing the login or encrypting the UID and PWD.

FYI: The command to get the IP address for a Web or Mobile application is actually "of_getclientid".

You would code it thus:

  String   ls_session_id

  appeonextfuncs    lo_appeon

  lo_appeon = CREATE appeonextfuncs

  ls_session_id = lo_appeon.of_getclientid ( )

HTH

Regards ... Chris

Former Member
‎10-21-2015 11:48 PM
0 Kudos

Thank you, Gentlemen.

If I do not encrypt or tokenize the password, will it be visible in the URL?

Paul

Former Member
‎10-22-2015 12:05 AM
0 Kudos

Hi Paul;

  Yes, the PWD would be visible. That's why I suggested the encryption route.  😉

Regards ... Chris

Former Member
‎10-22-2015 5:30 AM
0 Kudos

Thanks, Chris!!

Right, well of course. 

Okay, so I have control over the what the developer does who will be calling my Appeon website.

What, please, do I need to tell him to do to encrypt the password and pass it to me?

And then, of course, what do I have to do to decrypt the password to verify that the person has the correct rights?

It sounds painful, Chris.

Thanks!! Paul

Former Member
‎10-22-2015 12:25 PM
0 Kudos

Hi Paul;

Yes, a little challenge for you.   

May I suggest ...

1) Token#1.

    Have the VS application store a token key in a common DB table. Then pass the token as the User PWD. The Appeon application then looks up the ID in the common table and if found proceeds to log the user into the system. I would make the token table time dependent in that they key is only valid for < 5 minutes

2) Token#2.

    Use the same idea as #1 but have the Appeon application call a Web Service back to the VS application with the token key. The WS will then authorize the key as valid or not.

3) Encrypt/Decrypt#1.

   I have an Encrypt / Decrypt functions in my framework that are independent of the framework (or you could build your own). Build a .Net assembly in PB Classic using these routines and expose then in the .Net assembly. Have the VS application use this to encrypt the password. In the Appeon application, use the decrypt function to reconstitute the PWD when passed.

4) Encrypt/Decrypt#2.

   Have the VS application guys build a VS .Net assembly with their encrypt/decrypt methods exposed. Appeon supports .nert assemblies - so use that .Net assembly in your Appeon application to decrypt the PWD when passed into the system.

Food for thought.

HTH

Regards ... Chris

Former Member
‎10-22-2015 3:47 PM
0 Kudos

Is the calling page on the same web server as appeon? 

I don't know how session ids work, but if the server is the same for appeon and the other page, would the session id be the same when you moved into appeon?  Because if it is, then you could just look up the session id inside of appeon and lookup the user from the session id (you would still have to log the session id and lookup the user). 

if that doesn't work, then you might just want to pass the calling page's session id and then lookup who the person is using the common database approach that chris is talking about in #1. 


 

Ask a Question