[mapguide-users] newbie question about security

Jonio, Dennis (Aviation) DJonio at miami-airport.com
Thu Nov 8 06:30:03 EST 2007 

Here is an example of a do-it-yourself login. Obviously .NET ...
James and Kenneth have given excellent ideas for alternative ways to
setup your resources. 

In this illustration within the "loginQ_Authenticate" you could do a
whole range of stuff based upon who is/was signing in.
Yes, I add items to the Session but this gives the most generalized
flexibility for the Redirect. 

//////////////////////////////////////////////////////////
<%@ Page Language="C#" AutoEventWireup="true"
CodeFile="cam2login.aspx.cs" Inherits="cam2login" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
    <title>Generalized MapGuide Login</title>
<style type="text/css">
.loginQappearance { 
 padding:5px 10px; 
 height: 200px; 
 width: 500px; 
 background: #66CCFF url("images/MIA_blue.gif") no-repeat;
background-position:top right;
  text-align: justify; padding-left:20px; border: solid 5px #999999 
} 
</style>

</head>
<body>
    <form id="form1" runat=server>
       <div align=center>
        <asp:Login ID="loginQ"  CssClass="loginQappearance"
runat="server" DisplayRememberMe="False"
OnAuthenticate="loginQ_Authenticate">
            </asp:Login>
       </div>
        <asp:HiddenField ID="raw_InvokedByURL" runat="server" />
    </form>
</body>
</html>

// and of course the codebehind

using System;
using System.Data;
using System.Configuration;
using System.Collections;
using System.Collections.Specialized;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using OSGeo.MapGuide;


public partial class cam2login : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {
        if (IsPostBack == true)
        {
        }
        else
        {
            raw_InvokedByURL.Value = this.Request.RawUrl;
        }
    }
    protected void loginQ_Authenticate(object sender,
AuthenticateEventArgs e)
    {
        try
        {

            string realPath =
Request.ServerVariables["APPL_PHYSICAL_PATH"];
            String configPath = realPath + "../webconfig.ini";
            MapGuideApi.MgInitializeWebTier(configPath);

            MgUserInformation loginuserInfo = new
MgUserInformation(loginQ.UserName, loginQ.Password);
            MgSite site = new MgSite();
            site.Open(loginuserInfo);

            string sessionId = site.CreateSession();
            if (sessionId != null && sessionId != string.Empty)
            {
                this.Session.Add("mguser", loginQ.UserName);
                this.Session.Add("mgpassword", loginQ.Password);
                this.Session.Add("mgsessionid", sessionId);
                //site.DestroySession(sessionId);
                e.Authenticated = true;
                string next_raw_InvokedByURL =
raw_InvokedByURL.Value.Replace("SOMENEWNAMEHERE_WHEREIWISHTOGO",
"THISISHOWIGOTHERE"); ;

                this.Response.Redirect(next_raw_InvokedByURL);
            }
        }
        catch (MgException ex) { }
    }
}

-----Original Message-----
From: mapguide-users-bounces at lists.osgeo.org
[mailto:mapguide-users-bounces at lists.osgeo.org] On Behalf Of dorra2007
Sent: Thursday, November 08, 2007 3:08 AM
To: mapguide-users at lists.osgeo.org
Subject: Re: [mapguide-users] newbie question about security


All users acess the same map (and layout), but the difference between
users
consists in the temporary layers loaded, according to his parameters
stored
in a database.
So, I am wondering if there is a mapguide security API that manages
users in
this way, or a security and login code ready for use.I'll be very
grateful
if you provide me with this code.
My problem is that users are not prompted for a login and password,
while
they have also access denied.


James Card wrote:
> 
> On Tue, 06 Nov 2007 03:38:30 -0800, dorra2007 <dorrdor at yahoo.fr>
wrote:
> 
>> I wish to know how to assign a user account to a layer (or layer  
>> definition), so that when he wish access this layer, he will be
promted  
>> for a user name and password.
> 
> The workaround we used for this was to assign security at the map
level  
> rather than the layer level. We created a separate map for each
security  
> group that included only the layers appropriate to that group. We also

> created one layout for each of these maps, so it was easy for the
security  
> and login code already in place on the webserver to just load the  
> appropriate layout after the user was authenticated.
> 
> Since we only had four secuirty groups this was a simple solution. If
the  
> were many different combinations of layer permissions required it
would be  
> too cumbersome to maintain a separate map and layout for each.
> 
> -- 
> James Card
> 209-578-5580
> _______________________________________________
> mapguide-users mailing list
> mapguide-users at lists.osgeo.org
> http://lists.osgeo.org/mailman/listinfo/mapguide-users
> 
> 

-- 
View this message in context:
http://www.nabble.com/newbie-question-about-security-tf4757541s16610.htm
l#a13642851
Sent from the MapGuide Users mailing list archive at Nabble.com.

_______________________________________________
mapguide-users mailing list
mapguide-users at lists.osgeo.org
http://lists.osgeo.org/mailman/listinfo/mapguide-users


E-mails are automatically scanned for viruses using McAfee.

More information about the mapguide-users mailing list