[mapguide][MG446][Modified] DWF Viewer security
Walt Welton-Lair
walt.welton-lair at autodesk.com
Wed Nov 8 08:35:22 EST 2006
You can view the artifact detail at the following URL:
https://mapguide.osgeo.org/servlets/Scarab/id/MG446
Type:
Defect
Artifact ID:
MG446 (DWF Viewer security)
Modified by:
Walt Welton-Lair
waltweltonlair (walt.welton-lair at autodesk.com)
The following modifications were made to this artifact:
---------------------------------------------------------------------
-- Developer Notes set to new value:
I tested this a little more, and here's what I found.
When opening a web layout using AJAX viewer, the login prompt appears immediately, before *any* server request is even made. The first server operation then ends up being an authentication request (OpAuthenticate). After this come the requests for resources - the web layout, etc. These succeed because we have provided credentials.
When opening a web layout using DWF viewer, the behavior is different. There's a couple of authentication requests that get made using "anonymous" user, but no login prompt has yet been displayed. Then comes a request to get the web layout resource, again using "anonymous". This fails because user "anonymous" does not have access to the library. The browser then displays the exception message.
At this point the web layout hasn't been loaded and DWF Viewer hasn't yet entered into the picture. So this is a MapGuide web tier issue...
---------------------------------------------------------------------
This message was automatically generated by Project Tracker.
More information about the Mapguide_issues
mailing list