I set my solution to mustAuthenticate = false
When I open the solution with smartclient, the server asks for an USER-ID and password,
when I open the solution with webclient, the server don’t asks for an USER-ID and password.
Where comes this different behaviour from ?
regards
You’re running with Enhanced Security enabled: this requires any Smart Client to authenticate, regardsless the mustAuthenticate setting for the solution.
This is to ensure the best possible security of your Servoy environment.
Paul
Thank you Paul. With your hint I found all the explanation about Authentication and I also see
the “Disabling Enhanced Security (strongly discouraged)” statement.
I need a very short, straight way, to Authenticate without asking the User for any Userid/Password and
without Disabling Enhanced Security.
Is this the right way:
- attach mYLogin to mySolution as a modul
Thanke you for help !Id you’d do that, you basically disable the security, which is not a good idea.
Paul
Thank you Paul,
That why I said "without Disabling Enhanced Security. "
I like to let Users just for DEMO-purpose enter in only one Solution.
The “real” Soluton will be protected, as usual, with USERID an Pword.
Maybe I misunderstand the logic behind the Servoy-Enhanced-Security, but I
figured, i can let the Users to a open Part of the Solution and then, only at a
specific point, they have to login.
My question is:
Is it possible to have an free area and a protected area on the same server ?
Thank you for help me to understand this.
If it’s for demo purposes, I suggest running a separate (sandboxed) demo instance of the Servoy Application Server and there disable Enhanced Security of implement your suggested solution.
If you give people Smart Client access without proper authentication, you’re making your entire environment insecure.
Paul
stefanoni:
I like to let Users just for DEMO-purpose enter in only one Solution.
The “real” Soluton will be protected, as usual, with USERID an Pword.
Note that a user logs in at a application server, not in a solution, so with the dummy login in the demo solution you also give access to other solutions on the same server.
Rob
rgansevles:
Note that a user logs in at a application server, not in a solution, so with the dummy login in the demo solution you also give access to other solutions on the same server.
Rob
Thank you Rob… but
What if I have to control different Users in different SAAS-Solutions on the same Server ? That means I have to create
my own User/Security System ?
So what for is the Servoy-User System helpful in that case?
And why it doesn’t make sense to have an DEFAULT or DEMO user with just reading-rights to a part of my
solutions (DEMO, registration-page, introductions, FAQ).
Thank you for help me to understand this Logic.
Alessandro
Alessandro,
You need to check in the on-open method of each solution if the user(group) has access to the solution.
The enhanced security is based on actual authenticated users, if you have anonymous users like you want this doesn’t really work.
As Paul suggests, you are best of with an isolated demo environment.
Rob