Administration and Programming Guide for OS/400
Authentication is used to ensure that a user ID making a
Net.Data request is authorized to access and update data within the
application. Authentication is the process of matching the user ID with
a password to validate that the request comes from a valid user ID. The
Web server associates a user ID with each Net.Data request that it
processes. The process or thread that is handling the request can then
access any resource to which that user ID is authorized.
In an OS/400 environment, a user ID can become associated with the thread
or process that is handling a Net.Data request in one of three
ways:
- Client-based authentication
- The user is prompted for a local OS/400 user ID and password at the
client. The Web server then authenticates the user. If
successfully authenticated, the supplied user ID is associated with the
request. Use of the special Web server %%CLIENT%% access control user
ID enables this type of authentication.
Client-based authentication is supported by IBM's HTTP server starting
in OS/400 V4R1.
- Server-based authentication
- The user ID of the Web server is associated with each request and the user
is not prompted for a user ID or password. Use of the special Web
server %%SERVER%% access control user ID enables this type of
authentication.
By default, IBM's HTTP server runs CGI programs under the QTMHHTP1
user ID (user profile). However, if the UserID directive is in effect
or within a protection setup where the UserID subdirective has been specified,
the program is executed under the specified user ID.
- Surrogate authentication
- A surrogate user ID that has the authority to access some predefined
collection of resources is associated with the client request. This
type of authentication requires the creation of surrogate user IDs with access
authority that is appropriate for a group of users or class of
requests. Authentication with surrogate user IDs usually uses validation list
objects first introduced in V4R1. For more information and examples,
see OS/400 System API Reference.
The approach that the Web server uses for associating a user ID with a
client request is specified when the Web server is configured. For
additional detail on access control user IDs, on installing the Web server,
and on using the Protect, Protection, DefProt, and UserId directives to
configure the Web server, refer to to your HTTP server documentation.
| Tip: | To protect Net.Data macros do the following:
- Add protection directives in the Web server configuration file for the
Net.Data program object.
- Ensure the user ID that Net.Data will be running under has access
rights to the macro files. For more information on granting access
rights, see Granting Access Rights to Objects Accessed by Net.Data.
|
[ Top of Page | Previous Page | Next Page | Table of Contents | Index ]