The mgiAuthenticateDB Tag
Authenticate Mode
Return to the mgiAuthenticateDB
Main Menu
Tag Syntax
The Authenticate mode of mgiAuthenticateDB has no required
parameters and sixteen optional parameters. The tag form is:
<mgiAuthenticateDB mode="Authenticate" group="Name"
startDate="Date" endDate="Date" startTime="Time"
endTime="Time" dailyStartTime="Time"
dailyEndTime="Time" setCookie="Yes/No"
cookieExpirationDate="Date" cookieExpirationTime="Time"
allowedIP="IP Number" deniedIP="IP Number"
odbcDatasource="Source Name" odbcUsername="Name"
odbcPassword="Password">
Required Parameters:
Optional Parameters:
- mode - The mode is the function that the mgiAuthenticateDB
tag performs. In "authenticate" mode, the mgiAuthenticateDB
tag regulates access to the page containing the mgiAuthenticateDB
tag by requiring a valid username, password and IP number (if
specified). "Authenticate" is the default mode of the
mgiAuthenticateDB tag.
- group - The group is the name of the user group allowed
to access the page with a valid username and password. If a group
is not specified, all groups are allowed to access the page with
a valid username and password.
- startDate - The startDate is the first day access
to the page is allowed with a valid username and password. The
syntax of the date must be a julian day (see the mgiJulianDay
tag). The startDate parameter can be used in conjunction with
the endDate parameter to specify a definite time frame when access
to a page is allowed or the startDate parameter can be entered
alone to specify a start date for access without an expiration.
If the startDate parameter is not included, the page can be accessed
immediately with a valid username and password.
- endDate - The endDate is the last day access to the
page is allowed with a valid username and password. The syntax
of the date must be a julian day (see the mgiJulianDay
tag). The endDate parameter can be used in conjunction with the
startDate parameter to specify a definite time frame when access
to a page is allowed or entered alone to specify an expiration
for access with an immediate start date. If the endDate parameter
is not included, the page can be accessed any time after the
specified start date.
- startTime - The startTime is the time that access
to the page is allowed on the specified start date. The syntax
of the time must be military format (i.e., hhmm). If the startTime
parameter is not included, access to the page is available at
midnight on the specified start date.
- endTime - The endTime is the time that access to the
page is no longer allowed on the specified end date. The syntax
of the time must be military format (i.e., hhmm). If the endTime
parameter is not included, access to the page ends after 11:59
PM on the specified end date.
- dailyStartTime - The dailyStartTime is the time that
access to the page is allowed during each day from the specified
start date to the specified end date. The syntax of the time
must be military format (i.e., hhmm). If the dailyStartTime is
not included, then access to the page is valid each day from
midnight until the daily end time during the period from the
start time on the start date to the end time on the end date.
- dailyEndTime - The dailyEndTime is the time that access
to the page is no longer allowed during each day from the specified
start date to the specified end date. The syntax of the time
must be military format (i.e., hhmm). If the dailyStartTime is
not included, then access to the page is valid each day from
the daily start time until 11:59 PM during the period from the
start time on the start date to the end time on the end date.
- setCookie - The setCookie parameter determines whether
a cookie with the user's authentication information is set during
the user's first visit and retrieved upon subsequent visits to
the page. If the setCookie parameter value is "Yes",
then an encrypted cookie with the user's authentication information
is set during the user's first visit to the page and retrieved
during subsequent visits to the page until the cookie expiration
time on the cookie expiration date. If the setCookie parameter
value is "No", then the user must enter their
authentication information during each visit to the page. The
default value is "No". If you
include the setCookie parameter, the cookieExpirationDate and
cookieExpirationTime parameters are required.
- cookieExpirationDate - The cookieExpirationDate is
the date that the user's authentication cookie expires. The syntax
of the date must be a 2-digit month, 2-digit, and a 4-digit year
separated by hyphens (i.e., mm-dd-yyyy). The
cookieExpirationDate parameter is required if you include the
setCookie parameter.
- cookieExpirationTime - The cookieExpirationTime is
the time that the user's authentication cookie expires on the
cookie expiration date. The syntax of the time must be military
format seperated by a colon (i.e., hh:mm). The
cookieExpirationTime parameter is required if you include the
setCookie parameter.
- allowedIP - The allowedIP is the individual IP number,
hostname, or the block of IP numbers or hostnames that are allowed
to access the page with a valid username and password. For an
individual IP number, the parameter value is the IP address.
For multiple, individual IP numbers, include the allowedIP parameter
multiple times within the mgiAuthenticateDB tag (e.g., allowedIP="63.45.215.48"
allowedIP="208.196.25.1"). For a block of IP numbers
or hostnames, use the asterisk (*) to represent a wildcard in
any part of the IP number (e.g., allowedIP="201.199.24.*"
or allowedIP="24.15.*.*"). If the allowedIP parameter
is not included, a user from any IP number with a valid username
and password is allowed to access the page. This parameter may
be specified multiple times.
- deniedIP - The deniedIP is the individual IP number,
hostname, or block of IP numbers or hostnames that are not allowed
to access the page even if they have a valid username and password.
For an individual IP number, the parameter value is the IP address.
For multiple, individual IP numbers, include the deniedIP parameter
multiple times within the mgiAuthenticateDB tag (e.g., deniedIP="155.26.14.241"
deniedIP="155.26.54.214"). For a block of IP numbers
or hostnames, use the asterisk (*) to represent a wildcard in
any part of the IP number (e.g., deniedIP="213.14.144.*"
or deniedIP="24.15.*.*"). If the deniedIP parameter
is not included, users from any IP number with a valid username
and password is allowed to access the page. This parameter may
be specified multiple times.
- odbcDatasource (NT only) - The odbcDatasource is the name of
datasource on the server that provides access information for
an external ODBC database. If the odbcDatasource parameter is
included, authentication information will be stored in the specified
ODBC database rather than the internal MGI database. Inquire
with the server administrator for additional information about
the use of ODBC databases. If you include
the odbcDatasource parameter, the odbcUsername and odbcPassword
parameters are required.
- odbcUsername (NT only) - The odbcUsername is the username required
to access the ODBC datasource. The odbcUsername
parameter is required if you include the odbcDatasource parameter.
- odbcPassword (NT only) - The odbcPassword is the code required
to access the ODBC datasource. The odbcPassword
parameter is required if you include the odbcDatasource parameter.
Example Usage and Output
Multiple Username and Password Authentication
<mgiAuthenticateDB>
To password-protect a page with multiple usernames and passwords,
enter users via the web-based admin
or via a form processed by the addUser
mode of mgiAuthenticateDB. Enter the mgiAuthenticateDB tag on
any page you wish to password-protect. In this example, a user
from any group with a valid username and password can access
the page.
Groups
<mgiAuthenticateDB group="admin">
Password access to a page can be limited to users in a specific
group. To limit access to one group, enter the group name in
the Group parameter. In this example, only users in the "admin"
group can access the page. Users in other groups cannot access
the page even if they have a valid username and password.
Date and Time Limited Authentication
<mgiAuthenticateDB startDate={mgiJulianDay month="11;"
day="1" year="2000"}
endDate={mgiJulianDay month="6;" day="30" year="2001"}
startTime="0800" endTime="1700" dailyStartTime="0800"
dailyEndTime="1700">
Using date and time limited authentication, access to a page
depends on the current date and time. In this example, users
in any group with a valid username and password will be granted
access to the page at 8 AM on 1 November 2000. Valid users will
no longer be able to access the page after 5 PM on 30 June 2001.
In addition, valid users will only be granted access from 8 AM
to 5 PM each day from 8 AM on 1 November 2000 until 5 PM on 30
June 2001.
IP Authentication
<mgiAuthenticateDB group="staff" allowedIP="204.15.26.*">
Using the allowedIP and deniedIP parameters can further restrict
the users who can access a page. In this example, only users
accessing the page from the 204.15.26.* LAN with a valid username
and password are allowed. For example, a user accessing the page
from 204.15.25.241 with a valid username and password would be
allowed, but a user accessing the page from 208.251.177.15 would
not be allowed to access the page even if they have a valid username
and password.
Cookies
<mgiSet name="1YrMonthExpiration">
<mgiDate format="paddedNumericMonth" text="-"
format="paddedDay">-<mgiMath resultPrecision="0"
workPrecision="2">
<mgiDate format="longYear">+1
</mgiMath>
</mgiSet>
<mgiAuthenticateDB setCookie="Yes"
cookieExpirationDate={mgiGet name="1YrMonthExpiration"}
cookieExpirationTime="2359">
Setting a user's information in a cookie makes it convenient
for the user to access a password-protected page. During the
user's first visit, an encrypted cookie with the user's authentication
information is set. The user will not have to re-enter their
username and password when they access the page until the cookie
expires. In this example, users will be able to access the page
until their cookie expires at 11:59 PM 1 year from the current
date. To accomplish the dynamic expiration date, 1 is added to
the current year and is set in a variable with the current month
and day. The variable value is then embedded in the cookieExpirationDate
parameter of the mgiAuthenticateDB tag.
Return to the mgiAuthenticateDB
Main Menu
|