Gyroscopic
Posts: 15
|
| Posted: 01/13/2006, 2:58 PM |
|
I'm stumped again. I'm using CC3.0.2.2
I'm trying to use the Access Denied Field. I have created a login page and a logout page. I have logout.ccp in the Access Denied field. I have all authentication set up properly. When I am directed to the login page everything works except the redirect. Incorrect userid/pwd get error message, that is good. Users with correct security get into the form, that is good. Users that try to login without the proper security level just get returned to a blank login screen and not the access denied page or the logout page.
I've tried putting putting logout.ccp on the login page access denied parameter with no luck. If I put it on the form's access denied parameter and I call up the form, it immediately goes to the logout page, not good. If I put it on both I still have the same problem, the login screen does not redirect to the logout page.
I'd appreciate any help possible.
Thanks
|
 |
 |
peterr
Posts: 5971
|
| Posted: 01/14/2006, 4:36 PM |
|
This is correct behavior. CCS doesn't know what you want to do or display when users cannot login, so it's up to you to tell users that the login page is displayed because they don't have sufficient security. For example you can add such text to your login page "Your security level is too low to continue. Please login with sufficient privileges or click here to return to the main page.", or whatever else you want to tell your users.
The "Access Denied Page" property is usually used to specify the login page, so it doesn't make sense to use it on the login page itself.
Of course you can implement any other page flow that you can think of. I just don't see anything wrong with the scenario you described, maybe except for lack of explanation for your users about what you want them to do when they don't have sufficient access level.
_________________
Peter R.
YesSoftware Forums Moderator
For product support please visit http://support.yessoftware.com |
|
|
|
Gyroscopic
Posts: 15
|
| Posted: 01/14/2006, 5:04 PM |
|
Thanks. I guess I am confused over the wording of what the Access Denied Page really is. I thought it was being used as a redirect URL after a user tries to login to some form but fails because of lack of permissions. E.g. User logs in with proper userid and password, doesn't have proper credentials, redirect them to a Access Denied Page which says something like "You don't have the proper credentials to access this page."
So when someone logs in correctly but without the proper credentials, how does one then display the message "Your security level is too low to continue. Please login with..." on the same login page they started at?
Probably a dumb question but I'm really not a programmer.
Thanks,
|
|
|
|
peterr
Posts: 5971
|
| Posted: 01/14/2006, 5:21 PM |
|
Yes, this is exactly how Access Denied page can be used as an alternative to the Login page. Since CCS doesn't know if you have such page then for simplicity it just directs unauthorized users to the Login page, which many developers may also leave as their default functionality. So you have full control over this and can decide what you want to do.
But in both cases it probably doesn't make sense to specify the Access Denied page for the Login page because the access should never be denied to the Login page.
You can put that text explanation message on the Login page so that it is always shown. I think that it doesn't need to be hidden by default since you may want to tell your users why they arrived to that page in the first place. Or you can create a separate Access Denied page as you described and assign it to the page that you want to protect, instead of the Login page.
BTW, I would first start with making the decision on how exactly you want to implement your page flow, then think (or ask) about how to implement it. Otherwise you are describing that something doesn't work as you like, but unfortunately I don't know about the page flow that you want to implement.
_________________
Peter R.
YesSoftware Forums Moderator
For product support please visit http://support.yessoftware.com |
|
|
|
|
