Class: cWebAppUserDataDictionary

Properties  Events  Methods    Index of Classes

DataDictionary class for the web application user table (WebAppUser) used by the "standard" web application session manager class (cWebSessionManagerStandard)

Hierarchy

cObject
---BaseData_Set
------DataSet
---------DataDictionary
------------cWebAppUserDataDictionary

Library: Web Application Class Library

Package: cWebAppUserDataDictionary.dd

Description

When you create a new web application project in the Studio, the resulting WebApp.src project file contains a session manager object based on the cWebSessionManagerStandard class. This session manager, in turn, creates a cWebAppUserDataDictionary object to verify user login information from the WebAppUser table.

The WebAppUser table stores important information about a valid user, including:
- User ID,
- User password,
- User rights level,
- User's name,
- Date of last access.

Note that this data dictionary stores the user password as a plain, unencrypted value. See below for information on storing the password as an encrypted string.

For more information refer to: Session Management and Logins, cWebSessionManagerStandard, cWebAppSessionDataDictionary.

Encrypting the User Password

In order to store the password as an encrypted string then you would need to restrict the size of the unencrypted password to ½ of the number of characters stored in the WebAppUser.Password column (i.e. 20 characters / 2 = 10 characters). This is because encrypted strings will occupy up to twice the number of characters as an unencrypted string. Alternatively you could modify the WebAppUser table to double the current size of the Password column.

The sample below demonstrates how you can modify your user table's data dictionary object to retrieve encrypted password data using the web application's resource manager object to perform the decryption.

Object oSessionManager is a cWebSessionManagerStandard
    // Delete the old User & Session DDOs
    Send Destroy to (phoUserDD(Self))
    Send Destroy to (phoSessionDD(Self))

    // Create new Session & User DDO's and store their object handles
    Object oSession_DD is a cWebAppSessionDataDictionary
        Set phoSessionDD to Self
    End_Object
    
    Object oUser_DD is a cWebAppUserDataDictionary
        Set phoUserDD to Self
        
        // Connect User & Session DDO's
        Set DDO_Server of oSession_DD to Self

        Function Field_Current_Value Integer iField Returns String
            String sValue
            Integer iPasswordField

            Forward Get Field_Current_Value iField to sValue
            // If this is the password field then sValue 
            // must be decrypted
            Get_FieldNumber WebAppUser.Password to iPasswordField
            If (iField = iPasswordField) Begin
                Get DecryptKey of ghoWebResourceManager sValue to sValue
            End
            Function_Return sValue
        End_Function 
    End_Object
End_Object

Your tool that creates the user records with encrypted passwords would likewise use the resource manager's EncryptKey function to create the encrypted password value.

For more information refer to: cWebResourceManager, cWebSessionManagerStandard.