Web Application Validation of Credentials

After the user passes the web server authentication (if any), the web application requests authentication via a server page.

There are three possible approaches to authentication, depending on the specific requirements of the web application.

Authentication by the Web Server of accounts kept in USoft

USoft maintains the application accounts and generates external accounts, for example: Active Directory accounts, using RDMI components. These external accounts are used by the Web Server (e.g. IIS) for account validation. In such a setup, a USoft password management web application is used. As authentication by the web server is trusted, the USoft logon dialog that can be specified by the Web Designer is bypassed.

Authentication by USoft

Access to the Web Server is anonymous and USoft validates accounts with its own logon dialog . In this case, Web Server secure socket connections are required to avoid readable passwords being sent over the network. To avoid repeated logon dialogs upon each request, user credentials are cached at the server page level. The access right expires when the user does not use the application for some time. The expiration time is the session timeout as set for the application in the virtual directory of the Web Server.

When USoft takes care of account validation, the Validation Agent as specified in the Authorizer checks the account. If the credentials are not valid or if the application cannot be accessed, an error message is displayed. If the logon is successful, a user has access to all pages in the web application. Restrictions on this access may apply, as defined by the USoft Authorizer.

Account mapping from Web Server accounts to USoft accounts

Accounts are maintained and checked outside of USoft. The account id is passed to USoft or accounts are mapped to USoft accounts.