From: Rob McCool 
Newsgroups: netscape.devs-nsapi
Subject: Re: Custom Authorization again....
Date: Wed, 27 Nov 1996 16:01:03 -0800

> I'm currently writing an API to do a custom authorization from an Oracle
> database for a BBS system.
> 
> I don't want the dialogue box used in the basic-auth, instead I want my
> own custom html page to ask for the login/password.
> 
> I read the "cookies" example, but I was wondering if I didn't have to
> use "cookies". Is there any other simpler way to implement this? Can I
> just use the pblock_nvinsert functions to grab the username and
> password? How would the cgi-script called form the 

> interact with the AuthTrans and PathCheck functions?
> 
> I'm a bit confused with all this--maybe someone out there can help me...

The reason you have to use cookies to get a different login box when
using basic authorization is that the Navigator doesn't provide Java
or JavaScript hooks for you to change it. The box is hard coded to
be the way it is.

Writing a cookie-based system for this should only take two NSAPI 
functions, one to enforce the authorization, and one to verify the
authorization and send the cookie. Here's a brief outline of one
possible solution.

The function to enforce the authorization would be a PathCheck 
function, which simply checks for the presence of the proper cookie. If
it's not there, this function should redirect the user to the page
which has the form on it. If you wanted to protect all of the files
on /disk1/protected, and your function was called enforce-auth, you 
could have in obj.conf:


PathCheck fn=enforce-auth new-page=http://something/auth.html


new-page would show up as an entry to enforce-auth's argument pblock.

The function to handle the form would be a Service function, and would
take the form data and check it against the Oracle database. Once the 
data had been verified, the function would either redirect them to a
new welcome page, or would send back a short response welcoming them.
There have been a couple of examples of parsing POSTed forms around. To
activate this function, assuming it's called custom-auth and your
document root is /docroot, you would have in obj.conf:


Service fn=custom-auth welcome-page=http://something/welcome.html


Your  tag would then be 

Hope that helps.

--Rob


--
Rob McCool, robm@netscape.com http://home.netscape.com/people/robm/
Stunt Programmer, Netscape Communications Corporation
It was working ten minutes ago, I swear...


Reproduced by permission of the author.