• Access Rights

    By Steve Cochrane 1 decade ago

    Thank you! This looks very promising. Just curious… I don't see any “Authors” field in the “BusinessUser” form, so a user will need to login again to “Edit Profile”. Is this by design?

    • Application Security Architecture

      By Vikas Tiwari 1 decade ago

      Hello Steve, 

      Thanks for showing the interest ! I am excited to know that application is useful for the community. 

      Regarding the Forced Re-Authentication of users, I have written specific code to clear out the LTPAToken/Existing session information from cookies and ensure that user has to login again before reaching the Profile Registration page. Also, if a user tries to access the Registration page directly via URL, in that scenario, the application will redirect him to Homepage, as direct URL access will not provide the required Scope variables. Thus, application won't allow any unauthorized attempt to profile page and changing the secret question/answers without re-authentication.

      If you need more details, I'll recommend please review the source code of xpValidateUser XPage and ccHome Custom Control in the application design.

    • By Vikas Tiwari 1 decade ago

      Please let me know if functionality to Force users to Re-Authenticate is useful ? I'll try to create a generic Code Snippet around it and upload to OpenNTF.