Skip to main content

Example Two: Web

In this example you experiment with Unauthenticated and Password authentication using a Web application.

The following steps involve code in a class named SecurityTutorial.AuthenticationExample. The instructions for creating this class are here: Code for Authentication Example. Create the class definition in the USER namespace.

Now configure the Web application:

  1. Open the Web Applications page of the portal (click [Home] > [System Administration] > [Security] > [Web Applications]).

  2. Click Edit for the /csp/user application.

  3. Verify that Web File is enabed.

  4. For Allowed Authentication Methods click Unauthenticated. Verify that no other authentication mechanism is selected. Click Save.

  5. For Dispatch Class enter SecurityTutorial.AuthenticationExample.

  6. Click Save.

    Save button, Enable Application setting, Enable setting, and Allowed Authentication Methods settings are highlighted

Next, open your favorite REST client. This example uses the Postman browser plug-in.

  1. Create a GET request and specify that we are not using authentication.

    Postman Authorization tab with No Auth selected in the Type drop-down list

    The URL looks like this


    Note that the port number displayed here, 52773, is the default InterSystems IRIS web server port. The port for your instance may be different.

  2. Click Send

    Body of Postman response showing username and roles

  3. Since we selected Unauthenticated for the authentication mechanism, we access the application through the UnknownUser account. An initial security setting of Minimal grants the UnknownUser the %ALL role.


There are a number of free REST clients available both as stand alone applications and browser plug-ins.