Skip to main content

Example Two: Web

In this example you experiment with Unauthenticated and Password authentication using a Web application.

The following steps involve code in a class named SecurityTutorial.AuthenticationExample. The instructions for creating this class are here: Code for Authentication Example. Create the class definition in the USER namespace.

Now configure the Web application:

  1. Open the Web Applications page of the portal (click [Home] > [System Administration] > [Security] > [Web Applications]).

  2. Click Edit for the /csp/user application.

  3. Verify that Web File is enabed.

  4. For Allowed Authentication Methods click Unauthenticated. Verify that no other authentication mechanism is selected. Click Save.

  5. For Dispatch Class enter SecurityTutorial.AuthenticationExample.

  6. Click Save.

    Save button, Enable Application setting, Enable setting, and Allowed Authentication Methods settings are highlighted

Next, open your favorite REST client. This example uses the Postman browser plug-in.

  1. Create a GET request and specify that we are not using authentication.

    Postman Authorization tab with No Auth selected in the Type drop-down list

    The URL looks like this

    
http://localhost:52773/csp/user/authenticationEx

    Note that the port number displayed here, 52773, is the default InterSystems IRIS web server port. The port for your instance may be different.

  2. Click Send

    Body of Postman response showing username and roles

  3. Since we selected Unauthenticated for the authentication mechanism, we access the application through the UnknownUser account. An initial security setting of Minimal grants the UnknownUser the %ALL role.

Note:

There are a number of free REST clients available both as stand alone applications and browser plug-ins.

Next, we configure the Web application to use Instance Authentication.

  1. Open the Web Applications page (click [Home] > [System Administration] > [Security] > [Web Applications]) of the portal.

  2. Click the /csp/user link to edit application.

  3. For Allowed Authentication Methods click Password. Verify that no other authentication mechanism is selected. Click Save.

    Save button and Allowed Authentication Methods setting highlighted with red boxes

  4. Return to your REST client and execute your GET again. This time specify that the client should use Basic Authentication. Use SuperUser and SYS as the Username and password:

    Postman Authorization tab. Basic Auth is selected in the Type drop-down list. Username is SuperUser and Password is SYS

  5. Click SEND

    Body of Postman response showing username and roles. Username is SuperUser

    Now we see that we are accessing the application using the SuperUser account. An initial security setting of Minimal grants the SuperUser account the %ALL role.

Next sectionDelegated Authentication Basics
Previous sectionExample One: Enabling Two-Factor Authentication
FeedbackOpens in a new tab