Secure Custom Web Application Logins
In addition to its recommended support for REST applications, InterSystems products support two other types of web applications: CSP and Zen. When configuring custom login pages that use CSP and Zen, it is important that you follow recommended protocols. These protocols provide greater security and minimize incompatibilities on upgrades to new products or versions.
About Creating a Custom CSP Login Page
To create a custom CSP login page:
-
Create a subclass of the %CSP.LoginOpens in a new tab page.
-
To customize your application’s behavior, override the subclass’s Draw methods, so that the page looks how you want. These include methods that modify the appearance of the login page and methods that modify the appearance of the security token page (if you are using two-factor authentication):
-
Login page methods — DrawCSS3STYLEOpens in a new tab, DrawHEADOpens in a new tab, DrawSTYLEOpens in a new tab, DrawTitleOpens in a new tab
-
Security token (ST) page methods — DrawSTHEADOpens in a new tab, DrawSTTitleOpens in a new tab
Note that the DrawTitleOpens in a new tab and DrawSTTitleOpens in a new tab methods call the DrawTitleSectionOpens in a new tab method.
-
-
Invoke the subclass as needed in your application.
When creating a custom login page, you must use a subclass of %CSP.LoginOpens in a new tab. Other approaches for creating login pages in CSP applications can cause problems of various kinds.
If you have written custom login pages that do not use a subclass of %CSP.Login and you apply any changes from InterSystems that upgrade or secure your instance, your login pages may fail without error messages. For example, users may attempt to log in with valid usernames and passwords, but their logins will fail without any visible cause. This situation may indicate that you need to change your custom login to use the required approach.
About Creating a Custom Zen Login Page
When creating a custom Zen login page, use the <loginForm> component in accordance with the procedure described in the “Controlling Access to Applications” section of the “Zen Security” chapter of Developing Zen Applications.
When creating a custom login page, you must use the <loginForm> component. Other approaches for creating login pages in Zen applications can cause problems of various kinds.
If you have written custom login pages that do not use the <loginForm> component and you apply any changes from InterSystems that upgrade or secure your instance, your login pages may fail without error messages. For example, users may attempt to log in with valid usernames and passwords, but their logins will fail without any visible cause. This situation may indicate that you need to change your custom login to use the required approach.