Handle login and password input

Prevent direct access to the application and force the end user to enter a login and password.

URL handling in the Simple SSO service program

Once the login page has been submitted (step 4 in the workflow), the incoming URL is split in 2 parts:

the base URL
the query string

The query string is parsed by the SSOService.4gl code, to retrieve values for the user name, the password, the state of the “keeping password” checkbox, and any potential query string parameters the user may have manually entered in the URL:

CALL parseQueryString(query) RETURNING user, pwd, userQueryString, isCookie

Important: Consider reviewing the functions included in the sample. They are intended to be simple examples. For a production site, you would want to avoid data transmitted in clear.

Once the user and password have been retrieved from the query string, the service program checks whether the user name and password are valid.

If the user name and password are valid, the application can be started by creating the cookie for the user, as explained in Cookie handling.

If the user could not be authenticated, the Genero REST service returns an HTTP request with an error page, with HTTP code 200:

CALL req.setResponseHeader("Content-Type", "text/html")
CALL req.sendTextResponse(200,"Access Forbidden", html-error-page-string)