1.5.4 Partial User Authentication - Process Level Security

The Partial User security model allows specific processes to be authenticated while the remainder of your application uses anonymous access. With this model you can choose which of your LANSA processes require user authentication. 

When LANSA Web is invoked, it will check if the Web Server has passed a user profile. If the Web Server has not passed any user profile, then it determines if the requested LANSA process requires user authentication. If no authentication is required for the process, the user will be allowed access as an anonymous user.

However, when the user attempts to use a LANSA process that has been registered as requiring user authentication, LANSA Web will redirect the request to the LANSAWEB script program in a library which forces the Web Server to request a user profile. The Web Server will not permit any further progress until a valid user profile is provided. If a valid user profile is provided, then LANSA Web is invoked.

You do not have to modify the URL of your LANSA applications using this alternative. Your URL will still point to the CGI-BIN library. LANSA Web looks after the redirection of the request to the authentication library automatically for processes that have been set up for user authentication.

If a Web Server has passed a user profile, LANSA Web checks if it is a registered LANSA Web user. If the user is known to LANSA Web, the associated Data/Application Server user profile is used to execute LANSA. This user profile will be used to determine the access rights at the Data/Application Server.

If the Web Server user profile is not registered with LANSA Web, the user will still be allowed to use LANSA Web provided there is an anonymous user registered. This means that LANSA Web will use the default user profile to determine your access rights.

Note that once the Web Server has authenticated the user, the profile is persistent throughout the life of the browser. This means that a subsequent request to LANSA Web will use the same user profile, irrespective of whether or not the LANSA process requires user authentication.

To configure Partial User Authentication on an IBM i Web Server, complete the following steps:

Before You Begin Checklist

Step 1. IBM i Validation Lists & Add Users

Step 2. Update IBM i Web Server Configuration

Step 3. Execute Administrator to Define Process Authentication

Step 4. Register Web Users


For details of authentication using a Windows Web Server, refer to the Installing LANSA on Windows Guide.