Skip to main content

Username and Password on Every Page

Well, not really, as that would be bad. However, I’ve often wondered how to include a field for the username and password on every public page, making the sign on process one less click. Well, there’s nothing like learning how to do something like having a customer requirement!

A current client wants a largely public site – that is, you do not need to authenticate to see most of it. Simple enough – just set the Page Attributes Security to Page is Public. However, the client also wanted the username and password field to appear on each and every public page.

From a developer point of view, I didn’t want to have to put any items on any page aside from Page Zero. Thus, every time that I add a page to the application, the login region would simply show up. This required a bit more thought.

Here’s what I came up with: I created a region on Page Zero which holds my username and password fields, as well as a Login button. The button is not an item button, but rather a true button which submits the page when clicked. I also set this region to only display when the user was unauthenticated.

In order to accommodate authenticated users, I also created an HTML region on Page Zero which only renders when the user is authenticated. This region simply displays a welcome message to the user.

Next, I created 2 application level processes to handle the actual authentication process. These two processes are copies of the Set Username Cookie & Login processes which are typically found on Page 101 of your HTML DB Application. These processes are set to run only when the REQUEST = P0_LOGIN, which is the name of my button on Page Zero.

Thus, when you enter a valid username and password and click the Login button on any public page in my application, you are authenticated and returned to the page from which you came. All without any code or items on any page aside from Page Zero!

Steps to Implement
  1. Create Page 0

  2. Create an HTML Region on Page 0 called Login

  3. Set condition of that region to User is the Public User (user has not authenticated)

  4. In that region, create two items:
    P0_USERNAME
    - Text
    P0_PASSWORD - Password

  5. Create an HTML Region on Page 0 called Welcome

  6. In the source of that region, enter a simple welcome message, such as Welcome, &APP_USER.

  7. Set condition of that region to User is Authenticated (user has not authenticated)

  8. Create a Button named P0_LOGIN on Page 0 in the Login region
    - Select Create Button in a Region Position when prompted
    - Leave Branch to Page blank

  9. Create an Application Level Process:
    Sequence
    : 1
    Process Point
    : On Submit: After Page Submission – After Computations and Values
    Name
    : Set Cookie
    Type
    : PL/SQL Procedure
    Process Text
    :
    begin

    owa_util.mime_header('text/html', FALSE);

    owa_cookie.send(

    name => 'LOGIN_USERNAME_COOKIE',

    value => lower(:P0_USERNAME));

    exception
    when others then null;

    end;

    Process Error Message
    : An Error Has Occured
    Condition Type
    : Request = Expression 1
    Expression 1
    : P0_LOGIN

  10. Create an Application Level Process:
    Sequence
    : 2
    Process Point
    : On Submit: After Page Submission – After Computations and Values
    Name
    : Login
    Type
    : PL/SQL Procedure
    Process Text
    :
    begin

    wwv_flow_custom_auth_std.login(

    P_UNAME => :P0_USERNAME,

    P_PASSWORD => :P0_PASSWORD,

    P_SESSION_ID => v('APP_SESSION'),

    P_FLOW_PAGE => :APP_ID||':&APP_PAGE_ID.'
    );
    :P0_USERNAME := null;

    :P0_PASSWORD := null;

    end;


    Process Error Message
    : An Error Has Occured
    Condition Type
    : Request = Expression 1
    Expression 1
    : P0_LOGIN

  11. Edit your current Authentication Scheme, and set the Logout URL to redirect to a public page, not page 101.

  12. Set the Security - Authentication to at least one page in your application to Page is Public.

You should now be able to sign on from any public page in your applicaion.

Comments

Anonymous said…
Hmm, interesting to read. I have to keep this tip in mind, just in case of.. You should post more blog entries like this :)
Scott said…
You should post more blog entries like this :)

Thanks for the feedback - I try my best to keep the content here useful, but as everyone knows, time is a scarce commodity these days!

Thanks,

- Scott -
Bill Dwight said…
Excellent entry Scott - very helpful. Thank you!
Anonymous said…
If you still had a 'real' logon page, should it be modified to use the page0 fields and application processes in order to prevent code duplication and ease maintenance down the line?
Scott said…
If you still had a 'real' logon page, should it be modified to use the page0 fields and application processes in order to prevent code duplication and ease maintenance down the line?

You could conceivably remove page 101 entirely, and then just use page 1 as a "login" page. If there was a field for username & password on all public pages, there simply woulnd't be a need for a dedicated login page.

Thanks,

- Scott -
Anonymous said…
Very interesting... I've done this before using other languages (Oracle, PSP's is one of them) but its cool to know that it's actually pretty easy with HTML-DB.

Thanks!
Anonymous said…
Hi Scott,

This is quite an approach...
However, I have a rather more challeging issue...
A client of mine just has an XE database and that's basicly it. now there is a business need to integrate all 4 (custom build)of the apex-applications into 1 sign on session. (log in once, and use all the applications).
any suggestions...
Scott said…
A client of mine just has an XE database and that's basicly it. now there is a business need to integrate all 4 (custom build)of the apex-applications into 1 sign on session. (log in once, and use all the applications).
any suggestions...


If all of the applications are in the same schema (workspace), then you should be able to share a cookie among them; thus, signing on to one should authenticate you to all.

Thanks,

- Scott -
Unknown said…
This comment has been removed by the author.

Popular posts from this blog

Custom Export to CSV

It's been a while since I've updated my blog. I've been quite busy lately, and just have not had the time that I used to. We're expecting our 1st child in just a few short weeks now, so most of my free time has been spent learning Lamaze breathing, making the weekly run to Babies R Us, and relocating my office from the larger room upstairs to the smaller one downstairs - which I do happen to like MUCH more than I had anticipated. I have everything I need within a short walk - a bathroom, beer fridge, and 52" HD TV. I only need to go upstairs to eat and sleep now, but alas, this will all change soon... Recently, I was asked if you could change the way Export to CSV in ApEx works. The short answer is, of course, no. But it's not too difficult to "roll your own" CSV export procedure. Why would you want to do this? Well, the customer's requirement was to manipulate some data when the Export link was clicked, and then export it to CSV in a forma...

Manipulating Images with the... Database?

A recent thread on the OTN HTML DB Forum asked about how to determine the width & height of an image stored as a BLOB in an Oracle table. I mentioned in that thread that I have some code to manipulate an image stored in a BLOB column. This is particularly useful if you’re going to let users upload images, and you want to re-size them to display as a thumbnail. Thanks to Oracle interMedia , it is trivial to manipulate the width, height, and other attributes of images stored in an Oracle table. I’ve created a sample application here which demonstrates Oracle interMedia and HTML DB in action. Feel free to have a look. You can download this application from HTML DB Studio as well. Basically, this application allows you to upload images and perform an operation on the image as it is inserted into the PHOTO_CATALOG table. There are two places where some PL/SQL code is required: an After Submit process on page 2, and a procedure to display the images. Here is the PL/SQL for the After...

Refreshing PL/SQL Regions in APEX

If you've been using APEX long enough, you've probably used a PL/SQL Region to render some sort of HTML that the APEX built-in components simply can't handle. Perhaps a complex chart or region that has a lot of custom content and/or layout. While best practices may be to use an APEX component, or if not, build a plugin, we all know that sometimes reality doesn't give us that kind of time or flexibility. While the PL/SQL Region is quite powerful, it still lacks a key feature: the ability to be refreshed by a Dynamic Action. This is true even in APEX 5. Fortunately, there's a simple workaround that only requires a small change to your code: change your procedure to a function and call it from a Classic Report region. In changing your procedure to a function, you'll likely only need to make one type of change: converting and htp.prn calls to instead populate and return a variable at the end of the function. Most, if not all of the rest of the code can rem...