Question
Markus Kogler · Jan 16, 2021

Remember Password feature in ZEN Application

Hi Community,

is there a possibility to implement a "remember password" feature in a ZEN Application?

In the management portal I added a web-application for a ZEN application with password authentification. I created an own login page, and now I want to implement a "remember password" feature (User should not have to login again after the session times out or when the browser window is closed).

Product version:
Caché 2018.1
00
1 0 2 63

Replies

Hi

In one of my Zen applications I built a custom Login Screen and in the Web Application Definition I call that login csp page. In my case I maintain my own User/Role tables and when I add or modify a User I use the Ensemble security method calls to create or update the user in Ensemble.

The Zen Custom Login forms are designed to validate the user against the Ensemble Users Table.

Given that in your login page the User and Password fields can be accessed through the DOM model you can get the values from those fields by specifying a "OnChange" or equivalent JS event and you can then get the value entered by the user and you can then write those values into your own "Login Audit Table". Likewise you can detect when the Zen session has closed and so you could trap that and update your "Login Audit Table" to indicate when the user logged out.

In the Zen documentation they give an example of a simple custom login form:

<page xmlns="http://www.intersystems.com/zen" title="">
  <loginForm id="loginForm" >
    <text name="CacheUserName" label="User:" />
    <password name="CachePassword" label="Password:" />
    <submit caption="Login" />
  </loginForm>
</page>

So you could trap the user name and password values (the password value will have been encrypted so if you needed to see the actual password value you would have to unencrypt it).

The only problem I foresee is that once you have submitted the form you won't know if the user has logged in successfully until your Home page displays so you would have to store those values in a temp global and then if you get to your Home screen you would know that they had logged in successfully and you could create your login Audit. 

Given the way that the Cache/Ensemble/IRIS documentation is structured you may well find a section elsewhere in the Zen documentation that might tell you how to trap the outcome of the 'submit' but I have not attempted to see if my theory returns any more useful information.

Nigel

Hi Nigel,

after some attempts with the above suggestions I got it done with the following way:

  1. Built a custom ZEN loginForm (to add the "remember me" Checkbox)
  2. Used the "Delegated Authentication" mechanism in Caché (https://docs.intersystems.com/latest/csp/docbook/DocBook.UI.Page.cls?KEY...)
  3. In the ZAUTHENTICATE objectscript routine you can write own code for authentication of the user
    1. here it is possible to check the "normal" Username, Password login
    2. and, if remember login was stored e.g in a cookie, login with a login token...

Thx