Published on InterSystems Developer Community (https://community.intersystems.com)

Home > Additional check on cache user authorization

Question
Eduard Lebedyuk · Feb 24, 2016

Additional check on cache user authorization

I need to perform additional checks before Cache user logins (let's say in a terminal for simplicity) and allow access only to those, who passed them. How do I do it?

After reading about delegated authentication in docs I created this ZAUTHENTICATE routine:

ZAUTHENTICATE(ServiceName,Namespace,Username,Password,Credentials,Properties) PUBLIC {
 #include %occErrors
 #include %occStatus
 quit $$$ERROR($$$GeneralError,"No access") 
}

and set Password and Delegated as Allowed Authentication Methods   in %Service_Console (it's a windows install)

Expected result: no one can login via the terminal

Actual results: after entering cache user credentials in a terminal prompt user succsessfully logins but in this user plrofile there is:

Last Reason for Failing to Login: ERROR #5001: No access 

audit reports:

2016-02-24 10:10:00.046 %System %Login LoginFailure 7560   dev Error entering the application Programmer mode
#Authentication #Security #Terminal #Access control #Caché

Source URL:https://community.intersystems.com/post/additional-check-cache-user-authorization