Additional check on cache user authorization

Question

Eduard Lebedyuk · Feb 24, 2016

I need to perform additional checks before Cache user logins (let's say in a terminal for simplicity) and allow access only to those, who passed them. How do I do it?

After reading about delegated authentication in docs I created this ZAUTHENTICATE routine:

ZAUTHENTICATE(ServiceName,Namespace,Username,Password,Credentials,Properties) PUBLIC {
 #include %occErrors
 #include %occStatus
 quit $$$ERROR($$$GeneralError,"No access") 
}

and set Password and Delegated as Allowed Authentication Methods in %Service_Console (it's a windows install)

Expected result: no one can login via the terminal

Actual results: after entering cache user credentials in a terminal prompt user succsessfully logins but in this user plrofile there is:

Last Reason for Failing to Login:	ERROR #5001: No access

audit reports:

2016-02-24 10:10:00.046

%System

%Login

LoginFailure

7560

dev

Error entering the application Programmer mode

#Authentication #Security #Terminal #Access control #Caché