The mgiAuthenticateDB Tag

Authenticate Mode

Return to the mgiAuthenticateDB Main Menu

Tag Syntax

The Authenticate mode of mgiAuthenticateDB has no required parameters and sixteen optional parameters. The tag form is:

<mgiAuthenticateDB mode="Authenticate" group="Name" 
startDate="Date" endDate="Date" startTime="Time" 
endTime="Time" dailyStartTime="Time" 
dailyEndTime="Time" setCookie="Yes/No" 
cookieExpirationDate="Date" cookieExpirationTime="Time" 
allowedIP="IP Number" deniedIP="IP Number" 
odbcDatasource="Source Name" odbcUsername="Name" 
odbcPassword="Password">

Required Parameters:

  • None.

Optional Parameters:

  • mode - The mode is the function that the mgiAuthenticateDB tag performs. In "authenticate" mode, the mgiAuthenticateDB tag regulates access to the page containing the mgiAuthenticateDB tag by requiring a valid username, password and IP number (if specified). "Authenticate" is the default mode of the mgiAuthenticateDB tag.
  • group - The group is the name of the user group allowed to access the page with a valid username and password. If a group is not specified, all groups are allowed to access the page with a valid username and password.
  • startDate - The startDate is the first day access to the page is allowed with a valid username and password. The syntax of the date must be a julian day (see the mgiJulianDay tag). The startDate parameter can be used in conjunction with the endDate parameter to specify a definite time frame when access to a page is allowed or the startDate parameter can be entered alone to specify a start date for access without an expiration. If the startDate parameter is not included, the page can be accessed immediately with a valid username and password.
  • endDate - The endDate is the last day access to the page is allowed with a valid username and password. The syntax of the date must be a julian day (see the mgiJulianDay tag). The endDate parameter can be used in conjunction with the startDate parameter to specify a definite time frame when access to a page is allowed or entered alone to specify an expiration for access with an immediate start date. If the endDate parameter is not included, the page can be accessed any time after the specified start date.
  • startTime - The startTime is the time that access to the page is allowed on the specified start date. The syntax of the time must be military format (i.e., hhmm). If the startTime parameter is not included, access to the page is available at midnight on the specified start date.
  • endTime - The endTime is the time that access to the page is no longer allowed on the specified end date. The syntax of the time must be military format (i.e., hhmm). If the endTime parameter is not included, access to the page ends after 11:59 PM on the specified end date.
  • dailyStartTime - The dailyStartTime is the time that access to the page is allowed during each day from the specified start date to the specified end date. The syntax of the time must be military format (i.e., hhmm). If the dailyStartTime is not included, then access to the page is valid each day from midnight until the daily end time during the period from the start time on the start date to the end time on the end date.
  • dailyEndTime - The dailyEndTime is the time that access to the page is no longer allowed during each day from the specified start date to the specified end date. The syntax of the time must be military format (i.e., hhmm). If the dailyStartTime is not included, then access to the page is valid each day from the daily start time until 11:59 PM during the period from the start time on the start date to the end time on the end date.
  • setCookie - The setCookie parameter determines whether a cookie with the user's authentication information is set during the user's first visit and retrieved upon subsequent visits to the page. If the setCookie parameter value is "Yes", then an encrypted cookie with the user's authentication information is set during the user's first visit to the page and retrieved during subsequent visits to the page until the cookie expiration time on the cookie expiration date. If the setCookie parameter value is "No", then the user must enter their authentication information during each visit to the page. The default value is "No". If you include the setCookie parameter, the cookieExpirationDate and cookieExpirationTime parameters are required.
  • cookieExpirationDate - The cookieExpirationDate is the date that the user's authentication cookie expires. The syntax of the date must be a 2-digit month, 2-digit, and a 4-digit year separated by hyphens (i.e., mm-dd-yyyy). The cookieExpirationDate parameter is required if you include the setCookie parameter.
  • cookieExpirationTime - The cookieExpirationTime is the time that the user's authentication cookie expires on the cookie expiration date. The syntax of the time must be military format seperated by a colon (i.e., hh:mm). The cookieExpirationTime parameter is required if you include the setCookie parameter.
  • allowedIP - The allowedIP is the individual IP number, hostname, or the block of IP numbers or hostnames that are allowed to access the page with a valid username and password. For an individual IP number, the parameter value is the IP address. For multiple, individual IP numbers, include the allowedIP parameter multiple times within the mgiAuthenticateDB tag (e.g., allowedIP="63.45.215.48" allowedIP="208.196.25.1"). For a block of IP numbers or hostnames, use the asterisk (*) to represent a wildcard in any part of the IP number (e.g., allowedIP="201.199.24.*" or allowedIP="24.15.*.*"). If the allowedIP parameter is not included, a user from any IP number with a valid username and password is allowed to access the page. This parameter may be specified multiple times.
  • deniedIP - The deniedIP is the individual IP number, hostname, or block of IP numbers or hostnames that are not allowed to access the page even if they have a valid username and password. For an individual IP number, the parameter value is the IP address. For multiple, individual IP numbers, include the deniedIP parameter multiple times within the mgiAuthenticateDB tag (e.g., deniedIP="155.26.14.241" deniedIP="155.26.54.214"). For a block of IP numbers or hostnames, use the asterisk (*) to represent a wildcard in any part of the IP number (e.g., deniedIP="213.14.144.*" or deniedIP="24.15.*.*"). If the deniedIP parameter is not included, users from any IP number with a valid username and password is allowed to access the page. This parameter may be specified multiple times.
  • odbcDatasource (NT only) - The odbcDatasource is the name of datasource on the server that provides access information for an external ODBC database. If the odbcDatasource parameter is included, authentication information will be stored in the specified ODBC database rather than the internal MGI database. Inquire with the server administrator for additional information about the use of ODBC databases. If you include the odbcDatasource parameter, the odbcUsername and odbcPassword parameters are required.
  • odbcUsername (NT only) - The odbcUsername is the username required to access the ODBC datasource. The odbcUsername parameter is required if you include the odbcDatasource parameter.
  • odbcPassword (NT only) - The odbcPassword is the code required to access the ODBC datasource. The odbcPassword parameter is required if you include the odbcDatasource parameter.


Example Usage and Output

Multiple Username and Password Authentication

<mgiAuthenticateDB>

To password-protect a page with multiple usernames and passwords, enter users via the web-based admin or via a form processed by the addUser mode of mgiAuthenticateDB. Enter the mgiAuthenticateDB tag on any page you wish to password-protect. In this example, a user from any group with a valid username and password can access the page.

Groups

<mgiAuthenticateDB group="admin">

Password access to a page can be limited to users in a specific group. To limit access to one group, enter the group name in the Group parameter. In this example, only users in the "admin" group can access the page. Users in other groups cannot access the page even if they have a valid username and password.

Date and Time Limited Authentication

<mgiAuthenticateDB startDate={mgiJulianDay month="11;" 
day="1" year="2000"}
endDate={mgiJulianDay month="6;" day="30" year="2001"}
startTime="0800" endTime="1700" dailyStartTime="0800" 
dailyEndTime="1700">

Using date and time limited authentication, access to a page depends on the current date and time. In this example, users in any group with a valid username and password will be granted access to the page at 8 AM on 1 November 2000. Valid users will no longer be able to access the page after 5 PM on 30 June 2001. In addition, valid users will only be granted access from 8 AM to 5 PM each day from 8 AM on 1 November 2000 until 5 PM on 30 June 2001.

IP Authentication

<mgiAuthenticateDB group="staff" allowedIP="204.15.26.*">

Using the allowedIP and deniedIP parameters can further restrict the users who can access a page. In this example, only users accessing the page from the 204.15.26.* LAN with a valid username and password are allowed. For example, a user accessing the page from 204.15.25.241 with a valid username and password would be allowed, but a user accessing the page from 208.251.177.15 would not be allowed to access the page even if they have a valid username and password.

Cookies

<mgiSet name="1YrMonthExpiration">
<mgiDate format="paddedNumericMonth" text="-" 
format="paddedDay">-<mgiMath resultPrecision="0" 
workPrecision="2">
<mgiDate format="longYear">+1
</mgiMath>
</mgiSet>

<mgiAuthenticateDB setCookie="Yes" 
cookieExpirationDate={mgiGet name="1YrMonthExpiration"} 
cookieExpirationTime="2359">

Setting a user's information in a cookie makes it convenient for the user to access a password-protected page. During the user's first visit, an encrypted cookie with the user's authentication information is set. The user will not have to re-enter their username and password when they access the page until the cookie expires. In this example, users will be able to access the page until their cookie expires at 11:59 PM 1 year from the current date. To accomplish the dynamic expiration date, 1 is added to the current year and is set in a variable with the current month and day. The variable value is then embedded in the cookieExpirationDate parameter of the mgiAuthenticateDB tag.

Return to the mgiAuthenticateDB Main Menu


[Understanding MGI Menu] [Using MGI Menu] [Referencing MGI Menu]


[MGI Guides Main Menu] [User Guide Main Menu]