|
For the Basic/NTLM/file - prompt via form Results Authorization
method, the user is directly prompted for a login by Webinator.
Since authentication is handled by another server, when search results
are denied access, Webinator cannot know if the denial is URL-based
(lack of access by the user), or login-based (mistyped/wrong
password).
To differentiate the two and give users a chance to correct mistyped
passwords, a Login Verification URL may be set. This should be
a URL that all users have access to, but that is still protected
(ie. anonymous users are denied). It should be an actual file (not
a directory), preferably small (a few KB), and permanent (not likely
to move, be renamed or have perms changed).
If Login Verification URL is set, Webinator will
verify a user's prompted-for login by accessing this page. Since all
users have access to it, a denial is assumed to mean the login was
incorrect, and the user will be re-prompted for their credentials.
Without a Login Verification URL set, a mistyped password will
result in no search results, but the user will not know if they do not
have access to the results, or they merely mistyped their password.
Copyright © Thunderstone Software Last updated: Thu Dec 22 14:38:01 EST 2011
|