X-Git-Url: http://sru.miketaylor.org.uk/?a=blobdiff_plain;f=doc%2Fmkws-manual.markdown;h=4a177984f3c1bcb701256e3e5c957aacfdec5aab;hb=39089b1aed45657df6653db00e1bc5ee1d6a46f4;hp=0c192fb2f329fd5b0bb3e1d0e4f3b525153bdb1f;hpb=15d5773b928f04e8c3011f1cd6c94c45a1bc61ab;p=mkws-moved-to-github.git diff --git a/doc/mkws-manual.markdown b/doc/mkws-manual.markdown index 0c192fb..4a17798 100644 --- a/doc/mkws-manual.markdown +++ b/doc/mkws-manual.markdown @@ -529,7 +529,9 @@ Log in to MKAdmin to add a User Access account for your library: If your MWKS application runs at a well-known, permanent address -- , say -- you can set the User Access record so that this originating URL is recognised by setting it into -the "Referring URL" field. +the "Referring URL" field. Then the application will always use that +library that this User Access record is associated with (unless it +sends a username/password pair to override this default). Or if your application's users are coming from a well-known range of IP-address space, you can enter the range in the "IP Ranges" @@ -543,43 +545,25 @@ Alternatively, your application can authenticate by username and password credentials. This is a useful approach in several situations, including when you need to specify the use of a different library from usual one. To arrange for this, set the username and password as a -single string separated by a slash -- e.g. "mike/swordfish" -- into +single string separated by a slash -- e.g. `mike/swordfish` -- into the User Access record's Authentication field. You can set multiple fields into a single User Access record; or create multiple User Access records. For example, a single User Access -record can specify both a Referring URL a username/password pair that -can be used when running an application from a different URL. But if -multiple Referring URLs are needed, then each must be specified in its -own User Access record. - -### Tell the application to use the library - -In the HTML of the application, tell MKWS to authenticate on to the -Service Proxy. When referer-based or IP-based authentication is used, -this is very simple: - - - -> TODO This should be the default setting: see **MKWS-251**. - -And ensure that access to the MWKS application is from the correct -Referrer URL or IP-range. +record can specify both a Referring URL and a username/password pair +that can be used when running an application from a different URL. But +if multiple Referring URLs are needed, then each must be specified in +its own User Access record. ### (Optional): embed credentials for access to the library When credential-based authentication is in use (username and password), it's necessary to pass these credentials into the Service -Proxy when establishing the session. This can most simply be done just -by setting the `service_proxy_auth` configuration item to a URL such as -`//sp-mkws.indexdata.com/service-proxy/?command=auth&action=perconfig&username=mike&password=swordfish` +Proxy when establishing the session. This is done +by setting the `sp_auth_credentials` configuration item to a string +containing the username, a slash, and the password: -> TODO It should be possible to add the username and password to the -> configuration without needing to repeat the rest of the URL: see -> **MKWS-254**. + mkws_config = { sp_auth_credentials: "mike/swordfish" }; ### (Optional): conceal credentials from HTML source