3 — NetCAuth COM Object Functions

[Previous] [Next] [Contents] [Index]

This chapter describes the functions for the Authorization Object for use with VBScript. It includes the following sections:

3.1 Overview
3.2 Function List

3.1 Overview

The NetCrusader/Web Authorization Object is implemented as a Component Object Model (COM) object. The NetCAuth COM object contains a set of functions to allow both scripting languages in ASP pages and generic program languages such as Visual Basic and C++ to manipulate the access control features of NetCrusader/Web.

For more information, see the samples subdirectory of the NetCrusader/Web installation directory. The comtest.asp file shows examples of every function described in this chapter.

3.1.1 Conventions

The examples in the description of the functions use VBScript, but you are not limited to using VBScript in your code.

NOTE: All parameters are strings except where noted. In examples, strings are often used in the parameters, but you can use variables instead.

3.1.2 Error Handling

All functions support standard COM exceptions.

To see the errors, you must allow the script to continue in the event of an error. To do so, use the following statement: 

OnError Resume Next

Then, for each routine, use the On Error statement of VBScript. Create an error handler. If an error occurs, examine the contents of Err.Description in the error object.

The following sample code illustrates this. 

Set myComObj = CreateObject("NetCAuth.NetCObj.1")


On Error GoTo errorHandler


    myComObj.InitModel mymodule.txt, "/", 0


    myComObj.Authenticate("SamIam", "greeneggs")


errorHandler:


    MsgBox Err.Description

Another way to check for errors is to examine the contents of Err.Description. If it is not null, an error has occurred. The following sample code illustrates this. 

netc.LogOff


if Err.Description <> "" then


Response.Write "LogOff failed.<br>"


Response.Write "Error # " & Err.Number & "Desc: " & Err.Description & "<br>"


End If

3.1.3 Functions that Write Cookies

The following functions write cookies:

This has an important effect on where you place these functions in your code. When a function writes a cookie, it uses the Set-Cookie HTTP header. All HTTP header writing must occur before the first HTML tag (the <HTML> tag) and prior to the first write (in VBScript, Response.Write). For examples of this, see logon.asp, logoff.asp, and singlesignon.asp in the samples subdirectory of the NetCrusader/Web installation directory.

Alternatively, you may turn on the Response buffer as follows: 

<% Response.Buffer = true %>

When buffering is turned on, all of the server script commands on a page are processed before any content is sent to the user. For more information on the Response object and the buffer, see the documentation for ASP.

Remember, too, that the user's browser must be configured to accept cookies if you use any of the functions that write cookies.

3.2 Function List

This section describes the Authorization Object functions. (If you are viewing this documentation online, the function names are hypertext links to the section describing the function.)

The functions are:

AddToGroup
Authenticate
BecomeSelf
BecomeUser
CheckAccess
ChangePassword
CreateAttributeSchema
CreateUser
DeleteCredential
DeleteUser
GetGroupAttribute
GetGroupMembers
GetUserAttribute
GetPermissons
GetPrincipal
GetUserGroups
InitModel
Logoff
RemoveFromGroup
SetGroupAttribute
SetUserAttribute
SingleSignOn

AddToGroup

Adds a user to a group.

Syntax 

AddToGroup(callerName, callerPassword, userName, groupName)

Parameters

IN/OUT Parameter Description
IN

callerName

The name of a user who has administration privileges.

IN

callerPassword

The password of the user who has administration privileges.

IN

userName

The name of the user you want to add to the group.

IN

groupName

The name of the group.

Example

In the following example, the user CatInthehat is added to the group teller. 

Dim bankObj As Object


Set bankObj = CreateObject("NetCAuth.NetCObj.1")


BankObj.AddToGroup("superuser", "password", "CatInthehat", "teller")

Returns

None.

Errors

If an error occurs, an error object is created. See Section 3.1.2 on page 18 for suggestions on error handling.

Authenticate

Authenticates the user with the Security Server. Creates a credential object in the local cache. See note about Response buffer in Section 3.1.3 on page 18.

Syntax 

Authenticate(userName, password)

Parameters

IN/OUT Parameter Description
IN

userName

A string representing the user name.

IN

password

A string representing the user password.

Example

In the following example, the user, SamIam, is logging in with the password greeneggs. 

Dim bankObj As Object


Set bankObj = CreateObject("NetCAuth.NetCObj.1")


bankObj.Authenticate("SamIam", "greeneggs")

Returns

None.

Errors

If an error occurs, an error object is created. See Section 3.1.2 on page 18 for suggestions on error handling.

BecomeSelf

Resets the login context of the current thread to be that of the Security Adapter (the default mode). You must logically (but not necessarily immediately) precede this call by a call to BecomeUser, on the same thread.

NOTE: BecomeSelf and BecomeUser should be used together, as a pair, and used only when making calls to set attribute values or when passing credentials to a NetCrusader/CORBA environment

Syntax 

BecomeSelf()

Parameters

None.

Returns

None.

Errors

If an error occurs, an error object is created. See Section 3.1.2 on page 18 for suggestions on error handling.

BecomeUser

BecomeUser sets the login context of the current thread to be that of the remote Web Browser user instead of the Security Adapter itself (the default mode). In this way, NetCrusader/CORBA client functionality can inherit the identity of the remote user.

NOTE: BecomeSelf and BecomeUser should be used together, as a pair, and used only when making calls to set attribute values or when passing credentials to a NetCrusader/CORBA environment It is important to call BecomeSelf as soon as the identity has been successfully passed to the CORBA object.

Syntax 

BecomeUser()

Parameters

None.

Returns

None.

Errors

If an error occurs, an error object is created. See Section 3.1.2 on page 18 for suggestions on error handling.

CheckAccess

Verifies that a user has access permission to an object.

NOTE: You must be authenticated (use the Authenticate or SingleSignOn function) and then call the function InitModel before calling the CheckAccess function.

Syntax 

CheckAccess(objectName, desiredAccess)

Parameters

IN/OUT Parameter Description
IN

objectName

The object name as defined in the object model.

IN

desiredAccess

A character to specify a desired access permission. For example, the Bank example uses v for view access or a for add access.

OUT

permission

This function returns 0 if the caller does not have access permission to the object; non-zero otherwise.

Example

In the following VBScript example, /Checking is the object name and you want to check to see if the user (in the banking example, a user) has v access to the object. 

Dim bankObj As Object


Dim perm_v


Set bankObj = CreateObject("NetCAuth.NetCObj.1")


bankObj.InitModel "aBank", "/", 0


bankObj.Authenticate "SamIam", "greeneggs"


perm_v = bankObj.CheckAccess("/Checking", "v")

Returns

This function returns 0 if the caller does not have access permission to the object; non-zero otherwise.

Errors

If an error occurs, an error object is created. See Section 3.1.2 on page 18 for suggestions on error handling.

ChangePassword

Changes a user's password. An administrator can change a user's password. A user can change his own password. When callerName and userName are equal, it is assumed that the user is changing his own password. In this case, callerPassword is the old password and newPassword is the new password.

Syntax 

ChangePassword(callerName, callerPassword, userName, newPassword)

Parameters

IN/OUT Parameter Description
IN

callerName

The name of a user who performs the call.

IN

callerPassword

The password of the caller. (If callerName and userName are equal, the caller is also the user.)

IN

userName

The name of the user whose password is to be changed.

IN

newPassword

The new password for the user.

Example 

Dim aComObj As Object


    Set aComObj = CreateObject("NetCAuth.NetCObj.1")


    On Error GoTo errorHandler


    aComObj.ChangePassword "admin", "foo", "user1", "hello"


errorHandler:


    MsgBox Err.Description

Returns

None.

Errors

If an error occurs, an error object is created. See Section 3.1.2 on page 18 for suggestions on error handling.

CreateAttributeSchema

Defines a custom attribute to the system.

Syntax 

CreateAttributeSchema(caName, caPassword, attributeName, attributeType)

Parameters

IN/OUT Parameter Description
IN

caName

The name of a user who has administration privileges.

IN

caPassword

The password of the user who has administration privileges.

IN

attributeName

The name of the attribute.

IN

attributeType

Indicates whether this is a user attribute or group attribute. Only the first character of this string is examined (for example, G, g, U, or u).

NOTE: All custom attributes are of the type string.

Example 

myComObj.CreateAttributeSchema("admin", "foo", "DepartmentName", "g")

Returns

None.

Errors

If an error occurs, an error object is created. See Section 3.1.2 on page 18 for suggestions on error handling.

CreateUser

Creates a user.

Syntax 

CreateUser(adminName, adminPassword, userName, userPassword)

Parameters

IN/OUT Parameter Description
IN

adminName

The name of a user who has administration privileges.

IN

adminPassword

The password of the user who has administration privileges.

IN

userName

The name of the user you want to create. The maximum length of the user name is 240 characters

IN

userPassword

The initial password of the user you are creating.

Example 

Dim bComObj As Object


    Set bComObj = CreateObject("NetCAuth.NetCObj.1")


    On Error GoTo errorHandler


    bComObj.CreateUser "admin", "foo", "jsmith", "hello1"


errorHandler:


    MsgBox Err.Description

Returns

None.

Errors

If an error occurs, an error object is created. See Section 3.1.2 on page 18 for suggestions on error handling.

DeleteCredential

Invalidates a credential in the cache.

NOTE: This is an internal NetCrusader/Web function that should not generally be used. Instead, to log off a user, use LogOff.

Syntax 

DeleteCredential(user, reserved)

Parameters

IN/OUT Parameter Description
IN

user

The name of the user whose credentials are being removed from the cache.

IN

reserved

Reserved.

Example 

    aObj.DeleteCredential "CatinTheHat", ""

Returns

None.

Errors

If an error occurs, an error object is created. See Section 3.1.2 on page 18 for suggestions on error handling.

DeleteUser

Deletes a user account.

Syntax 

DeleteUser(adminName, adminPassword, userName)

Parameters

IN/OUT Parameter Description
IN

adminName

The name of a user who has administration privileges.

IN

adminPassword

The password of the user who has administration privileges.

IN

userName

The name of the user you want to delete.

Example 

aComObj.DeleteUser "admin", "foo", "jsmith"

Returns

None.

Errors

If an error occurs, an error object is created. See Section 3.1.2 on page 18 for suggestions on error handling.

GetGroupAttribute

Obtains the value of the named attribute for a group. Note that the name of the attribute (the schema definition) must have been created using CreateAttributeSchema.

Syntax 

GetGroupAttribute(groupName, attributeName)

Parameters

IN/OUT Parameter Description
IN

groupName

The name of the group to whom the value is attached.

IN

attributeName

The name of the attribute.

OUT

value

A string containing the value of the attribute.

Example 

Dim aString As String


aString = myComObj.GetGroupAttribute("managers", "budget")

Returns

A string containing the value of the named attribute.

Errors

If an error occurs, an error object is created. See Section 3.1.2 on page 18 for suggestions on error handling.

GetGroupMembers

Obtains a list of members of a group.

Syntax 

GetGroupMembers(groupName)

Parameters

IN/OUT Parameter Description
IN

groupName

The name of the group whose members you want to obtain.

OUT

memberList

An array of strings comprising a list of the members in the group.

Example 

Dim aString As String


aString = myComObj.GetGroupMembers("Customers")

Returns

An array of strings comprising a list of the members in the group

Errors

If an error occurs, an error object is created. See Section 3.1.2 on page 18 for suggestions on error handling.

GetUserAttribute

Obtains the value of the named attribute for a user. Note that the name of the attribute (the schema definition) must have been created using CreateAttributeSchema.

Syntax 

GetUserAttribute(userName, attributeName)

Parameters

IN/OUT Parameter Description
IN

userName

The name of the user to whom the value is attached.

IN

attributeName

The name of the attribute.

OUT

value

A string containing the value of the attribute.

Example 

Dim aString As String


aString = myComObj.GetUserAttribute("jsmith", "cellphone")

Returns

A string containing the value of the named attribute.

Errors

If an error occurs, an error object is created. See Section 3.1.2 on page 18 for suggestions on error handling.

GetPermissons

Returns a string containing a concatenation of all the permission symbols for the object.

NOTE: You must be authenticated (use the Authenticate or SingleSignOn function) and then call the function InitModel before calling the GetPermissions function.

Syntax 

GetPermissons(objectName)

Parameters

IN/OUT Parameter Description
IN

objectName

The object name as defined in the ACL model.

OUT

permissions

A string containing permissions for the object.

Example 

Dim perm_set


perm_set = bankObj.GetPermissions "Checking"

In this example, we create a variable called perm_set to hold the permissions returned by the call to check the permissions on the Checking object.

Returns

A string containing a concatenation of all the permission symbols for the object.

Errors

If an error occurs, an error object is created. See Section 3.1.2 on page 18 for suggestions on error handling.

GetPrincipal

Returns the username.

NOTE: You must be authenticated (use the Authenticate or SingleSignOn function) before calling the GetPrincipal function.

Syntax 

GetPrincipal()

Parameters

IN/OUT Parameter Description
OUT

principalName

A string containing the name of the user.

Example 

Dim principal
principal = bankObj.GetPrincipal

In this example, we create a variable called principal to hold the principal name returned by the call.

Returns

The function returns a string containing the principal name of the user authenticated with the COM object before the method was called.

Errors

If an error occurs, an error object is created. See Section 3.1.2 on page 18 for suggestions on error handling.

GetUserGroups

Obtains a list of the groups to which a user belongs.

Syntax 

GetUserGroups(userName)

Parameters

IN/OUT Parameter Description
IN

userName

The name of the user whose group membership information you want to obtain.

OUT

groupList

An array of strings comprising a list of the groups to which the user belongs.

Example 

Dim aString As String


aString = myComObj.GetUserGroups("jsmith")

Returns

An array of strings comprising a list of the groups to which the user belongs.

Errors

If an error occurs, an error object is created. See Section 3.1.2 on page 18 for suggestions on error handling.

InitModel

Initializes a matched set of object and ACL models.

Syntax 

InitModel(moduleName, modelRoot, traversePerm)

Parameters

IN/OUT Parameter Description
IN

moduleName

The module name, as used in naming the model directory. For example, in our banking demo, our model files acl.txt and object.txt are stored in <installation directory>/model/fbank, so the module name would be fbank in this call.

If you do not supply this argument, a pre-defined model, the default model, is used. Note that the default model uses T for the traverse permission.

IN

modelRoot

Specifies the place in the ACL where the model applies. It is usually / (for the root, or top, of the ACL.)

IN

traversePerm

Reserved for future use. Always use "0".

Example 

bankObj.InitModel "fbank", "/", "0"

In this example, fbank is the name of the module (the model file is called fbank.txt) and the ACL begins at the root.

Errors

If an error occurs, an error object is created. See Section 3.1.2 on page 18 for suggestions on error handling.

Logoff

Logs the user off. See note about Response buffer in Section 3.1.3 on page 18.

Syntax 

Logoff()

Example 

NetC.Logoff

Returns

None.

Errors

If an error occurs, an error object is created. See Section 3.1.2 on page 18 for suggestions on error handling.

RemoveFromGroup

Removes a user from a group.

Syntax 

RemoveFromGroup(callerName, callerPassword, userName, groupName)

Parameters

IN/OUT Parameter Description
IN

callerName

The name of a caller who has administration privileges.

IN

callerPassword

The password of the caller.

IN

userName

The name of the user you want to remove from the group.

IN

groupName

The name of the group from which the user is to be removed.

Example 

Dim aComObj As Object


    Set aComObj = CreateObject("NetCAuth.NetCObj.1")


    On Error GoTo errorHandler


    aComObj.RemoveFromGroup "admin", "foo", "jsmith", "ExecutiveStaff"


errorHandler:


    MsgBox Err.Description

Returns

None.

Errors

If an error occurs, an error object is created. See Section 3.1.2 on page 18 for suggestions on error handling.

SetGroupAttribute

Sets the value of the named attribute for a group. Note that the name of the attribute (the schema definition) must have been created using CreateAttributeSchema.

NOTE: Before calling SetGroupAttribute, you must authenticate as a user who has permission to manage the user or group. You must then call BecomeUser, and then SetGroupAttribute. After you make the SetGroupAttribute call, you must call BecomeSelf. To summarize: authenticate, call BecomeUser, call SetGroupAttribute, and then call BecomeSelf.

Syntax 

SetGroupAttribute(groupName, attributeName, value)

Parameters

IN/OUT Parameter Description
IN

groupName

The name of the group to whom the value is attached.

IN

attributeName

The name of the attribute.

IN

value

A string containing the value of the attribute.

Example 

BecomeUser


Dim aString As String
aString = myComObj.SetGroupAttribute("managers", "budget", "unlimited")


BecomeSelf

Returns

A string containing the value of the named attribute.

Errors

If an error occurs, an error object is created. See Section 3.1.2 on page 18 for suggestions on error handling.

SetUserAttribute

Sets the value of the named user's named attribute. Note that the name of the attribute (the schema definition) must have been created using CreateAttributeSchema.

NOTE: Before calling SetUserAttribute, you must authenticate as a user who has permission to manage the user or group. You must then call BecomeUser, and then SetUserAttribute. After you make the SetUserAttribute call, you must call BecomeSelf. To summarize: authenticate, call BecomeUser, call SetUserAttribute, and then call BecomeSelf.

Syntax 

SetUserAttribute(userName, attribute name, value)

Parameters

IN/OUT Parameter Description
IN

userName

The user for which the value is being set.

IN

schemaName

The name of the attribute.

IN

value

The value of the attribute.

Example 

BecomeUser


Dim aString As String
   myComObj.SetUserAttribute "jsmith", "phonenum", "01144-012345234"


BecomeSelf

Returns

None.

Errors

If an error occurs, an error object is created. See Section 3.1.2 on page 18 for suggestions on error handling.

SingleSignOn

Returns the single sign-on credentials.

Syntax 

SingleSignOn()

Parameters

IN/OUT Parameter Description
OUT

status

A string indicating whether the single sign-on succeeded or failed:

Example 

   netc.SingleSignOn

Returns

A string indicating whether the single sign-on succeeded or failed.

Errors

If an error occurs, an error object is created. See Section 3.1.2 on page 18 for suggestions on error handling.

[Previous] [Next] [Contents] [Index]

To make comments or ask for help, contact support@entegrity.com.

Copyright © 2000-2002 Entegrity Solutions Corporation & its subsidiaries