Apr 5th, 2006, 10:07 AM
user initiated login possible?
Is there a way to allow users to initiate login without them navigating to a protected URL?
Here's the use case: Your web application has a home page that is visible to the public (e.g. ROLE_ANONYMOUS), but has some features that are accessible only if the user is logged in with ROLE_USER. Now suppose a user (ROLE_ANONYMOUS) is visiting the home page and they decide they want to login using the little login form you have conveniently provided on the home page (only visible to ROLE_ANONYMOUS). They user submits the form and returns to the same page they were on, only logged in as ROLE_USER now. (This is basically how security for these forums works.)
Does Acegi support this?
I have worked around this issue in the past by using a "Login" button that linked to a secured page, thus engaging the normal Acegi login process. You can also do the same thing by having two different home pages, one for the public and one that is secured. Neither of those seem as clean as the use case above.
Apr 10th, 2006, 10:36 AM
Yes you can.
Well, I've answered my own question. Not sure if people weren't interested, didn't know, or thought I was so clueless that they didn't want to bother with me.
It turns out that you can just go ahead and put a login form anywhere to let the user initiate login by submitting the form, instead of waiting for the app to force the user to login when they navigate to a protected page.
The reason that the scenario I describe before didn't work for me was because of a browser caching issue and/or a misconfiguration of Acegi. Anyway, it's working for me now.