2 Replies Latest reply: Apr 9, 2013 7:07 PM by btlyric RSS

    Rule criteria + auth


      After Enable Opener, I have a rule set that identifies files that are PDF (or whatever) uploads and sets a specific user-defined property. I can use that property to completely block the connection or to pop up an authentication dialog in the next rule set, but what I want to do is return a notification page to the client that requests that they authenticate before proceeding. Once they authenticate, redirect the connection back to the original POST URL or to a point where they can resubmit the upload.


      For something like gmail attachments, a Block page won't display the page to the client and Authenticate would pop up an authentication dialog, but I want to give the user context so that they know what credentials they should use to authenticate. Seems to me that this might be possible by using a Redirect to a Block page with an option to authenticate, but I haven't yet found the right combination of rules.


      Is this possible?

        • 1. Re: Rule criteria + auth

          Because the POST request actually doing the upload is done by the site's AJAX script using the XMLHttpRequest object, you cannot break out of that communication context and get to an HTML renderable window.

          Even if you respond to that POST command with a '302 Redirected' it will not redirect the entire page to display anything. Instead, it returns the 302 to the object and the javascript must have the redirection logic built into it to react accordingly. I have never been able to find a way to wedge in a window to display information or accept input and continue where it left off.


          I run into similar problems with progress pages. I would love to always pop up a mini-downloading window everytime someone downloads a file, but you cannot if the GET is being done outside the document window with javascript (or java, or flash, or silverlight).

          • 2. Re: Rule criteria + auth

            OK, yeah, that makes sense now. Duh. I looked at the connection today and I could see the 302 coming back to the browser and being ignored.


            IIRC, the issue with transparent access and 401 unauthorized without an intermediate 302 of some sort is that the client is authenticating for the specific destination so if you tried to do Authentication.Authenticate<whatever> for all situations, the client would have to reauthenticate for each destination domain.


            Might be workable for a specific situation such as gmail.I tested for that use case and it works as needed. There is a prior rule after Enable Opener that sets a user-defined property if a specific criteria is met. Authentication rule looks like this:


            Big Upload Authentication
            Applies to Requests: False / Responses: False / Embedded Objects: True
            1: Cycle.TopName equals "Request"
            EnabledBig Upload Authentication
            1: User-Defined.BigUpload equals true
            2: AND Authentication.Authenticate<Radius> equals false
            Authenticate<Big Upload Authentication>
            Authenticate large uploads to gmail if user defined property has been set.