Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[cncb]

It seems that the Authenticate function uses the read-only "Everyone" by default even if the normal authentication is enabled and the credentials are supplied.  Could this behavior be changed to try normal authentication first if credentials are supplied?  Thanks.

[RoderickGI]

There was a long discussion about this some time back. Basically, if read-only authentication was set to everyone, that is what all clients got, and there was no way to make specific Clients use read-write authentication. Maybe that only happened if they hadn't been logged in with read-write authentication before read-only for everyone was turned on. I don't remember the details. I haven't found that thread in a quick search.

This:

23.0.95 (1/19/2018)
4. NEW: Added the option to allow any user to get read-only access (you can also require a username and password).
6. NEW: Panel - Panel will automatically attempt to get a read-only token without requiring the user to log in. If this fails, it will bring up the login screen.
7. NEW: Panel - Full authentication can be enabled or disabled from the Settings page.

Also this: https://yabb.jriver.com/interact/index.php/topic,115960.msg801403.html#msg801403

[BradATIMA]

The intent with the option to have read-only set to everyone was so someone could obtain a token without a password prompt. Could you use an option to force full authentication by rejecting the token if it's read-only?

[cncb]

Could you use an option to force full authentication by rejecting the token if it's read-only?

Yes, if you could add an option to MCWS to force full authentication that would be great (assuming it is not feasible to just try full authentication with any supplied credentials first).  Thanks.

[BradATIMA]

When I make a call to authenticate, if I provide full authentication credentials, it returns a fully authenticated token, even with read-only set to Everyone.

Is it possible the user has the full authentication credentials set incorrectly? That would return a read-only token.

[cncb]

When I make a call to authenticate, if I provide full authentication credentials, it returns a fully authenticated token, even with read-only set to Everyone.

For some reason, it's not working that way for me.  The credentials are correct, because if I disable "Everyone" then it returns a fully authenticated token.  But when I enable "Everyone" still providing the same credentials, it always returns the read-only token.

[Matt]

For some reason, it's not working that way for me.  The credentials are correct, because if I disable "Everyone" then it returns a fully authenticated token.  But when I enable "Everyone" still providing the same credentials, it always returns the read-only token.

I'm riddled.

I just tried using Postman.

If I login without credentials, I'm given a read-only token.

As soon as I add credentials, it's a full token.

Maybe double-check that your credentials are valid?

[cncb]

I'm riddled.

Me too .  I will have to investigate more to try to figure out why I am getting different behavior.  Thanks to you both for checking.