Howdy, Stranger!
Categories
- All Categories
- 73 General
- 73 Announcements
- 66.5K Microsoft Dynamics NAV
- 18.5K NAV Three Tier
- 38.4K NAV/Navision Classic Client
- 3.6K Navision Attain
- 2.4K Navision Financials
- 115 Navision DOS
- 854 Navision e-Commerce
- 1K NAV Tips & Tricks
- 772 NAV Dutch speaking only
- 615 NAV Courses, Exams & Certification
- 2K Microsoft Dynamics-Other
- 1.5K Dynamics AX
- 267 Dynamics CRM
- 109 Dynamics GP
- 10 Dynamics SL
- 1.5K Other
- 992 SQL General
- 384 SQL Performance
- 33 SQL Tips & Tricks
- 34 Design Patterns (General & Best Practices)
- Architectural Patterns
- 10 Design Patterns
- 5 Implementation Patterns
- 53 3rd Party Products, Services & Events
- 1.7K General
- 1.1K General Chat
- 1.6K Website
- 79 Testing
- 1.2K Download section
- 23 How Tos section
- 259 Feedback
- 12 NAV TechDays 2013 Sessions
- 13 NAV TechDays 2012 Sessions
Options
How to verify user password
geja
Member Posts: 47
I actually have two questions:
1. If I want to create a routine to allow or disallow certain inputs in a form based on whether the user can provide a valid password or not, is there a way to do this? Let me describe a scenario where this will be used:
Our Purchasers are not allowed to enter a price for boxes beyond a certain standard price per unit area of box surface. (We actually have a function to compute the total box area given its dimensions.) But, since there are times when a lower price is not possible, then if the encoder is not authorized to override the price, the system opens a form where a login name and password is entered and if that person's login name is authorized to override the price, the input is accepted.
2. Can I use the name and password in the User table to do this even though the password field in that table is encrypted? If not, is there any other way ?
1. If I want to create a routine to allow or disallow certain inputs in a form based on whether the user can provide a valid password or not, is there a way to do this? Let me describe a scenario where this will be used:
Our Purchasers are not allowed to enter a price for boxes beyond a certain standard price per unit area of box surface. (We actually have a function to compute the total box area given its dimensions.) But, since there are times when a lower price is not possible, then if the encoder is not authorized to override the price, the system opens a form where a login name and password is entered and if that person's login name is authorized to override the price, the input is accepted.
2. Can I use the name and password in the User table to do this even though the password field in that table is encrypted? If not, is there any other way ?
0
Comments
If ability of changing of some prices is on per user, try to add a field on user table. Boolean that says what users can or cannot change prices. Than you need only to check if that logged user has rights to change prices.
Or I haven't understand your problem
OBJECT Form 50000 Validate user { OBJECT-PROPERTIES { Date=08/08/06; Time=12:11:47; Modified=Yes; Version List=; } PROPERTIES { Width=5500; Height=2420; } CONTROLS { { 1000000000;Label ;220 ;330 ;3300 ;440 ;ParentControl=1000000001 } { 1000000001;TextBox;3630 ;330 ;1700 ;440 ;CaptionML=ENU=UserID; SourceExpr=codUserID } { 1000000002;Label ;220 ;880 ;3300 ;440 ;ParentControl=1000000003 } { 1000000003;TextBox;3630 ;880 ;1700 ;440 ;PasswordText=Yes; CaptionML=ENU=Password; SourceExpr=txtPassword } { 1000000004;CommandButton;3080;1650;2200;550; HorzGlue=Right; VertGlue=Bottom; CaptionML=ENU=Validate; OnPush=BEGIN IF recUser.GET(codUserID) THEN BEGIN recUser2."User ID" := recUser."User ID"; recUser2.VALIDATE(Password,txtPassword); IF recUser2.Password <> recUser.Password THEN ERROR('Password is incorrect') ELSE ERROR('User validated'); END ELSE ERROR('User not found'); END; } } CODE { VAR recUser@1000000000 : Record 2000000002; recUser2@1000000003 : Record 2000000002; codUserID@1000000001 : Code[20]; txtPassword@1000000002 : Text[30]; BEGIN END. } }http://www.costcontrolsoftware.com/F_C_Security.htm
It says it can be used with user created functions and controlls
An alternative way is to create a boolean in the User Setup table. Everytime the condition is meant, check the user setup to see if this boolean is checked. Give the appropriate error if it's not checked.
This is a whole lot better than using passwords.
AP Commerce, Inc. = where I work
Getting Started with Dynamics NAV 2013 Application Development = my book
Implementing Microsoft Dynamics NAV - 3rd Edition = my 2nd book
I common use in Navision would be to allow an override of a customer blocked for being over their limit. the data entry person starts and order and enters a few items, the customer then reachs his credit limit. I do not want the data entry person deciding at that point if it is ok to proceed. I want the override password box to pop up and have the manager come over and approve or disapprove. So, the person entering the user id and password is not the person who started the order. so just checking the current user setup is not sufficent, you need to be able to have a different user approve it without leaving the screen.
Thus, when the logged in user who is not a supervisor attemps to check the override box and he/she is not authorized to do so, the system prompts for a username/password combo to validate the override attempt. The supervisor who is nearby may then key in the required username/password immediately whithout the need to login to the system himself/herself. I also intend to put the same validation when the unauthorized user overwrites the price directly.
Thanks a lot! I'll check this out.
Thanks a lot! This is exactly what I need for the validation screen!
Yes, but instead of using a password, why not have the user approve it on the confort of his/her chair with a mouse click? Instead of using a company wide password that's bound to be leaked.
AP Commerce, Inc. = where I work
Getting Started with Dynamics NAV 2013 Application Development = my book
Implementing Microsoft Dynamics NAV - 3rd Edition = my 2nd book
Sorry for barging in but like I said above, I have already done this first suggestion of creating a boolean field for the supervisor override before I even posted my query. But what I was looking for was to address two other points:
1. the encoders are in the production area and the supervisor is usually walking around (behind their backs :-) ) and so for the superv to get back to his/her desk to do the override may be time consuming;
2. we have a very limited session license and even if the superv wants to do this in his/her desk he/she may not get an available session. This will then require that the superv logs in in the encoder's session to override the price, then gives back to the encoder the session. Pretty troublesome in my opinion.
Still thanks for reminding me of the possibility of leak. What i will do is use the superv's own login/pwd to validate so it is not exactly a company wide override login/pwd.
RIS Plus, LLC
MVP - Business Apps
I also like this forum!
I finally found this post after looking through a lot of "I forgot my password"-posts.
\:D/
Tino Ruijs
Microsoft Dynamics NAV specialist
According to the password verification in Dynamics NAV I have to deal with password verification through the NAV web service. The code above (from Luc “OBJECT Form 50000 Validate user”) does work indeed, but only when you pass the userid and password by i.e. the NAS. We use this procedure for years now on the classic client for an external (webbased) ordering application. This works very fine, like I sead for years.
But this procedure doesn't work when we try to verify a user and his/her password through the NAV Web service (NAV Server) (on 2009 SP1). Normally when the password is validated in the user table the password will be encrypted. So at this time you can check the ‘imported’ password with the password in the user table.
But when we pass the username en password by the web service and we validate the password in the user table, then the password is not encrypted! So we can’t check if the password is correct.
I seems like the NAV Server acts different from the classic client while validating the password in the user table.
Does anybody have any suggestions how to solve this problem?
Thanks a lot in advance.
Don