i4SCADA Knowledge Base

WEBfactory user login / logout

Abstract

Check out the WEBfactory login and logout particularities and understand what happens in background, each time you perform these operations.

The most common type of login is the WEBfactory login (normal login) expecting the Username and the Password defined in the i4SCADA User Manager and stored in the database.

Login
normal_login.jpg

The WEBfactory login dialog

As soon as the user clicks the login button the requested login URL is called. The login is handled by the Security Service using the Login method.

For the WEBfactory login attempt, the server validates the user's username and password against the credentials stored in the i4SCADA database. If the validation succeeds, the server applies the Authorization Groups available in the i4SCADA database for that user.

Tip

For more details regarding the WEBfactory WCF Security Service methods, please refer to the Security Service documentation.

For each successful login form, a security token is created. The login token will contain all the relevant user information, in an encrypted format.

The Login token is a security related feature which protects against a range of vulnerabilities, such as stealing other user's session, via the login form. The login token field is submitted together with user's username and password.

Login Request Payload example:

{sessionId: "f8e43397-7447-457d-9d19-796*********", clientId: "2f229b36-6ade-4a36-82c6-b9c********",…}

clientId: "2f229b36-6ade-4a36-82c6-b9cad4d****"

isDomainUser: false

millisecondsTimeOut: 10000

password: "examplepassword"

sessionId: "f8e43397-7447-457d-9d19-796*********"

userName: "exampleusername"

Important

As visible in the above example, the user credentials (username and password) are sent in clear text. Hence, we highly recommend that the communication with the server to be done through an HTTPS tunnel.

Logout

The logout form, for a WEBfactory user is submitted as soon as the user presses the logout button.

normal_user_logout.jpg

The WEBfactory logout dialog

Just as the login, the logout is handled by the Security Service using the LogoutByToken method.

Logout Request Payload example:

{,...}

millisecondsTimeOut: 10000

securityToken: "H4sIAAAAAAAEAAXBy5ZDMAAA0A+yMEWwNfEoLVIj2toRTkQJFe+vn3sTWLh+cFv2YbH2U9Y91xZZlzsehUZCkXRUn6FroDqH28tUjsDyt9xV7DjjLzCM7S/CYS+**********ccNZBxF0/7zrM8ML1gjDdS/3FppuQxSzTkJHq6pNKB6Erbl0V/Letgkcn8qKkF1wExAF3E54+6dSIxSZfIRvJzFORBsLOG1xYe2zqbl3mfWqWbpwXJHh/N9rzpRex+P6QeEuJrqJo031vDIZt3NSzIuZD3icNbuBq***************hHOAAEAAA=="NameLogoutByToken