Since v8 FileMaker® Server Advanced got a new IWP login page.
It's better than the previous authentication scheme in a number of ways. The most important one is that you can use non-romanized account names for non-English applications. If you application is entirely in Russian or Japanese, romanized account names look quite awkward. With FileMaker 8 romanized ‘Petrov’ and ‘Ueda’ can be changed to real ‘Петров’ and ‘上田’.
Yet it also has some disadvantages. Though you can customize the IWP home page, there's no instructions on how you can place the authentication form on this page and save your users a few clicks. If you want to allow both guests and authenticated users, guests will have to go through the same authentication page as well. The form is implemented in such a way that users can no longer have their browsers to remember the login and password. Unless they use some other password management utility like KeePass, they will have to type both their login and password every time. As I see this is intentional (the form has the autocomplete attribute explicitly set to off), but such a strict policy is not always necessary.
On FileMaker Forums I've seen some requests about this problem. There are also answers, but none of them gives a complete solution and some suggestions are a bit too complex. So here are exact recipes that work.
In all the examples I used the FMServer_Sample file that comes with FileMaker Server as the sample file to log in to. The HTML internals are shown on screenshots, but, of course, I have a sample file with all the code.
Log in to a file via form
As [Guest]:
As an authenticated user:
In both cases the file name is in the dbpath param:
Change it if you need to log in to another file.
Log in to a file via link
As [Guest]:
As an (predefined) authenticated user:
As you see it's simply a mechanical transformation of the forms. The only thing that requires special attention is the dbpath parameter: you have to encode reserved, non-ASCII and “unsafe” characters.
Check this if you need more information on URL encoding.
Don't forget to grab the sample file :) Next post (Dec 22, 2006): Miscellaneous development tips.
Mikhail,
I have find how to do it. I have create two new account (FR & US) with no password (in order to bypass the firefox remember password dialog), and with my regular IWP Privilege. In my opening script I just test Get (AccountName) instead of Get (ScriptParamter), and this is done.
As I have not been able to make your URL work, I did make 2 HTML File with hidden form : the name + password + submit are hidden, then I put an [body onLoad="document.Login.submit()" bgcolor="#B0232A"] with [form action="http://localhost/fmi/iwp/cgi" method="get" name="Login"]. And the bgcolor is there because it is the same color that my IWP Web Page.
===> It's work great !!! Thanks you so much for your help !!!
Sincerely, Joel.
Posted by: Joel Englander | January 01, 2009 at 10:05 AM
Mikhail
I am struggling to get your system working via FMSA V9.03.
I have a db called FFLOCATIONS2 and it works fine with IWP
http://82.230.62.41:7777/fmi/iwp/res/iwp_home.html
I wish to add your system so that I can access FFLOCATIONS2 as a Guest directly.
http://82.230.62.41:7777/fmi/iwp/cgi?dbpath=%2Ffmi%2Fiwp%2Fcgi%3F-db%3DFFLOCATIONS2%26-startsessionacct=guestlogin=Login-authdb
Sadly, it does not seem to work either from outside or as localhost and I can't see why. Any ideas?
PS. the FFLOCATIONS2 file is in a sub-folder called locations of the Databases folder where all the dbs are served from. FMSA is blind to this folder & it made no difference when I erased the locations folder. Would that make a difference?
Posted by: Christopher Lowden | January 12, 2009 at 04:24 PM
There's no ampersands in-between the last three parameters. I.e. the URL that works should be that:
http://82.230.62.41:7777/fmi/iwp/cgi?dbpath=%2Ffmi%2Fiwp%2Fcgi%3F-db%3DFFLOCATIONS2%26-startsession&acct=guest&login=Login&-authdb
(Note the ampersands before "acct", "login" and "-authdb".)
By the way, as far as I know, placing a file in a folder makes no difference, because FileMaker serves and accesses this file as just being somewhere on the server, no matter what subfolder it is in. (As a consequence it won't serve two files with identical names from different folders.)
Posted by: m.edoshin | January 12, 2009 at 08:18 PM
Sorry for not seeing it. Thank you very much.Christopher
Posted by: Christopher Lowden | January 14, 2009 at 09:22 AM
Hi,
I am kind of slow. where do I put this code? In the filemaker db file?
Oreste
Posted by: oreste schiavone | February 04, 2009 at 07:51 PM
Hi Oreste,
No, the code is expected to be put on some web pages (not related to IWP, but likely some static pages that belong to the same site). Once there, these links or forms will jump directly to IWP screens without going through the IWP login page.
Posted by: m.edoshin | February 09, 2009 at 09:05 PM
Hi there,
I´m stuck with the session timeout and a cookie Problem.
setup:
hosted filemaker database with fmserver 9 adv.
I am not allowed to edit the iwp_auth.html (which would be easier)
There is only a index.html I can use as default page for my iwp solution.
The login-form works fine. As long as you use it once (in my environment). If I open the page again and try to relogin,
filemaker fails to detect that I would like a new sessionID. So if the timeout comes, I only get my providers error-page.
Somebody wrote something about lasso-code to delete the cookies to force a new login and sessionID.
As I have no access to the server, there is no chance to do some lasso code. The alternative would be to use e.g. JavaScript. I just need a code-fragment
to 'reset' the IWP-session when 'my' login-page loads.
any ideas?
tia
Frank Matthes
Posted by: Frank Matthes | February 11, 2009 at 06:53 PM
Ah, beautiful!!
This would just be icing on the cake, but is there a way to handle the situation when a person enters the wrong password? WIth the above solution FM gives back the standard IWP login page.
Posted by: Anna Lubiw | July 09, 2009 at 04:59 PM
Hi Anna,
No, I'm afraid there's no easy way to do this. The login interface was not meant to be used this way, and although the hack works, it has plenty of rough edges.
Take care,
Mikhail
Posted by: m.edoshin | July 09, 2009 at 06:04 PM
To everyone having issues with logging out of IWP and being redirect to the IWP home page.
We have a redirect to block users from seeing the main iwp list on timeout/logoutl and used in conjunction with the exit application script step, this fixes the session/cookie/login problem. The redirect is
and it must be placed after the opening javascript, after the html and head tags, that breaks out of the frame for us
Posted by: Clay | July 20, 2009 at 01:59 AM
I think the previous commend has some code in it right after the words “The redirect is”, but the TypePad engine ate it and even if I open the comment from the admin interface, there's no traces of what was there :(
Posted by: m.edoshin | July 22, 2009 at 01:14 PM
Yeah I guess TypePad did eat the code I had posted. Let Me see if I can be a little clearer. In the iwp_home.html file, right after the first javascript step you just need to place a javascript redirect command to what ever site you want. The reason it has to be after the first script is because iwp open in a frame and if your using a custom login screen or link like i am doing the frame will not close all the way and you are stuck. the code they have by default will close the current session and open a new frame that display the home page and then the auth page. If you build your own login page you just need the first piece code on the iwp_home.html page at the top of your page. Be warn once the redirect is in place you will no longer be able to get to filemaker iwp home page.
here is a link on redirect
http://www.tizag.com/javascriptT/javascriptredirect.php
Posted by: Clay | July 23, 2009 at 07:54 AM
Edoshin
This is beautiful. I could not get a guest to login to FMSA 9. I tried for a few hours. I couldn't get it to work with SSL on or off. It works with the link. I don't know why. This example worked right out of the box, the first time. Filemaker should hire you.
I'm testing something I need feedback from web users. Thanks. :-)
Posted by: Janis Rough | October 22, 2009 at 12:08 AM
You are welcome :-)
Posted by: m.edoshin | October 23, 2009 at 01:31 PM
This does not seems to work for me. Maybe because the database is hosted by FileMaker Pro Advenced (not server). Anyone has information on this ?
Posted by: Hixon | November 20, 2009 at 10:12 PM
Hi Mikhail,
You seem to be the go to guy for IWP issues.
I am using IWP and need to implement the Chrome Frame interface to be able to run properly in IE6 / IE7 .
I have tried adding the prefix to the login link.
But the site drops out of Chrome Frame during navigation.
Does anyone here have any ideas on how to implement the Chrome frame cf: prefix to all http:// IWP links ?
The only thing that I can think of at this point is to search and replace all occurrences of http:// with cf:http:// , but I have no idea what files to do that to.
Any help would be appreciated.
Thanks,
AnselRoe
Posted by: Ansel Grogan | December 09, 2009 at 08:38 AM
Two notes:
1) I am almost there, but when I try to autologin guest I get an error:
Bad Request
The server could not process your request due to an illegal parameter: "-acct".
The code I am using is:
http://my.internal.server:90/fmi/iwp/cgi?-db=GovBuyProcess&-startsession&-acct=account&-name=guest&-login=Login&-authdb
Same message if I try:
http://my.internal.server:90/fmi/iwp/cgi?-db=GovBuyProcess&-startsession&-acct=guest&-login=Login&-authdb
2) Does anyone have a fix for the cookie issue? I can't even find the cookie that is being set to delete.
Thanks!
Posted by: Peter | January 05, 2010 at 08:15 PM
Update on above.
If I try:
http://my.internal.server.com:90/fmi/iwp/cgi?-db=GovBuyProcess&-startsession&acct=guest&login=Login&-authdb
I get a different error:
Bad Request
The server could not process your request due to conflicting commands.
But it does login to the DB
Thanks for any help!
Posted by: Peter | January 05, 2010 at 08:35 PM
From what I see the - db parameter is wrong. This is not a separate parameter, in the authentication form it's packed inside a the dbpath parameter as a string (along with the - startsession parameter). I think it should be like that:
Oops, I cannot post a sample in my own blog, because the commenting system ‘cannot accept it’! Ok, I'll explain it without code: the dbpath is a single string, which itself looks like two parameters: - db and - startsession. - db holds an url, which begins with fmi - iwp - cgi and in the end it has the name of the database. Check the samples in the post again to get the exact syntax. This dbpath parameter doesn't have to be encoded if it's used in a form, but in other places it must be encoded; see the post for examples.
Posted by: m.edoshin | January 07, 2010 at 03:14 PM
Michael,
Is there a way to use a iwp_home.html per database in FM IWP in FM 10 server?
I host multiple databases and get questions about the iwp_home.html per DB.
Willem
Posted by: WIllem | January 09, 2010 at 10:44 PM
As far as I know it's OK to edit the IWP home page, it's a standard customization, not like this password thing. But I'm not sure you can have a single page per DB. I mean, you can have separate starting pages, but when user logs out, FileMaker will keep returning to the one named iwp_home... I'm not sure it's possible to recognize where the user is returning from.
Posted by: m.edoshin | January 10, 2010 at 03:58 AM