Skip to Content
author's profile photo Former Member
Former Member

BSP-Login: using Form-field-Login, keeping the login-params

Hello there,

I wrote an application with trying to avoid the login-popup (RESPONSE 401). In the SICF-Tree I used a part with an default-user who can creates Internet-users, the other part is saved, users has to login with their login.

By using authentification IF_HTTP_SERVER->AUTHMETHOD_FIELD I can log in with the newly created user. But if I want to change to other pages in the saved part, the login-popup appears.

In basic-authentification, the server stores the users data (sap-username, pw, ...) after successful login anywhere in the session.

I want to handle this in the same way.

If there are any ideas,

thanks Peter Gabler

Add a comment
10|10000 characters needed characters exceeded

Related questions

3 Answers

  • author's profile photo Former Member
    Former Member
    Posted on Apr 30, 2004 at 01:27 PM

    Is your application conformant to the BSP-MVC Object Oriented Design Pattern?

    If so, I may be able to help.

    Message was edited by: Brian McKellar

    After two hours of reading, I admit this MVC-OODP voodoo is getting me down. The question has nothing to do with MVC. It actually even has nothign to do with BSP. It is per se the question how does authentication work in the internet.

    Add a comment
    10|10000 characters needed characters exceeded

    • Former Member

      Brian, please accept my apologies for attempting to answer someone's queries in a fashion that doesn't conform to your idea of categorization and context.

      The reason I wanted to ascertain the shamanistic nature of this developers programming approach was so that I could perhaps relate a meaningful answer with examples from my past experience.

      My inquiry in this reply was to help me pinpoint and describe an occasion where I might have accomplished what this developer needed help with. This has nothing to do with whether or not this question was 'per se' about how authentication works on the Internet.

  • author's profile photo Former Member
    Former Member
    Posted on May 06, 2004 at 06:41 PM

    Hi Peter,

    In basic authentication, the user data is stored in a cookie. If you are using field authentication, you have to pass it explicitly whenever you move from one 'BSP Application' to another.

    If you are developing an application to be used in a production environment, I would strongly suggest you to use SSO2, as it creates a cookie for the first time and sends it alongwith each request for authentication.


    Venky Varadadesigan.

    SAP NetWeaver consulting.


    Message was edited by: Brian McKellar

    Basic authentication is stored by the browser. Whenever it sends a HTTP request to the server, it will inject the name and password into the HTTP header. Any number of my few weblogs has shown a number of these examples with indepth explaination.

    The SSO2 part is good.

    Add a comment
    10|10000 characters needed characters exceeded

  • Posted on Jun 05, 2004 at 09:00 PM

    I suspect that using SSO2 cookies should probably be of your solution somewhere. However, not knowing exactly what you are doing, I can not say exactly steps to follow.

    My personaly choice, is let the popup comes once, and have the newly created user enter the data and be done. Alternatives below.

    What you should look at is to kick-start you real protected application NOT via a redirect. Create a simple page that has roughly this format below:

    <htmlb><body onload="f.submit()">

    <form name="f" id="f">

    <input type="hidden" name="sap-user" value="thePinkCat">

    <input type="hidden" name="sap-password" value="secret">



    Consider to also set sap-client. You can do this via URL parameters. This is definitely NOT recommended.

    And now also you *must* activate SSO2 cookies. This way, when the real application is started, authentication information is required. And this is found in the formfields. So all is well, and application is running. Afterwards, the ICF will set the SSO2 cookie for this userid, and all future requests will work correctly.


    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.