image: Gears IT Team - Processed HTML
Authentication Utilities 		logo: U of MN Extension


This page describes the Extension Central Authentication System (ECAS), a single point of authentication for our many applications.  All user authentication and most user management takes place within the ECAS.  The pages are hosted on our https server.

The system includes an intruder detection component.  Every login attempt is logged in the audit table.  Three failed login attempts during a 15 minute period of time will lock that account.



User Authentication

At the application level, an authentication test is done on each page.  If the test fails, the user is redirected to the ECAS along with an application ID using this format. 

Response.Redirect("https://secure.extension.umn.edu/authentication/login.asp?appID=n");

Where n is the application ID integer.

In the ECAS, the user enters a username and password.  If the username, password, and application ID are valid, then the system sets a session id and then redirects the browser back to the login page of the application, passing a userID.  The application uses a authentication function to verify that incoming userID is valid and then session variables are set based on userID.

If the username, password and application ID are not valid, then a message will be displayed indicating the login attempt has failed and maybe retried.



User Management

By following a link to the URL https://secure.extension.umn.edu/authentication/mgmnt.asp, application administrators are given a management menu.  An application ID is passed in and management must be relative to that.  Application adminstrators can change user information, passwords, and unlock accounts.  They can add users and the user is pre-assigned only to their application.


Also a return URL is passed and the administrator will be redirected to that URL when done.  The link to ECAS would be along these lines. 

<a href="https://secure.extension.umn.edu/authentication/mgmnt.asp?appID=n&returnURL=appURL">
Manage</a> users in ECAS

Where n is the application ID integer, and returnURL is the URL that the administrator is sent back to when they want to exit the user management process.



User Self-Management

By going to the URL https://secure.extension.umn.edu/authentication/index.html, authentication administrators are given a management menu.  All others are redirected to a page where they can change their user information or password.  Logout is the only choice, users will not be redirected to any applications.


Alternately, from within the application the administrator can make a self-management choice available to the users.  If users are sent to the self-management page with a return URL, they will be redirected to that URL when done. 

<a href="https://secure.extension.umn.edu/authentication/self_menu.asp?appID=n&returnURL=appURL">
Change user contact information/password</a>

Where n is the application ID integer, and returnURL is the URL that the user is sent back to when they want to exit the self-management process.



Authentication Ulility Modules

The following section details the function modules available to application writers for interaction with the ECAS.  The names of the modules are Case Sensitive.  Be sure to use the right capitalization.

Each page that uses these modules must start with this include statement as one of the first lines of the HTML page. 

<!--  #include virtual = "/include/auth_utils.inc"  -->


-


AuthLogout(userID)
This function is used to indicate that a user has logged out.  Returns 1 (true) if successful and 0 (false) if not.

Parameters:
    userID - integer, user ID number.   default - none, returns 0



CheckToken(userID)
This function is used to check if the token for a specific user is still valid (i.e. did the user login within the last 30 seconds).  Returns 1 (true) if valid and 0 (false) if not.

Parameters:
    userID - integer, user ID number.   default - none, returns 0



GetAccesslevel(userID, appID)
This function is used to retrieve the accesslevel within an application for a user.  Returns -1 if any parameters missing, or no association found between user and application.

Parameters:
    userID - integer, user ID number.   default - none, returns -1
    appID - integer, application ID number.   default - none, returns -1



GetAccessText(levelID)
This function is used to retrieve the descriptive text for an accesslevel.  Returns a string.

Parameters:
    levelID - integer, accesslevel ID number.   default - none, returns "Description not found"



GetEmail(userID)
This function is used to retrieve the email address for a single user.  Returns a string.

Parameters:
    userID - integer, user ID number.   default - none, returns "Address not found"



GetEmailList(appID)
This function is used to retrieve the list of email addresses for an application.  Returns a two element array with this structure:
Parameters:
    appID - integer, application ID number.   default - none, returns "Address not found"


GetFullList(appID, form, order, format)
This function is used to retrieve retrieve the name, username, last login time, and accesslevel for all users for an application.  Returns a six element array with the names in the requested format.  The array has this structure:
Parameters:
    appID - integer, application ID number.   default - none, returns "User not found"
    form - integer, the desired name format.   default - 4
      1 - firstname
      2 - lastname
      3 - firstname lastname
      4 - lastname, firstname
      5 - firstinitial. lastname
      6 - lastname, firstinitial.
    order - integer, the desired sort order.   default - 1
      1 - lastname ascending
      2 - lastname descending
      3 - userID ascending
      4 - userID descending
      5 - accesslevelID ascending, lastname ascending
    format - integer, the desired accesslevel format.   default - 0
      0 - numericd accesslevel ID
      1 - text description



GetLastLogin(userID, appID)
This function is used to retrieve the last time a user logged into an application.  Returns datetime.

Parameters:
    userID - integer, user ID number.   default - none, returns 01/01/90
    appID - integer, application ID number.   default - none, returns 01/01/90


GetUserList(appID, form, order)
This function is used to retrieve the list of names for an application.  Returns a three element array with the names in the requested format.  The array has this structure:
Parameters:
    appID - integer, application ID number.   default - none, returns "User not found"
    form - integer, the desired name format.   default - 4
      1 - firstname
      2 - lastname
      3 - firstname lastname
      4 - lastname, firstname
      5 - firstinitial. lastname
      6 - lastname, firstinitial.
    order - integer, the desired sort order.   default - 1
      1 - lastname ascending
      2 - lastname descending
      3 - userID ascending
      4 - userID descending
      5 - accesslevelID ascending, lastname ascending



GetUserName(userID, form)
This function is used to retrieve the name for a single user.  Returns a string with the name in the requested format.

Parameters:
    userID - integer, user ID number.   default - none, returns "User not found"
    form - integer, the desired name format.   default - 3
      1 - firstname
      2 - lastname
      3 - firstname lastname
      4 - lastname, firstname
      5 - firstinitial. lastname
      6 - lastname, firstinitial.


iconInformation Technology Page

iconUniversity of Minnesota Extension Home Page

URL: http:// www3.extension.umn.edu/units/cets/it/processed/auth_utils.html  This page was updated June 26, 2001 .
Online Privacy StatementContact Information.

University of Minnesota Extension is an equal opportunity educator and employer.
Copyright  ©  Regents of the University of Minnesota.  All rights reserved.