Skip to main content

I am creating a login form with username and password I want the user to enter his  user name and password. If they match user name and password registered in the database , they are sent to the next form otherwise no. I also want the login employee name,employee id,business unit to be displayed automatically from the database in the next form when the user login successfully I created the smartobject , views and forms but I can’t set the rules for this

It is not recommended to build login forms through SmartForms as it uses a client-side execution model which makes building authentication and authorization logic insecure.

Instead you should be using the built-in authentication and authorization mechanisms that the platform supplies - If your solution requires a public internet facing form with separate users than the internal organization, it is advisable to create a secondary runtime site which is configured with a separate Authentication Issuer (like the Forms STS that has a default login form) which uses a different Identity Provider (perhaps SQLUM) than the internal organization. 

By using the built in authentication logic, you can be sure that user sessions are handled securely with all the built in security hardening of the background IdP. 
This also then allows you to make use of the Authorization Framework to restrict access to the forms based on the logged in user.

The other metadata of the user can be retrieved from smartObjects - It is recommended to make use of the current user system mappings on SmartObject method level mappings to filter/load the data based on the logged in user instead of making use of the mappings available in SmartForms for a secure solution. 
I would also recommend reading through general security best practices as documented here: 

 


Reply