G Web Development Software

cancel
Showing results for 
Search instead for 
Did you mean: 

Password protection methods for G Web webpage running on cRIO application web server?

I have a webpage developed using G Web, which is hosted on the application web server of a compactRIO. Users can connect to the same network as the cRIO and use a browser to pull up the webpage.  I would like to restrict access to the webpage with a password, but have not found an elegant way to do this. Any suggestions? 

My current "solution" is to have a a tab control with a password entry text field on one tab and all the main webpage controls on another tab. Until the user enters the hard-coded password, then the web application forces the tab control to display the password entry tab.  This is ugly, however, as a user can select the main tab and briefly interact with the main controls before the application hits the logic to return focus to the password page.  If this were LabVIEW, my fast and dirty solution would be to use property nodes to hide/unhide the tab selector strip from the top of the tab control, but in G Web I do not see a way to do this programmatically...? 

0 Kudos
Message 1 of 3
(1,356 Views)

Your solution is the more simple solution. You could try to catch the events before they are executed but it is not an elegant solution.

 

I remember a demo doing this with a multi user approach.

It used a login page then you would gain acces to the other pages of the application.

 

https://www.studiobods.com/en/niweek2019-ts170/

 

0 Kudos
Message 2 of 3
(1,309 Views)

The solution will depend on how much you care about thwarting would-be malcontents that have access to the app. Presumably you need to password protect aspects of the application because it's going to be interfacing to external systems (other software that may connect to databases, write/read files, control I/O, etc).

 

Anything you implement purely in a G Web app can be circumvented by anyone with a bit of time and ability to use the developer tools built into any modern web browser. String constants you use on block diagrams will be accessible to anyone looking at the source of the files loaded by the web browser (take a look at the .via.txt file that'll show up in the network / sources tab of chrome et al). If all you need to do is provide a minimal level of protection to prevent the unsavvy from mucking about in your app, then this certainly might be suitable for doing the access control within the G Web app itself. If this works and you want the better user experience then I'd create separate web pages in G Web and the "login" page can send a user to the other page if the entered info matches. However anyone that gets access to that page could then bookmark it and even share the link to others potentially bringing you back to the original problem. There are varying levels of tricks that could be played, such as embedding a timestamp as a query parameter in every request and then if this isn't up to date or not present you could redirect users back to login but this fails as soon as someone finds out how that parameter works.

 

Ideally, you have some backend software running (perhaps a LV Web Service) that handles the auth checks and would handle any requests to other services such as databases, files, test control, etc. that could be ignored if valid auth info isn't available.

0 Kudos
Message 3 of 3
(1,172 Views)