webCOMAND provides a framework for user management, authorizations and custom logins.
The best place to start is to set up a database of users. You will need to decide which content type will store user information. There are three main options:
- User Content Type - Use the built-in User content type if it provides everything your website or app requires. This is the easiest way to go, and you will get all of the features and functionality afforded to webCOMAND Users. The same User record can provide access to webCOMAND, webCOMAND Apps and/or your website and app.
- Extend User Content Type (Recommended) - To add information to the built-in User content type, extend it to get the best of both worlds. Define your own content type that extends User to add your custom fields, but inherit all of the features and functionality afforded to webCOMAND Users.
- Custom Content Type - If you aren't interested in inheriting any of the built-in webCOMAND User features and functionality, you can create your own unique user content type with only the fields, features and functionality you want. In this situation, create a content type that extends cObject, Content or any other content type you like.
Once you have a user content type, you are ready to populate the database with an initial user and set up authorizations.
If you use or extend the built-in User content type, you can add and configure Users, User Roles and Authorizations in the Users App.
The most important authorization is the "System Administrator" checkbox in the User. When checked, the user will be authorized to do anything in most apps. It is highly recommended that your website or app do the same, and that only highly-trusted users are given that authorization, if any.
There are a few ways to can add custom authorizations and privileges.
- Privileges - To add simple custom authorizations, create new Privileges.
- Authorizations - To add custom authorization functionality, create a new content type that extends authorizations with the appropriate fields and then implement the authorizations methods in a corresponding model for the new content type.
- Attributes - To add more customized authorizations and user features, create new content types that reference Users or User Roles.
If you are using a custom content type, it is up to you to determine how authorizations will be stored. They can be stored in fields within the custom content type, or as attributes that reference the user content type, such as roles and/or individual user-specific authorizations.
Once users and authorizations are set up, credentials will be required to authenticate users against passwords, tokens and other information.
- Security Questions - Questions and answers typically used to verify a user in order to reset their password or other credentials.
- User Passwords - A secret code used to authenticate a user against text entered into an input.
- User Reset Codes - A temporary code typically emailed or otherwise shared with a user to start the process to reset a password or other credentials.
- User Tokens - A secret code used to authenticate a software user against text provided as part of a web request or other API call.
Select one of the following login policies to learn more about how it is implemented and how it can be used by your website and/or apps.
- webCOMANDAuthenticate webCOMAND users by User Password.
- Web ServicesAuthenticate Web Service users by User Token.
- CustomAuthenticate website or app users by password, token or other means.