Starting Wildcat! v6.1, the Wildcat! Web Server (wcWEB) offers new WEB authentication methods to provide more secured methods and logout capabilities that was not possible when only using the standard HTTP "Basic Authentication" method to log into wcWEB.
Basic Authentication is a low security method for logging into a Web Server since the browser will send user credentials over the HTTP connectivity. With pre v6.1 versions, the only way to secure the Basic Authentication process was to use implement SSL to secure the web connection.
A new method called "Digest Authentication" is available to increase the security of the BASIC authentication login process by using a highly secured SHA1 encryption method. Digest allows you to secure the authentication without using SSL.
However, BASIC and DIGEST authentication do not allow users to log off the web server unless the user manually closed the browser completely. Although, the web server can time out the user, once the user refreshes the page, the browser will resend the user credentials and automatically login again.
The ability to allow the user to completely log off the web server without closing the browsers requires alternative authentication method called Cookie Authentication to login and logoff the user.
To support Digest Authentication, the user's browser must support DIGEST. All browsers support BASIC, and by this point in the evolution of web browser, most, if not all, support DIGEST as well. The SASL files SASLDIGEST.DLL and SASLSH1.DLL are required as well. See the setup section below.
To support Cookie Authentication, the user's browser must enable cookie support and JavaScript support. Be aware, that more users are turning off cookie support. However, Wildcat! uses session cookies which means they are not permanent and most users will enable session cookies and limit or turn off "persistent cookies." which stay on the user's machine. The SASL file SASLPLAINMD5.DLL is required as well and the new cookie templates files need to be installed. See the setup section below.
Note: As of Wildcat! 7.0, all the required files mentioned below are automatically installed. The mentioned WCSASL.ZIP and WCWEBAUTH.ZIP file are not provided. The instructions below is considered obsolete and will be removed from the documention in the future. What remains is to run the Wildcat! Configuration and enable cookie authentication. See Web Server Authenication Configuration.
To support Digest Authentication and/or Cookie Authentication, the following SASL files must be available before starting WCSERVER.EXE:
If you don't already have these files in the Wildcat! installation directory, they are available in the zip file, WCSASL.ZIP, which is automatically provided with all installations. Simply unzip this file, shutdown and restart Wildcat!.
Using the DOS prompt:
CD \WC6
UNZIP WCSASL.ZIP
Cookie Authentication support also requires the following new web files from the zip file WCWEBAUTH.ZIP.
The zip file WCWEBAUTH.ZIP is distributed via AUTOUPDATE. CD installations will automatically make it available (v6.1 CDs only).
Using the DOS prompt:
CD \WC6
UNZIP WCWEBAUTH.ZIP
Please keep in mind the expected file directories are already defined in the zip file. So extracting the files should automatically place the files in the required HTTP\ sub-directories.
Once you unzip this files, run the Wildcat! Configuration and enable cookie authentication. See Web Server Authenication Configuration.