Base solution for your next web application
Open Closed

Support for limited anonymous logins/access to our solution #11522


User avatar
0
pkouame created

framework : zero 12.1

Hi we are implementing a survey like function but it needs to support known and anonymous users. The feature in our solution should email an anonymous encrypted link to "other" users. This link should allow limited access to our solution (e.g. only the survey page) and expire after a system limit.

Does multi tenant zero support this configuration? Can you give us guidance on how to approach this.

Regards, github:Spiramira


4 Answer(s)
  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi @pkouame

    This is not supported out of the box. You need to implement it yourself. You can count page access and record it to database for each access and deny further requests when the allowed limit is reached.

  • User Avatar
    0
    pkouame created

    ok - I know it's not implemented out of the box - the heart of the question is really how to properly design anonymous access to a form in our solution. For example, could would generate some unique id that we embed in the login link (as a parameter) that we publish to the client. When the client clicks the link, they are routed automatically to a closed garden where they can only fill the form and submit data. Of course we can maintain internal tables tying that link to the email target with some extra metadata such as expiration parameters ... Does that seem like a sound solution/approach to you? That may of course be vulnerable to dos attacks though, so security is a concern.

  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi @pkouame

    For example, could would generate some unique id that we embed in the login link (as a parameter) that we publish to the client.

    Yes, I think this is a good approach but you don't have to login the user because in that case, you need to create a new user or use an existing user created for this purpose.

    By the way, after creating a unique id, you can encrypt it with SimpleStringCipher class and then decrypt it on the page you want to validate it.

  • User Avatar
    0
    pkouame created

    Thanks for the pointers!