Mini Secure URLs to Auto Login a User and Download a File
Yeah that's a long title, but that's basically what its for. Have you ever given a user a url and told them to use a certain username and password only to end up spending time on the phone, or emails back and forth trying to figure out what they are typing wrong in their password? This feature aims to solve that. You provide one simple URL that they can just click on, and that is it. Sure you could do this if all your files were available to the "anonymous" account, but that's not secure.
This allows you to build a URL that will tell CrushFTP to login a user using a specific username and password, and point them at a specific location.
For example: https://www.crushftp.com/d
That will log you into https://www.crushftp.com/demo/ using the username of "demo", and the password of "demo". If I wanted to be more secure instead of "d", I could have done something like "XJT59wR" with the same effect. I could also have directed that URL to "/documents/stuff/last year/vacation planning.pdf". For something that long, you can see how a shorter url is helpful.
Mini URL's can also be set to auto expire. So you can make a URL that is only valid for say 1 day and then it invalidates itself. That adds another layer of security to them. You know the URL won't be floating around for a few months because you forgot to delete it.
There is one important note about these mini URLs. When authenticating a user, if you direct them to a specific file, they are still logged into the WebInterface. So don't use it as a security measure. A crafty user will know how to see the folder that contained the specific file you pointed them at. They can only access the files that the user they are logged in with has access to, but its not a way to limit them to a single file.
Forgot Password Reminder
The WebInterface now has a few more useful features. Features just keep trickling in. You'll notice on the login.html page you now have a link for "I forgot my password, email it to me." This allows you to automate a common thing users do. They forget their password! No fault of theirs as they have so many to remember. So how do you enable and get this feature working? Their are three parts to enabling this feature. Don't worry, they are all easy.
Step#1 : Configure the SMTP server settings in the server preferences. This is the same setting that used to be located on each and every user event. Its now been moved here. It will automatically be populate for you if you open a user and click on an event that used to have the SMTP server set for it. CrushFTP copies that setting then to the server preferences if it doesn't already exist.
Step#2 : Enter an email address associated with the user on the upper right of the events email tab of the user manager. This email is the email that will be used in the 'To:' address for outgoing emails.
Step#3 : Enable permission for the user to request that their password be emailed. You enable this option under the admin tab of the User Manager in CrushFTP.
Now you can test this feature out. If you don't have access or something isn't configured, you will get a message telling you why you can't use the link.
Custom Login Page for Virtual Domains
You can now deliver a different custom login page based on the domain a user used to reach your site. For example, www.crushftp.com, and www.benspink.com both point to my machine. but I can have a custom login.html page for each domain. You may want to do this to have custom logo's, custom layout, styles, etc. Once logged in, its up to your individual user customizations to control the layout of the WebInterface.
To get started, duplicate the login.html page. Then begin editing it with either a text editor, or a HTML editor. The main critical piece in that page is where a line of javascript passes the form to a function for login. Save your new page with a different name besides login.html...maybe something like benspink_login.html. Then in the server preferences, under WebInterface, add a new login.html virtual domain mapping and point it at your new file. Thats it!
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment