It's all about the answers!

Ask a question

Download asset from RAM bypassing the RAM login page.


Sripriya Karimpuzhasriram (123952) | asked Jul 22 '13, 4:59 a.m.
Hello team,
We have a requirement. There is an asset in a community in RAM. 
The link to the asset is in the form - 
https://<server>/ram.ws/artifact/<asset guid>/<asset version>

When a user clicks on this link, the user is taken to the RAM login page, where the user has to enter his user name and password credentials.

We are looking to bypass the login page so that the user is able to seamlessly download the asset from RAM.

Is it possible to pass the user name and password as query strings in the URL above?

Please advise.

Thanks!

Regards,
Sripriya

4 answers



permanent link
Sheehan Anderson (1.2k4) | answered Jul 22 '13, 9:22 a.m.
JAZZ DEVELOPER
You can send the username and password in the URL using the format below.

https://<user>:<password>@<server>/ram.ws/RAMSecure/artifact/<guid>/<version>

Comments
Sripriya Karimpuzhasriram commented Jul 22 '13, 11:34 a.m.

Hi Sheehan,
We tried your recommendation. It worked on the google chrome browser. In Mozilla, we got a pop up with a "OK" and "Cancel" button with the message, "You are about to login to the site <servername> with the username <username>.
However it does not work in Internet Explorer browser, similar to the situation explained in this URL

Thanks for your inputs! :)


permanent link
Rich Kulp (3.6k38) | answered Jul 22 '13, 11:18 a.m.
FORUM MODERATOR / JAZZ DEVELOPER
But remember you are exposing the userid and password if these are not the userid/password of the user making the request. Is that really what you want to do, expose the password to everybody?

Comments
Sripriya Karimpuzhasriram commented Jul 22 '13, 11:35 a.m.


Thanks Rich,
I was about to ask this question - Is it possible to send the encrypted username and password to the URL?


permanent link
Rich Kulp (3.6k38) | answered Jul 22 '13, 11:57 a.m.
FORUM MODERATOR / JAZZ DEVELOPER
No, it doesn't work that way. This is standard HTTP protocol so it requires the user to validate who they are. Assets can only be downloaded by people who are logged in as users so that authentication can be verified that the user has appropriate access to an asset. If you provide an userid/password then you are allowing anyone to download the asset because they would be impersonating the userid that you provide. It is usually better to let the person themselves validate who they are so that proper authentication occurs, including a log history of who specifcally downloaded the asset.

permanent link
Rich Kulp (3.6k38) | answered Jul 22 '13, 12:03 p.m.
FORUM MODERATOR / JAZZ DEVELOPER
By the way we do provide the capability of anonymous download. But for that to work you must expose the asset as one that can be accessed by anonymous users (i.e. users that aren't logged in). If your asset is meant to be accessed by anyone anywhere with no check on who the person is then you can create a download role that is assigned to anonymous user. You need to be careful in how you define the role so that you don't expose other assets unintentionally to anonymous users.

This way there is no userid required to download the asset.

Comments
Sripriya Karimpuzhasriram commented Jul 22 '13, 12:08 p.m.

Thanks Rich,
This sounds interesting! :)
Would you have a "help page" in "RAM help contents" so that I can try this out?

Thanks much Rich!


Rich Kulp commented Jul 22 '13, 3:57 p.m.
FORUM MODERATOR / JAZZ DEVELOPER

There is no documentation to explicitly explain this. All we have is the general documentation explaining roles and user assignment of roles.

Manage users and roles


Your answer


Register or to post your answer.