Skip to main content

Secure Custom Web Application Logins

In addition to its recommended support for REST applications, InterSystems products support two other types of web applications: CSP and Zen. When configuring custom login pages that use CSP and Zen, it is important that you follow recommended protocols. These protocols provide greater security and minimize incompatibilities on upgrades to new products or versions.

About Creating a Custom CSP Login Page

To create a custom CSP login page:

  1. Create a subclass of the %CSP.Login page.

  2. To customize your application’s behavior, override the subclass’s Draw methods, so that the page looks how you want. These include methods that modify the appearance of the login page and methods that modify the appearance of the security token page (if you are using two-factor authentication):

    Note that the DrawTitle and DrawSTTitle methods call the DrawTitleSection method.

  3. Invoke the subclass as needed in your application.

Important:

When creating a custom login page, you must use a subclass of %CSP.Login. Other approaches for creating login pages in CSP applications can cause problems of various kinds.

If you have written custom login pages that do not use a subclass of %CSP.Login and you apply any changes from InterSystems that upgrade or secure your instance, your login pages may fail without error messages. For example, users may attempt to log in with valid usernames and passwords, but their logins will fail without any visible cause. This situation may indicate that you need to change your custom login to use the required approach.

About Creating a Custom Zen Login Page

When creating a custom Zen login page, use the <loginForm> component in accordance with the procedure described in the “Controlling Access to Applications” section of the “Zen Security” chapter of Developing Zen Applications.

Important:

When creating a custom login page, you must use the <loginForm> component. Other approaches for creating login pages in Zen applications can cause problems of various kinds.

If you have written custom login pages that do not use the <loginForm> component and you apply any changes from InterSystems that upgrade or secure your instance, your login pages may fail without error messages. For example, users may attempt to log in with valid usernames and passwords, but their logins will fail without any visible cause. This situation may indicate that you need to change your custom login to use the required approach.