Client-Side Password Caching

About this task

Note: To make the "Cache Passwords on the Client" option available for selection, you must have the Standard Authentication option selected on the Security tab in the Host Options dialog box.

Client-side password caching allows users who are not members of the Webspace Server's domain to log on without having to enter their user name and password every time they connect to the server.

With this option enabled, the Login dialog box will display a "Remember me on this Computer" check box. If a user selects this check box on the first login from the client, the next time that user logs in from that same computer, the Logon dialog box will show the User Name and Password dialog box pre-populated with the previous login. All the user needs to do to continue is click Sign In.

After the first manual authentication, the user logon credentials are encrypted on the server using the SYSTEM account context, transmitted over the network, and stored on client computers in user-private directories.

When the user makes subsequent connections to the server, the cached password is transmitted back to the server, where it is decrypted using the SYSTEM account context and then used to automatically log the user on to the Webspace Server. The user is added to the server's INTERACTIVE group and granted the same access rights had that user logged on to the server at its console. The Sign In dialog is displayed with the user name and password and with Remember me on this computer checked. If the user disables the Remember me on this computer option, the user's credentials will be deleted from the client computer.

Webspace caches passwords on the server using the industry standard encryption algorithms provided by Microsoft’s Data Protection Application Programming Interface (DPAPI). For more information about DPAPI search the MSDN Library (http://msdn.microsoft.com/library/default.asp) for "Windows Data Protection."

Procedure

  1. From the Webspace Admin Console, on the server list, select the desired server.
  2. On the Tools menu, click Host Options. The Host Options dialog box appears.
  3. Click the Authentication tab.
  4. Select the Cache Passwords on the Client check box.
    Note: This option is only available if the Standard Authentication option is also selected.
  5. Click OK.

    On most platforms, the cached password is stored in the user's home directory in a .dat file named for the Webspace Server. For example, for the Webspace ActiveX Control, C:\Documents and Settings\user1\Application Data\Proficy\Webspace Server\server1.dat is an example location of the cached password. In this example, user1 is the user logged into the Webspace session, and server1 is the name of the Webspace Server.

    Client-side password caching is supported on Internet Explorer, Mozilla Firefox, and the Desktop Client.

    Important: If you are concerned about public computers retaining cached passwords, you should clear the Cache Passwords on the Client check box on the Webspace Server. By default, this option is cleared.