Identification of OS user with DAD authentication scheme

Similar Messages

• HTTP request was forbidden with client authentication scheme 'anonymous'

  Hi,
  We have updated our support Package for version BPC NW 10.0 release 801 from 0002 to 0005.
  After the update we are not being to access the server folders in EPM Add-in.
  We have the following error "HTTP request was forbidden with client authentication scheme 'anonymous'". Nevertheless we only can't access to the content of folders that are not public or local.
  In SLG1 log, we have the error " Access not granted, You are not the member of team: BUSINESS ADMIN". This is not true because the user has SAP_ALL in BW and is a primary administrator in BPC. The data access profile associated is the administrator member access profile.
  Has anybody seen this error?
  Best regards,
  JA

  Hi Nilanjan,
  We are able to log in into EPM Add-in.
  We have the error when we try to open input forms or reports from server, but only from some folders.
  When we select the folder we have the error.
  For example we can see the content from:
  WEBEXCEL\REPORTLIBRARY\
  ADMIN\WEBEXCEL\TEAMREPORTLIBRARY\
  But we can't see the content from:
  BUSINESS ADMIN\WEBEXCEL\TEAMREPORTLIBRARY\
  TEAM FI\WEBEXCEL\TEAMREPORTLIBRARY\
  The user has administrator member access profile ans is included in all teams (ADMIN, BUSINESS ADMIN and TEAM FI)
  We really can't see what could be the problem
  Hope you can help us.
  regards,
  JA

• OfficialFile.asmx The HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'Negotiate,NTLM'. ERROR

  We are getting an error on the authentication piece when trying to submit a file to the OfficialFile.asmx web service to submit a document to the Drop-Off Library. Here is the code snippet -
  public string FileUpload(HttpPostedFile FileInput, RecordsRepositoryProperty[] properties)
  string strFileUrl = string.Empty;
  RecordsRepositorySoapClient repository = new RecordsRepositorySoapClient();
  BinaryReader b = new BinaryReader(FileInput.InputStream);
  byte[] binData = b.ReadBytes(FileInput.ContentLength);
  repository.ClientCredentials.Windows.ClientCredential = new System.Net.NetworkCredential(iUserID, iUserPassword, iUserDomain);
  repository.ClientCredentials.Windows.AllowedImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Impersonation;
  repository.SubmitFile(binData, properties, null, FileInput.FileName, HttpContext.Current.User.Identity.Name);
  strFileUrl = repository.GetFinalRoutingDestinationFolderUrl(properties, null, FileInput.FileName).Url;
  return strFileUrl;
  Although we are setting the network credential in the client call we still get the error
  - The HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'Negotiate,NTLM'.
  Ideas?
  Thanks in advance.

  Hi,
  Based on the error message, the issue is related to the authentication type.
  I suggest you can specify the credential type like the below:
  CredentialCache credentialCache = new CredentialCache();
  NetworkCredential credentials = new NetworkCredential(UserName, PassWord, sDomain);
  credentialCache.Add(new Uri(recordCenterUrl), "NTLM", credentials);
  Here is a detailed code demo for your reference:
  http://blogs.msdn.com/b/mcsnoiwb/archive/2011/06/06/sending-files-to-a-record-center-using-the-sp2010-webservice-officialfile-asmx.aspx
  Best Regards
  Forum Support
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Jerry Guo
  TechNet Community Support

• The HTTP Request is unauthorized with client authentication scheme negotiate - MDS Excel Plugin error

  Hi,
  Some users in my company are experiencing a strange issue when connecting to our MDS server using the MDS Excel plugin. They receive the error message:
  "The HTTP Request is unauthorized with client authentication scheme negotiate. The authentication header received from the server was "NTLM,BASIC real="DOMAIN NAME IWA"
  They are receiving this error when first trying to connect. For some reason they only receive this error when connected to the work network via the VPN. They don't receive this error from within our network.
  Does anyone know what might be causing this issue and how to resolve?
  Many Thanks,
  Phil

  Try the following links and see if it helps:
  https://support.microsoft.com/en-us/kb/896861/
  https://social.technet.microsoft.com/Forums/projectserver/en-US/912c7179-8858-4c48-a71d-d9a21ff10a1b/the-http-request-is-unauthorized-with-client-authentication-scheme-ntlm-the-authentication?forum=project2010custprog
  -Nithesh Shetty Software Engineer, C & E -> IMML -> MDS, Microsoft.

• Restful Web Services - First Party Authentication with custom authentication schemes

  Hi
  I've successfully enabled security using first party authentication on our Restful web services however these only work with the built in Apex accounts and not other authentication schemes.
  Ideally I'd like to authenticate against LDAP, however when I enable this authentication scheme the restful services don't work as they only support the Apex accounts. 
  Has anyone implemented LDAP authentication for Apex restful web services, either directly or using Glassfish ? Does anyone know if support for custom authentication schemes on the feature roadmap for a future Listener release ?
  I attempted to configure the glassfish application against LDAP but am still working on it.. glassfish never challenged the client to authenticate (it's only to be for the web service endpoints and nothing else), so any pointers on how to set that up for Apex would be appreciated.
  Thanks
  Kes

  Hi Gemma,
  unfortunately at the moment you are caught between a rock and a hard place:
  - As you point out there is no way in APEX for a user to self-register themselves, short of developing your own table to store users and configuring APEX custom auth to authenticate against that table
  - Listener can only authenticate against the the APEX user repository, it cannot integrate with custom APEX authentication.
  There may be other options though, by leveraging the authentication capabilities in the JRE and/or WebLogic/GlassFish application servers. We're interested in addressing this use case, so if you wish to investigate further please send me an email ( colm <dot> divilly <at> oracle <dot> com).
  Thanks,
  Colm Divilly

• Issue with DAD authentication and Interactive Reports

  Apex version 3.1.1.00.09
  I have an application which is using DAD authentication. Since changing the authentication model I have noticed that I lose some of the Interactive Report functionality specifically the ability to save reports.
  Post authentication I can get the user info by calling owa_util.get_cgi_env('REMOTE_USER')
  However when I reference V('APP_USER') it returns APEX_PUBLIC_USER. Is this the reason for the loss of interactive report functionality. If so is there a workaround?
  Thanks in advance

  When the authentication model is set to Application Express
  The user test_sso (which has end user rights only) has the ability to Save Report within an Interactive Report.
  When the authentication model is set to DAD
  A user who can authenticate against the DAD does not see the option to Save Report in the Interactive Report actions menu.
  As a developer when viewing the Interactive report I have the option to Save Report*
  Is this correct behaviour? I want the end user to log on to the application seemlessly and still have the ability to save a report.
  Thanks
  Paul

• The HTTP request is unauthorized with client authentication scheme 'Ntlm'. The authentication header received from the server was 'NTLM'.

  when i connect to wcf service , i am getting the client authentication error.
  It happens only when i connect to wcf service from a client machine (virtual machine) that is logged in with local user account.
  Wcf service is hosted as windows service in my case.
  Client application is a windows application that connects using below security mode.
  BasicHttpBinding httpbind = new BasicHttpBinding();
  httpbind.Security.Mode = BasicHttpSecurityMode.TransportCredentialOnly;
  httpbind.Security.Transport.ClientCredentialType = HttpClientCredentialType.Ntlm;
  httpFactory.Credentials.Windows.AllowedImpersonationLevel
                                  = System.Security.Principal.TokenImpersonationLevel.Impersonation;
  Please help me with a solution.
  As i read more through below link , i doubt if the client is not in the same domain, it might not work ? is it rite.
  http://blogs.msdn.com/b/chiranth/archive/2013/09/21/ntlm-want-to-know-how-it-works.aspx
  Regards Battech

  https://msdn.microsoft.com/en-us/library/windows/desktop/aa378749%28v=vs.85%29.aspx?f=255&MSPPError=-2147217396
  Well, you need to figure out what the authentication is supposed to be bettwen the WCF client and WCF service, because Windows Authentication is being rejected.

• Presenting users with authentication menu

  Hi,
  I have a need to present the users with the option to either authenticate with LDAP or RADIUS. All the users go through a gateway. The only way I understand to do this is to prepend "&authlevel=0" at the end of the URL. I am wondering if there is a way to have the gateway do this automatically.
  The user would enter: https://host.domain.com and this would present the user with the authentication menu for the selected modules.
  We are using JES 2003Q4 (portal 6.2).
  any help would be appreciated,
  wiggam

  Hmm, the authentication method can be choosen using "module, e.g.
  input type="hidden" name="module" value="LDAP"
  in the login form.
  You could put a dropdownbox there or something like that.
  hth Chris

• Disadvantages of DAD Authentication

  Dear Apex users,
  Apex is a very nice tool to use, but sometimes it's hard to use features in the database. Almost all the authentication methods log on to the database with a single scheme, except the DAD Authentication Scheme.
  This way it's hard to implement security in the database. CDM Ruleframe for example uses USER to fill journaling columns. With Apex this will result in APEX_PUBLIC_USER being the only user to modify the database. When you want to implement this right it's neccessary to change the code generated by CDM Ruleframe. But also the role based security is based on the user(=schema) that is logged on. You can use VPD, but this is much more complicated.
  So I was very happy to find out that it is possible to log in as a real database user, being recognized by the database, using the Database Authentication (via DAD without username or password). When I perform htp.p(USER) in Apex it shows the real database user!
  Yet the manual warns to only temporarily use this method, I cann't figure out why.
  Are there (security?) reasons not to use this method?
  Greets, Dik

  Dik,
  You can always use the expression nvl(v('APP_USER'), user) to identify the authenticated user for journaling and the like.
  If you use basic authentication (no username/password in DAD) the session user will be the authenticated user, as you point out. However, you still can't use roles other than to interrogate the roles the current user has been granted and to make decisions based on that.
  The User's Guide describes the main disadvantage of this method:
  "The main drawback of this approach is burdensome account maintenance, especially if
  users do not administer their own passwords, or if their database accounts exist only
  to facilitate authentication to your application."
  Scott

• How to use CMS Users with SAP BOPC NW 7.5

  Hello,
  I have problems importing and using CMS Users with BO PC 7.5 NW.
  I am trying two types of CMS-users
  1. CMS Enterprise Users created in CMS and using "Enterprise" authentication
  2. SAP BW Users imported into CMS using their SAP authentication "secSAPR3")
  but both don't work:
  In the BOPC Admin Client, I can succesfully select Security->Users->"Add new Users". Both CMS "Enterprise Users" and CMS Users that use SAP authentication are displayed in the "Everyone" Group.
  The CMS Enterprise Users are displayed as <username>, e.g. "Miller".
  The CMS users with sap authentication are displayed as <SAPSystem><Client>/<SAPusername>, e.g. "KBE100/Smith".
  Now If I try to import a user...
  1. CMS Enterprise Users
  If can successfully import CMS Enterprise Users and add them to the ADMIN Team, e.g. "Miller".
  The problem is they can't be used to log in to the Admin Client and Excel Client:
  E.g. I enterUser-ID "Miller" and his CMS-Enterprise-password under password after starting Excel Client, an error message shows up: "The UserID, Password or Domain cannot be authenticated. Go back and make sure you entered valid credentials" ... (same error message as if the user wouldn't exist/wrong pw.).
  Seems the user wasn't added as BO PC user. Or do I need to use any prefix before the "user ID" for CMS Enterprise users in the User_ID field instead of just "Miller"?! 
  2. CMS Users which use SAP-authentication (users imported into CMS from BW and use SAP-authentication)
  In the BO PC Admin Client, I can't import them: I go through "1. User Setup" select "KBE~100/Smith", "2. User Detail", "3. Assignments", but if I am in "4. Finish" and click on "Apply", the following error shows up:
  "Failed to create directory \root\Webfolders\<AppSetName>\<Appname>" for "KBE~100/Smith".
  My guess is that the operating system doesn't like the "/" in the Username - but I guess this can't be changed  bc. these Users from CMS and are already displayed with the "/" between SAPSystemID~ClientNummer and username in the User-list in BOPC Admin Client!
  side remark: if I create a SAP CMS Enterprise user which contains a "/" in the username (on pupose ), I am getting the same error message.
  Any help, explanations and workarounds are greatly appreciated - Any solution will be awarded with maximum points!
  Best Regards and thanks a lot for your help!

  Hi Florian,
  The problem seems indeed the file system on the bw not being able to handle "/". The automatic user import from the bw role into the CMC does not give you an option to replace the "/" character with anything else.
  This should solve it:
  - Go to the CMC double click the user. Delete the server part "KBE100/" and click save. Make sure the default system is set to "KBE100". The user should now be able to login from BPC with the user Smith.
  Good luck,
  Martin

• Autoscaling Application block for Azure worker role console app not working. Get error as The HTTP request was forbidden with client authentication

  I have written a console application to test the WASABi(AutoScaling Application Block) for my worker role running in azure. The worker role processes the messages in the queue and I want to scale-up based on the queue length. I have configured and set the
  constraints and reactive rules properly. I get the following error when I run this application.
  [BEGIN DATA]{}
      DateTime=2013-12-11T21:30:02.5731267Z
  Autoscaling General Verbose: 1002 : Rule match.
  [BEGIN DATA]{"EvaluationId":"4f9f7cb0-fc0d-4276-826f-b6a5f3ea6801","MatchingRules":[{"RuleName":"default","RuleDescription":"The default constraint rule","Targets":["AutoscalingWebRole","AutoscalingWorkerRole"]},{"RuleName":"ScaleUpOnHighWebRole","RuleDescription":"Scale
  up the web role","Targets":[]},{"RuleName":"ScaleDownOnLowWebRole","RuleDescription":"Scale down the web role","Targets":[]},{"RuleName":"ScaleUpOnHighWorkerRole","RuleDescription":"Scale
  up the worker role","Targets":[]},{"RuleName":"ScaleDownOnLowWorkerRole","RuleDescription":"Scale down the worker role","Targets":[]},{"RuleName":"ScaleUpOnQueueMessages","RuleDescription":"Scale
  up the web role","Targets":[]},{"RuleName":"ScaleDownOnQueueMessages","RuleDescription":"Scale down the web role","Targets":[]}]}
      DateTime=2013-12-11T21:31:03.7516260Z
  Autoscaling General Warning: 1004 : Undefined target.
  [BEGIN DATA]{"EvaluationId":"4f9f7cb0-fc0d-4276-826f-b6a5f3ea6801","TargetName":"AutoscalingWebRole"}
      DateTime=2013-12-11T21:31:03.7516260Z
  Autoscaling Updates Verbose: 3001 : The current deployment configuration for a hosted service is about to be checked to determine if a change is required (for role scaling or changes to settings).
  [BEGIN DATA]{"EvaluationId":"4f9f7cb0-fc0d-4276-826f-b6a5f3ea6801","HostedServiceDetails":{"Subscription":"psicloud","HostedService":"rmsazure","DeploymentSlot":"Staging"},"ScaleRequests":{"AutoscalingWorkerRole":{"Min":1,"Max":2,"AbsoluteDelta":0,"RelativeDelta":0,"MatchingRules":"default"}},"SettingChangeRequests":{}}
      DateTime=2013-12-11T21:31:03.7516260Z
  Autoscaling Updates Error: 3010 : Microsoft.Practices.EnterpriseLibrary.WindowsAzure.Autoscaling.ServiceManagement.ServiceManagementClientException: The service configuration could not be retrieved from Windows Azure for hosted service with DNS prefix 'rmsazure'
  in subscription id 'af1e96ad-43aa-4d05-b3f1-0c9d752e6cbb' and deployment slot 'Staging'. ---> System.ServiceModel.Security.MessageSecurityException: The HTTP request was forbidden with client authentication scheme 'Anonymous'. ---> System.Net.WebException:
  The remote server returned an error: (403) Forbidden.
     at System.Net.HttpWebRequest.GetResponse()
     at System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
     --- End of inner exception stack trace ---
  Server stack trace: 
     at System.ServiceModel.Channels.HttpChannelUtilities.ValidateAuthentication(HttpWebRequest request, HttpWebResponse response, WebException responseException, HttpChannelFactory`1 factory)
     at System.ServiceModel.Channels.HttpChannelUtilities.ValidateRequestReplyResponse(HttpWebRequest request, HttpWebResponse response, HttpChannelFactory`1 factory, WebException responseException, ChannelBinding channelBinding)
     at System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
     at System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSpan timeout)
     at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout)
     at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
     at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs)
     at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
     at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
  If anyone know why I am getting this anonymous access violation error. My webrole is secured site but worker role not.
  I appreciate any help.
  Thanks,
  ravi
    

  Hello,
  >>: The service configuration could not be retrieved from Windows Azure for hosted service with DNS prefix 'rmsazure' in subscription id **************
  Base on error message, I guess your azure service didn't get your certificate and other instances didn't have certificate to auto scale. Please check your upload the certificate on your portal management. Also, you could refer to same thread via link(
  http://stackoverflow.com/questions/12843401/azure-autoscaling-block-cannot-find-certificate ).
  Hope it helps.
  Any question or result, please let me know.
  Thanks
  Regards,
  Will 
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• Authentication Scheme - Database Account with login user exists in table

  Hi all,
  I m new to APEX. Could anyone tell me how can i modify the authentication scheme to validate the user by Database Account DB user & password, also the username must exist in a table
  As the DB is not only designed for one application, so DB account may incl. DB users more than the users who can access the APEX application. So I must check the user name exists in a table also.
  Thx.

  Scott,
  I try to save the msg in application item and set the message by application item in process before header, it works perfect. The message display as what i want :)
  One more question is i would like to give this link to user will go let the user go to the target page and can edit the page without doing any searching b4.
  http://XXX/apex/f?p=115:3::NO:::P3_ID:82
  If the user hvnt login, system will prompt login page, after the user login it, it will direct go to the target page. I have try if the user type in a wrong username / password it still work after i retype a correct one. The page can redirect to the target page.
  However, if i type in a user name & password is correct but not exist in my define table like what i stated b4. Then i type in a correct one I can just go to page 1 instead of the target one.
  How can i do the same thing?
  Sorry for non-stop questioning, but pls help. Thanks a lot.

• Defining an Authentication Scheme for user ID and password and client certi

  Hi,
                  I do need to define an Authentication Scheme for user ID/Password and client certificate,, both at the same time, so whenever the end user access the SAP Portal he/she will be asked to provide user and password as well digital certificate,
                  Despite of the whole idea behind o f the concept of digital certificate, my client sill wants to keep the user ID and password to complies with business requirements.
       I found a documentation that discuss Authentication Scheme with example using both ID and Digital certificate, but the priority was set different for each authentication method.
  http://help.sap.com/saphelp_nw04s/helpdata/en/d3/1dd4516c518645a59e5cff2628a5c1/content.htm
       So I am wondering with I can accomplish User ID/Pwd plus digital certificate just by making the priority the same value. Anyone had a similar requirement?
  Best Regards
  Claudio Rocha

  Hi
  Did you get an answer for this Query ?
  Regards
  Priyanka

• Problems with "Application Express Accounts" authentication scheme...

  Hi.
  I'm using Application Express 4.1.1.00.23 on Oracle 10g XE.
  I have created and used an authentication scheme based on APEX accounts which worked okay for a while but it now experiencing issues. All the current users are working fine, but I cannot add new ones in the app! Oh, I'm using an APEX generated Access Control page within the app (which I have deleted/recreated to no joy).
  If I make changes to a current user I get the expected "1 row(s) updated, 0 row(s) inserted." message and it has indeed worked. If I "Add User" and "Apply Changes", nothing happens... well, the page is seemingly submitted, but no action is taken, no errors are raised, but no user is added.
  Curiously, if I both amend a user and add a user before applying changes I get the following -
  "1 error has occurred
  Current version of data in database has changed since user initiated update process. current row version identifier = "A884FA378C851786DDFE3A33709CB23C" application row version identifier = "234234C67A01764460EDABD366BC4C48" (Row 2)"
  The row is mentions is the one I tried to amend. To make matters worse, it's not consistent as another row I tried to amend (at the same time as inserting a new user) gives the following error -
  "1 error has occurred
  unique constraint (ICTLIVE.APEX_ACCESS_CONTROL_PK) violated (Row 1)"
  This update, again, works correctly when I try to update without adding a new user!
  Very confused, can anyone help please!
  Thanks in advance,
  Adam.

  Hi, and thanks for the reply.
  I have used this successfully before myself... that's why this is confusing me! I have tried recreating the page with the same number and also creating a new page with a new number and the result is the same. It leads me to believe there's something else going on but I have no idea what!
  Adam.

• How to deal with expired passwords in authentication schemes?

  IHi,
  I am trying to build an authentication scheme that deals with expired passwords. After the user has provided their valid but expired password they should be redirected to a password reset page. After they have provided a new password they should be allowed to continue to the page they would have otherwise gone to had their password not expired.
  I have written my authentication processs as follows:
  CREATE OR REPLACE FUNCTION inventory_test.inventory_authentication (
  p_username IN VARCHAR2,
  p_password IN VARCHAR2
  RETURN BOOLEAN
  IS
  r1 apex_users%ROWTYPE;
  valid_password BOOLEAN;
  BEGIN
  IF p_password IS NULL
  THEN
  RETURN FALSE;
  END IF;
  SELECT *
  INTO r1
  FROM apex_users
  WHERE UPPER (username) = UPPER (p_username);
  valid_password :=
  DBMS_OBFUSCATION_TOOLKIT.md5 (input_string =&gt; p_password
  || TO_CHAR (r1.SEED, '99999')
  ) = r1.PASSWORD;
  IF valid_password AND (r1.password_expiration_date &lt; SYSDATE)
  THEN
  apex_util.set_session_state ('FSP_AFTER_PASSWORD_RESET_URL', v ('FSP_AFTER_LOGIN_URL')); -- My new application item
  apex_util.set_session_state ('FSP_AFTER_LOGIN_URL',
  'F?P=' || v ('APP_ID') || ':14:' || v ('APP_SESSION')
  END IF;
  RETURN valid_password;
  EXCEPTION
  WHEN NO_DATA_FOUND
  THEN
  RETURN FALSE;
  END;
  This redirects the user to the password reset page but FSP_AFTER_PASSWORD_RESET_URL is null - presumably because the login process changes the session.
  This seems the wrong approach anyway as the user, once authenticated, can change the page number in the URL and avoid the password reset. I would guess that I need to use the APEX_CUSTOM_AUTH package somehow. However, I am thoroughly confused about the relationship between the LOGIN and POST_LOGIN procedures. Also, I gather from other posts in this forum that there is some asynchronous processing that goes on as new sessions are created. Can someone point me in the right direction please?
  --Tony
  [http://tonyhasler.wordpress.com/][http://tonyhasler.wordpress.com/]

  Sorry for taking so long to acknowledge your helpful suggestions.
  Scott's proposal is a tiny tiny bit awkward as,if i understand it correctly, the user would have to reauthenticate after resetting the password.
  /dev/null's suggestion is actually not too bad for me. I already have each page being authorised and I use only a limited mumber of (once per session) authorization schemes. I think all I have to do is to place an extra line or two in each scheme to check the expiration date of the user's password and remember to call APEX_UTIL.RESET_AUTHORIZATIONS when the password is reset.
  I successfully redirected to the password reset page using owa_util.redirect_url from the post-authentication procedure but what I am still having trouble with is the deep-linking bit. It seems I have to obtain the target URL by 'editing' FSP_AFTER_LOGIN_URL to replace '|' characters by ':' characters and inserting the session id in the right place. Given the fact that FSP_AFTER_LOGIN_URL may not be set and that there may not be sufficient ':' characters in the URL this is very clunky.
  Is there an easier way to do this?
  --- Never mind. I worked out how to use regular expressions with SQL to do this. A full explanation is in my blog.
  --Tony
  http://tonyhasler.wordpress.com
  Edited by: TonyHasler on Sep 6, 2008 3:17 PM