0

I have a client that has chosen to use Business Catalyst for their public facing services, and they want to access roughly four different servers for various activities. The design team has put forth a requirement to be able to log into these various servers using unique login forms on Business Catalyst for each destination.

The first issue is in having a login form within an https page. Business Catalyst has "secure zones" which can be exposed to users that have already logged into Business Catalyst, and I believe there is a way to do so without login by opening up the secure zone to a range of IP addresses. That doesn't feel like a good faith move by any developer (the secure zone is an oxymoron if it has to be exposed to everybody), so let me know if that passes the insanity check. Having the user login to Business Catalyst just so they can login to one of the secure servers is not going to work from a UX perspective.

The second issue is that Business Catalyst states that it must be within a secure zone before it can do any work with the external tools I need it to work with. This might be solved by resolving the first issue, but this has more to do with form queries in general. I have content modules that need to query these servers, without login, to pull non-critical information down as a response.

I have performed a non-exhaustive search over this weekend to try and find a graceful solution to this challenge, but it doesn't appear to be something that Business Catalyst was designed to handle.

For those of you who TLDR;

  • I need a secure way to login to 1 of 4 servers from Business Catalyst without login to Business Catalyst (Current implementation theory noted above).
  • I need a way to query non-critical information responses from 1 of 4 servers, again without login to Business Catalyst (Such as returning cost estimate results).
  • It is not acceptable to have the user login to Business Catalyst, just to pull queries or login to 1 of 4 servers.
  • It may not be possible to allow a user to access the other servers using their Business Catalyst session handles.
L84
  • 45,514
  • 58
  • 177
  • 257
C.S.
  • 422
  • 2
  • 9

1 Answers1

3

When user logs in to BC, he will get cookie in form VSVxxxxx, where xxxxxx is BC site ID. Content of cookie is hashed active session ID. Then BC exports two web service API - CRM and eCommerce. In CRM web service there's method Contact_IsLoggedIn, which take two parameters - user ID and session ID. Session ID is one from user VSVxxxxx cookie. It returns true/false, whether user is really logged in BC.

Note that BC have bit strange session handling... it lasts for 30min. no matter whether user clicks on site, or no.

nudzo
  • 17,166
  • 2
  • 19
  • 19
  • Thank you for this response. The client changed their requirement, so I cannot verify this it is a correct answer. We ended up using CORS to satisfy a handful of the interactivity requirements and everything else was removed from this release. – C.S. Feb 21 '14 at 21:11