LassoScript Utility
Basics Browse Detail


Tag Link [Auth_Prompt] Category Administration
Type Process Source Available Yes
Support Preferred Version 8.0
Change Unchanged Data Source Any
Output Type None Security None
Implementation LDML Sets Lasso 8.5, Lasso 8.0


[Auth_Prompt] alters the current HTTP response header with either a Basic or Digest authentication request. [Auth_Prompt] is used internally by the [Auth], [Auth_Admin], [Auth_Group], [Auth_User], and [Auth_Custom] tags.

The type of authentication can be selected using -Basic=True/False and -Digest=True/False. By default the authentication method selected in Site Administration is used. The realm for either type of authentication can be set using -Realm (defaults to Lasso Security).

Digest authentication has additional parameters: -Nonce which specifies a one-time value that is passed to the browser and back in the authentication response (defaults to [Lasso_UniqueID]). -Stale allows the digest authentication to be made stale so the browser re-prompts for authentication.

By default the [Auth_Prompt] tag issues an [Abort] after it constructs the new HTTP response header. The -NoAbort keyword instructs the tag not to [Abort] so tags that come after it can run.

By default the [Auth_Prompt] tag replaces the current HTML response with a simple HTML page saying that authentication has been requests. Most browsers do not display this HTML. The -ErrorResponse parameter allows the built-in response to over-ridden with any HTML.


[Auth_Prompt: -Digest=True, -Basic=False, -Realm='MyRealm]

[Auth_Prompt(-Digest=True, -Realm='MyRealm', -Nonce=(Lasso_UniqueID), -Stale=True)]


Optional Parameters
-Realm The name of the realm, defaults to 'Lasso Security'
-Basic Specifies if basic authentication should be used. Defaults to setting in Site Administration.
-Digest Specifies if digest authentication should be used. Defaults to setting in Site Administration.
-Nonce The nonce value for digest authentication. Defaults to [Lasso_UniqueID]
-Opaque The opaque value for digest authentication.
-Stale If specified with digest authentication then the visitor will be re-prompted for authentication by their Web browser.
-NoAbort If specified then the tag will not [Abort] after modifying the HTTP headers.
-ErrorResponse The HTML text to use for the body of the page sent with the authentication.
-Transparent Allows the HTML of the underlying page to be shown when the authentication fails. Using -Transparent disables the -ErrorResponse and -NoAbort tags.


See the Lasso 8 Language Guide for examples of how to use this tag.