0 votes

Dear all,

We have a customer in Efficy 10.2 which is using the mailing-code to auto-Logon an Extranet User by using its mailing code. For that a custom Guest page has been developed in order to get the EXTCODE and EXTPASSWORD in order to proceed the Extranet Logon, once logged in, the browser page is redirected to the Extranet.

The custom wants to migrate to Efficy 11.2, the issue is that EXTCODE and EXTPASSWORD moved to ACC_AUTH table and that EXTPASSWORD is now encrypted so we cannot proceed with the Extranet Logon from the Guest page.

Is there any way we can reproduce this behavior in Efficy 11.2 Extranet?

Best Regards,

asked in Extranet / HelpDesk by (1.8k points)

1 Answer

+1 vote
Best answer

I'm glad Efficy doesn't store any password - from users or contacts - in plain text or in a reversible way.

Note that the stored passwords are not encrypted, they are salted and hashed. This is much more secure.

Short said, you can't reproduce this unsecure behavior in 11+ versions, you will have to add e-mails into the flow. This is the common behavior for accessing a personalized section on web applications.

In a guest request, the contact is identified using the unique mailingcode. If the contact has already an extranet account, you can redirect the browser to the logon page. The person can use his browser to store the credentials or a password utility.

If the person does not have an extranet account, ask in the guest page if Efficy should send a password renewal e-mail. After the password is set, the user will be redirected to the extranet logon page.

answered by (6.8k points)
selected by
Hi Kristof,

Yes me know but the issue is that the contact has already signed in a private area on the website of the customer (the website is requesting efficy via soap to get the mailingcode of the contact), and they don't want the contact to be redirected again on another login page (the Efficy extranet login page).
The idea will be to create a SSO with their website, but it's not foreseen for the moment
So I assume there is no other solution for the moment ?

I understand that a redirect and logon again from a private part of the website is "not done".

If you need a solution in short term, I see only two possibilities:
1. Extend guest pages with the missing features from the extranet
2. Extend the private section of the website with information obtained from the Efficy /json and /node API. With the simplified session management and the support for JSON and webservices, it's easier then ever to integrate. (Recommended)
Ok, thx Kristof
Actually the extranet is quite complex (with lot of tabs, document uploads, link to online payment), so we will recommend the customer to pay for specific R&D developments to make their website communicate with Efficy for the Extranet authentication
If the customer can wait that long, that is the best solution
1,166 questions
1,424 answers
325 users