Enabling and Configuring IWP
To publish databases to the Web via IWP, you need to enable and configure IWP on the host machine, and you need to set up one or more database files to allow IWP access. Each of these topics is covered in detail in the sections that follow.
Configuring FileMaker Pro for IWP
Using FileMaker Pro, you can share up to 10 databases with up to five users. To share more files or share with more users, you need to use FileMaker Server Advanced as your IWP host. FileMaker Pro can serve only files that it opens as a host. That is, its not possible for FileMaker Pro to open a file as a guest of FileMaker Server Advanced and to further share it to IWP users.
Figure 21.4 shows the Instant Web Publishing setup screen in FileMaker Pro. In Windows, you get to this screen by choosing Edit, Sharing, Instant Web Publishing. On Mac, choose FileMaker Pro, Sharing, Instant Web Publishing. The top half of the Instant Web Publishing dialog box relates to the status of IWP at the application level; the bottom half details the sharing status of any currently open database files. The two halves function independently of one another and are discussed separately here. For now, we e just concerned with getting IWP working at the application level and therefore limit our discussion to the options on the top half of the Instant Web Publishing dialog box.
Figure 21.4. To enable Instant Web Publishing in FileMaker Pro, simply select On on the IWP configuration screen.
Turning Instant Web Publishing on and off is as simple as toggling the Off/On selection. Selecting On enables this particular copy of FileMaker Pro to act as an IWP host. You can choose the language that will be used on the IWP Database Homepage and in the status area. You can also configure a handful of advanced options, as shown in Figure 21.5.
Figure 21.5. On the Advanced Web Publishing Options dialog box, you can configure the port number, logging options, IP restrictions, and session disconnect time.
Port Number
By default, IWP is configured to use port 80 on the host machine. If another application, such as a web server, is already using that port, you see an error message and are asked to specify a different port to use. FileMaker, Inc., has registered port 591 with the Internet Assigned Numbers Authority (IANA), so thats the recommended alternative port number. The only downside of using a port other than 80 is that users need to explicitly specify the port as part of the URL to access IWP. For instance, instead of typing 127.0.0.1, your users would need to type 127.0.0.1:591 (or whatever port number you specified).
Note
If you are using Mac OS X, you may be asked to type your computers pass phrase if you attempt to change the port number when configuring IWP within the FileMaker client.
Security
If you know the IP addresses of the machines your IWP users will use when accessing your solution, you can greatly increase your solutions security by restricting access to only those addresses. Multiple IP addresses can be entered as a comma-separated list. You can use an asterisk (*) as a wildcard in place of any part of the IP address (except for the first part). That is, entering 192.168.101.* causes any IP address from 192.168.101.0 to 192.168.101.255 to be accepted. Entering 192.* allows access to any user whose IP address begins with 192.
If you don set IP restrictions, anyone in the world who knows the IP address of your host machine and has network access to it can see at least the IWP Database Homepage (which lists IWP-enabled files). And if youve enabled the Instant Web Publishing extended privilege on the Guest privilege set, remote users could open the files as well. This is, of course, exactly the behavior youd want when IWP is used as part of a publicly accessible website.
Logging
You can enable two activity logs for tracking and monitoring your IWP solution: the application log and the access log.
The application log tracks script errors and web publishing errors:
- Script errorsThese errors occur when a web user runs a script that contains nonweb-compatible script steps. See the section "Scripting for IWP," later in this chapter, for more information about what particular steps are not web compatible. A script error can also occur if a user attempts to do something (via a script) thats not permitted by that users privilege set. Logging script errorsespecially as you e testing an existing solution for IWP friendlinessis a great way to troubleshoot potential problems.
- Web publishing errorsThese errors include more generic errors, such as "page not found" errors. The log entry generated by one of these generic errors is very sparse and may not be terribly helpful for troubleshooting purposes.
The access log records all IWP activity at a granular level: Every hit is recorded, just as youd find with any web server. As a result, the access log can grow quite large very quickly, and there are no mechanisms that allow for automatic purging of the logs. Be sure to check the size of the logs periodically and to prune them as necessary to keep them from eating up disk space. (A knowledgeable system administrator can configure both Windows and Mac OS X to periodically trim or rotate logs to prevent uncontrolled log growth.)
Note
Each of the two logs can be read with any text editor, but you may find it helpful to build a FileMaker database into which you can import log data. It will be much easier to read and search that way.
Ending a Session
The final option on the Advanced Web Publishing Options dialog box is the setting for the session disconnect time. As mentioned previously, IWP establishes a unique database session for each web user. This means that as a user interacts with the system, things such as global values, the current layout, and the active found set are remembered. Rather than just treating requests from the Web as discrete and unrelated events, as was the case in previous incarnations of IWP, the host maintains session data on each IWP user.
Because only five sessions can be active at any given time when FileMaker Pro is being used as an IWP host, its important that sessions be ended at some point. A session can be ended in several ways:
- A user can click the Log Out button in the status area.
- The Exit Application script step ends an IWP session and returns the user to the Database Homepage.
- You can terminate a session after a certain amount of inactivity. The default is 15 minutes, but you can set it to anything from 1 to 60 minutes.
Are your IWP sessions not ending when you think they should? See "Problems Ending IWP Sessions" in the "Troubleshooting" section at the end of this chapter. |
Clicking on the house icon in the status area to return to the Database Homepage does not end a session. If a user reenters the file from the Database Homepage without ending his session, he returns to exactly the same place he left, even if a startup script or default layout is specified for the file.
Configuring FileMaker Server Advanced for IWP
One of the best features of the FileMaker product line is the capability to do web publishing directly from files hosted by FileMaker Server Advanced. Using FileMaker Pro as an IWP host works well for development, testing, and some limited deployment situations, but for many business applications, youll find that you want the added power and stability that come from using FileMaker Server Advanced for this purpose.
Using FileMaker Server Advanced as your IWP host provides several significant benefits. The first is simply that it scales better. With FileMaker Pro, you are limited to 5 concurrent IWP sessions; with FileMaker Server Advanced, you can have up to 100 IWP sessions. FileMaker Server Advanced can also host up to 125 files, compared to FileMaker Pros 10. Even more important, you have the option to use SSL for data encryption when using FileMaker Server Advanced as the web host. FileMaker Server Advanced is a more reliable web host as well. It is more likely that the shared files will always be available for web users, that theyll be backed up on a regular basis, and that the sites IP address won change when you use FileMaker Server. (Even in organizations that use dynamic addressing for desktop machines, servers are typically assigned static IP addresses.)
Chapter 25, "FileMaker Server and Server Advanced," covers in detail the various components and installation options of FileMaker Server and the Web Publishing Engine. Chapter 23, "Custom Web Publishing," also contains a good deal of installation and configuration information. Here, well assume that you have all the required components in place and will merely touch on the relevant configuration screens in the FileMaker Server Web Publishing Administration Console (WPAC). WPAC is a web-based configuration tool that allows you to attach a Web Publishing Engine to a FileMaker Server and configure it. As shown in Figure 21.6, you turn on Instant Web Publishing for FileMaker Server simply by toggling the On/Off buttons on the Publishing Engine configuration page. This page isby design, of coursequite similar to the IWP configuration dialog in the FileMaker Pro desktop application.
Figure 21.6. Use the Web Publishing Administration Console to allow FileMaker Server Advanced to host IWP-enabled databases.
On the General Settings page, as shown in Figure 21.7, you can specify logging and session disconnection settings. These are analogous to their FileMaker Pro counterparts, which were discussed in depth in the preceding section. Refer to that section if you need additional information about what is contained in the logs or the significance of the session disconnection setting. The logs are written as text files in the following directory on the web server:
Mac OS X: /Library/FileMaker Server 8/Web Publishing/logs
Windows: Program FilesFileMakerFileMaker Server 8Web Publishinglogs
Figure 21.7. Logging and session disconnection options are specified on the General Settings page.
You can see a list of the databases that are accessible via IWP on the server by going to the FileMaker Server Published Databases page, shown in Figure 21.8. For a database to be IWP-accessible, one or more privilege sets needs to have the fmiwp extended privilege enabled. Theres no configuration or setup that you need to do in WPAC nor to the files themselves before hosting them with FileMaker Server. In fact, even while a file is being hosted by FileMaker Server, a user with the privilege to manage extended privileges can use FileMaker Pro to open the file remotely and edit the privilege sets so that the file is or isn IWP accessible.
Figure 21.8. WPAC lists all the web-accessible databases on the server, but you don need to do any configuration here at the file level to allow something to be shared to IWP.
Note
If you want a file to be accessible via IWP, but not to show up on the Database Homepage, you need to open the file with FileMaker Pro (open it directly, that is, not simply as a guest of FileMaker Server) and go into the Instant Web Publishing configuration screen. After you are there, select the file and then check the Don Display in Instant Web Publishing Homepage check box. You do not need to actually enable IWP or add any extended privileges to privilege sets to have access to this setting.
Sharing and Securing Files via IWP
Security for Instant Web Publishing users is managed the same way its managed for FileMaker Pro users: via accounts and privileges. Accounts and privileges also dictate which database files are accessible via IWP. To be shared via IWP, a particular file needs to be open, and one or more privilege sets in that file needs to have the fmiwp extended privilege enabled. This is true regardless of whether you plan to use FileMaker Pro or FileMaker Server Advanced as the web host.
You assign the fmiwp extended privilege to a privilege set in any of three ways:
- Go to File, Define, Accounts & Privileges. On the Extended Privileges tab, youll see a list of the various extended privileges and be able to assign fmiwp to any privilege sets you want.
For more information on what extended privileges are and how to assign them to a privilege set, see "Extended Privileges," p. 342. |
- Also in File, Define, Accounts & Privileges, on the Privilege Sets tab, you can select fmiwp as an extended privilege for the currently active privilege set.
- On the Instant Web Publishing setup screen (refer to Figure 21.4), the bottom half of the screen shows a list of open database files. When you select a particular database, you can manage the fmiwp extended privilege right from this screen. If you select All Users or No Users, the fmiwp extended privilege is granted or removed from all privilege sets in the file. You can also select Specify Users By Privilege Set to select those privilege sets that should have access to IWP. Although the words extended privilege and fmiwp never appear on this screen, it functions exactly the same as the Extended Privilege detail screen. This screen is intended to be more user friendly and convenient, especially when working with multiple files.
Note
To assign extended privileges in any of these ways, a user must be logged in with a password that grants rights to Manage Extended Privileges.
The other sharing option you can configure on the Instant Web Publishing setup screen is whether the database name appears on the Database Homepage. In a multifile solution, you may want to have only a single file appear there so that users are forced to enter the system through a single, controlled point of entry.
Note
Any changes made in the sharing settings and privileges for a file take effect immediately; you do not need to restart FileMaker or close the file.
When users type the IP address (or domain name) of the IWP host in their browsers, the first thing theyll see is the IWP Database Homepage, an example of which is shown in Figure 21.9). The Database Homepage lists, in alphabetical order, all files on the host machine that have at least some privilege sets with the fmiwp extended privilege enabled. The Database Homepage cannot be suppressed, though it can be customized or replaced, as explained later in this chapter.
Figure 21.9. The Database Homepage provides users with a list of accessible files.
Users aren prompted for a password on their way to the Database Homepage. The password prompt occurs (unless you are logged in as a guest, as described in the following bulleted list) when users first try to interact with a database. IWP now uses an HTML forms-based interface for entering a username and password. To be authenticated, users must enter an active, valid username and password, and their accounts must be associated with a privilege set that has the fmiwp extended privilege enabled.
You should know a number of things about how accounts and privileges are authenticated under IWP:
- As in regular FileMaker authentication, the password is case-sensitive (although the account name is not).
- IWP ignores any default login account information that has been set up under File Options.
- IWP does not support the Account option to require users to change their passwords after the next successful login. Changing passwords is not a feature supported by IWP. If this option has been set, the web user who tries to log in with that username and password receives an Error 211, Password Has Expired, and cannot enter the system.
- If the Guest account has been activated and given the fmiwp extended privilege, users might not be prompted for a username/password to access the database. To skip the login screen, though, its necessary that the fmiwp extended privilege be assigned only to the [Read-Only Access] privilege set (the privilege set used by the Guest account). Anyone automatically logged in in this fashion will have the privileges of the Guest account. Such a configuration would typically be used only for websites that need to be accessed by the general public.
If you e having difficulty getting past the password prompt from the IWP home page, see "Logging into an IWP-Enabled Database" in the "Troubleshooting" section at the end of this chapter. |
Tip
You can create a script that uses the new account management script steps to create your own customized login routine. Users would use Guest privileges to get to your login screen, and then your script would use the Re-login step to reauthenticate them as different users.
After a user is authenticated as a valid user of the file, that users privilege set then controls which actions can be performed, just as it does for users of the FileMaker Pro desktop application. Field and layout restrictions, record level access, creation and deletion of recordsall of these are managed exactly the same for IWP users as for FileMaker Pro users. The capability to make use of this unified security model is truly one of the best features of FileMaker IWP and makes it much simpler to deploy robust and secure IWP solutions.
For more information about setting up user accounts and privileges, see Chapter 12, "Implementing Security," p. 325. |
You will likely want to restrict your IWP users to some set of IWP-friendly layouts. If you have users who sometimes access your file via FileMaker (when they e in the office) and sometimes via IWP (from home), consider setting up two separate accounts for those people: one that has the fmiwp extended privilege and one that doesn .
Категории