Thanks for this response. I saved it for a while but recently got around to following your suggestions. I set this up so that AnonymousDomainUser is available at the top level folder. Then in /Projects/TestProject, I have a whole set of other users as there is no anonymous access to TestProject. When some from the right domain brings up the root folder, they match to AnonymousDomainUser but when they try to bring up TestProject, their username and password are consistently rejected. If I then go back to the security panel of the root folder and give the Anonymous role just the capability to view, they can then login properly and access TestProject, but then I have lost the domain filtering on anonymous viewers. Is there some way to have both anonymous domain-restricted access and also certain directories with only authorized-user access? Thanks. Martijn Pieters wrote:
Yes. You can make a new Role, let's call it DomainUser. You give this Role all privileges that the Anonymous Role has, and you revoke all rights from the Anonymous Role.
Now you create a new user, and call this AnonymousDomainUser. This user you give _no_ password, just leave the password fields blank. You do specify the domains however; it is a space separated list of domain specs, where each domain spec can be either a domain name, or an IP address, where wildcards can be used anywhere between the dots. For example: *.zope.org *.digicool.com 192.8.*.* is a valid domain spec. And you also give the user the DomainUser Role.
Now, as soon as a visitor comes to your site from a domain that matches the domain spec, Zope will, without asking for a password, match him against the AnonymousDomainUser User, give him the DomainUser Role, and grant that visitor access.
Anyone from any other domain will be prompted for a username and password.
-- Martijn Pieters, Software Engineer | Digital Creations http://www.digicool.com | Creators of Zope http://www.zope.org | mailto:mj@digicool.com ICQ: 4532236 | PGP: http://wwwkeys.nl.pgp.net:11371/pks/lookup?op=get&search=0xA8A32149 -------------------------------------------
-- Guy Davis mailto:davis@arc.ab.ca (403) 210-5334 Alberta Research Council