You can require user IDs and passwords for each Internet-based server and application server accessed by WebClient or the WebClient application. Although user IDs and passwords are not required, using them strengthens security.

Progress recommends that you seriously consider protecting each server accessed by WebClient or the application with a user ID and password.

Prompting the end user for authentication information

Instead of embedding authentication information in a server URL, you can have WebClient prompt the end user for them when they are needed. How you enable the prompting depends on whether you are configuring an application-configuration-file server or a codebase server.

Enabling authentication for an application-configuration-file server

To enable authentication for an application-configuration-file server, go to the Application Assembler's Configuration File Locator Definition window. In the Authentication Information group box, fill in the End-User Description field and check the Prompt for ID/Password (Unless Cached) box:


Note: WebClient uses this information only if the end user starts an already-installed WebClient application by using a shortcut. For more information on starting an already-installed application with a shortcut, see Deploy a WebClient Application
Enabling this option displays the following authentication prompt to the end user:


Enabling authentication for a codebase server

To enable authentication for a codebase server, go to the Application Assembler's Codebase Locator Definition window. In the Authentication Information group box, fill in the End-User Description field. Then, check the Prompt for ID/Password (Unless Cached) box, and finally, if the codebase server is an application server, check the Prompt for AppServerID/Password/Info String (Unless Cached) box:


Enabling this option displays the following authentication prompt to the end user: