Overriding Session Authentication rules
Table of contents
This type of Web site rule is only usable when Internet sites are being used on the server.
If Session Authentication is enabled on the Domino server, then the browser client is expected to send a cookie to the server to identify the user who is attempting to access the server resource. If a request reaches the server without a cookie, then the user is presumed to not be authenticated and is seen as an anonymous user.
If Session Authentication is disabled on the server, then the client sends a special Authentication header that contains the user name and password for the user. This is known as HTTP Basic Authentication. Some technologies, such as RSS feed readers and WebDAV clients, are only able to use Basic Authentication. If there are any RSS feed readers, WebDAV clients, or other Basic Authentcation-only clients accessing the server, they require Basic Authentication be enabled on the server. Unfortunately this may conflict with other requirements that necessitate having Session Authentication enabled on the server.
For this reason, the Override Session Authentication Rule was introduced in Domino 7.0.2. This rule allows the server to use Basic Authentication for specific requests, while Session Authentication is used for all other requests. The rule must be configured for the URLs that need to use Basic Authentication. This is done by populating the Incoming URL Pattern field after you create the rule.
Wildcard characters can be used to match multiple URLs, and multiple rule documents can be created if necessary.