Setting up Site Security Settings

Using the Security Provider you can define the security settings for the whole project and reuse them on all of your pages. We will go through each of the available options - from single user to database users and explain how to set them up.

Setting Up Security Provider

The Security Settings you create are globally available for all your server actions across your project. You need to setup your Security Provider once, and then you can reuse it in all the steps which require any kind of security - log in, log out or restrict access.

You will find the security settings in the Server Connect Panel, under Globals:

Right click Security Provider and click Add Security Provider:

And you are done. Now we need to select the security provider type and set it up. There are 3 types of Security Provider - Single, Static List and Database.

Single User

This is the simplest security option. Using it, you just define a single user for your site - so just enter the username and password here. This is very useful, when your site only has one user and you don’t need database to store usernames and passwords:

Just enter the username and password you want to use in order to log in:

Static Users List

The next option is Static Users list. Database is not required here as well. You define a list of users and permissions (optional) for them.:

Click the Users and Permissions button to create your users list:

First define a new user:

Enter a username and password, then click OK:

This way you can define as many users as you like:

You can edit or remove any of the users you created:

You can setup different permissions and assign users to them. Later you can use these permissions to restrict access to the pages, depending on the permission or show/hide data on the page. Click the Permissions tab:

Then create a new one:

Enter a name for this permission:

Then select which of the existing users to assign it to:

Click OK:

And you are done. You can create as many permissions as you need.
Click the OK button:

Database Users

The last and most advanced Security Provider type is the Database one. Before using it, make sure you’ve defined a Database Connection:

Select your database connection in the Connection field:

And open the Users & Permission options:

In the users panel, select the database table which stores your users data:

Select the identity column of your table:

Then select the table column which stores the usernames - the ones you ask users to enter on the login screen, do the same for the password field:

And you are done. If you need, you can add permissions and conditions for them. Click the Add new permission button.
Note that this step is not mandatory, so if you don’t need different permissions for your site just skip it. :

Add a name for this permission:

Next, select the database table which you will use to check permissions. That is really useful if you have 2 different database tables - one for logins, and another which stores just the user ids with the permissions assigned to them. And then select the identity column of this database table:

Add a condition for this permission i.e. when should this permission apply and for which users:

Select a column, condition and a value. In our case, we select - when the column role equals 1. So the permission we created will affect all users which roles are set to 1:

You can setup as many permissions and conditions as you need. Click Ok when you are done:

Cookie Options

There are a few options for the cookies, created when your users log in:

  • Domain: The domain for your cookie (e.g., ’ example.com ’ or ’ subdomain.example.com '). If not specified, this defaults to the host portion of the current document location.

  • Path: (e.g., ’ / ', ’ /mydir ') If not specified, defaults to the current path of the current document location.

  • Expires: Set after how many days should the login cookie expire.

  • Secure: Signals to the browser that it should only include the cookie in requests transmitted over a secure channel.

  • Same Site: Learn more at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite

And you are done. Don’t forget to click the Save button in Server Connect panel. Now you can use this security provider to log users in, protect your data APIs and protect your pages.

1 Like

what is the identity column.

trying this again… I am using a database. I want “Table 1 is called users”… and “Table 2 is called permissions.”

in table 1 I made a reference field called “roleid” . columns are id (auto inc) and role. 1 = admin, 2= customer.

what is the identify column… – the role column or is it just the autoinc column in table 1.

good job on the internal database editor by the way. :slight_smile:

The identity column is the unique ID column of your users table.

1 Like

Sadly this is completely out of date for Wap 4+
Aside making a lot of assumptions to the initial set up … especially if as marketed a no-code tool…
its not very intuitive , the UX is questionable, and there will be a big put off for non code types like my self…
This is the experience in all aspects so far.

1 Like

Hi @UDX, welcome aboard.

Unfortunately, you will not be able to access many of the server side modules, including site security, while using the basic version of Wappler.

I have made a video tutorial showing how to do this without writing any code. This video is based on using Wappler Pro:

Hey!

i just started to set mine up to day, and legit was exactly the same, i have the pro license of wappler, idk if its different for free version, but if your coming from bubble like i am, get the pro version, its main reason to use this editor.

I wouldnt say this has been marketed as no code, its for sure low code, and on the home page youll see a mixture of code and no code. You can do this fully with no code, but i imagine its going to help alot with some basic code knowledge. Ive only spent a week so far, its a huge task to learn, but its getting clearer for me every hour

2 Likes