User security works under localhost, but not when published to DO

Wappler General
#1

Live link: http://137.184.106.209/
user: test
pw: 111

v4.91. Node. MSSQL
I implemented Login/Logout per Ben’s videos:

All my Login/Out stuff was working perfectly, but as soon as I published to my DO Droplet, my Login fails.
I connect to the exact same database for Development and Production because I’m only reading data from the db - I’m not updating anything. No need to have separate dev/production DBs.

So why would the security subsystem fail with a 401 Not Authorized when its hitting the same MSSQL connection from DO, yet work fine from my Mac in testing. (Using the exact same credentials, of course).
I’m connecting with the SAME connection string.
One thing thats different is the IP… yet the app gets all the other data and operates fine. I have a lot of firewall blocks but nothing for my DO IP.

image
image1050×611 54.6 KB

image
image1050×460 51.8 KB

Security Login to have access to user data. Easily dynamically alter UI
#2

Have you checked to see if it has to do with the SSL not being set up on the DO?

not-secure
not-secure1742×636 76.8 KB

I get a lot of unexpected behavior when working with HTTP these days…

1 Like
#3

@nomad,
Teodor agrees with you.
You said “Have you checked…” How would I check?
Or do I just need to setup SSL on DO?

Is there a thread on that?
I went here: Managing Cloud Servers with Resource Manager
and failed. Could not import my server from DO

Then I guess I need to go here: Using Custom Domains and SSL with Let's Encrypt and Traefik
so I can install SSL?

THEN, maybe I can get back to login/logout working?

thx

#4

@Teodor @nomad
I guess I don’t exactly understand the issue here.
WHICH component is throwing the 401 Unauthorized error?
Its not my MSSQL server, nor my webserver, correct?

Is it the Security mechanism in Wappler? My MSSQL server is running on a secure SSL connection. And it doesn’t care who is connecting to it, so why does it care that a db query is coming from an unsecure DO box?
I don’t get it.

#5

It’s the security provider component, but i don’t think ssl is the cause for this. The error means the user/pass entered are wrong, or just something is wrongly setup in the login process.

#6

Right.
But from Development mode, I can use that id/pw just fine.
(It’s not like it’s a complicated pw that I can mistype)

#7

I defer to teodor on this, obviously, and it sounds like it is not SSL

The reason I suspected HTTPS to be the issue is because browsers are getting more and more strict about what they will send over HTTP on a public network. On a local network, some older security protocols or methods are still allowed. I have ran into some real head-scratchers that were solved when I just set up my SSL, and never saw a single error - stuff just didn’t work.

In my case, I always set up SSL eventually… now I just do it much sooner! Hope you’re able to track down the issue :slight_smile:

#8

solved my issue and opened Bug report.
but my Bug report isn’t approved so I don’t have a link. :frowning: