If the WEBPCM service has the attribute CHECKUSERAUTH = TRUE, each request to WEBPCM is checked for a valid MCP usercode and password. If a valid MCP usercode and password are not supplied in the request, WEBPCM returns a “401 – Unauthorized” response to the user.

For example, if the browser is terminated in the middle of a session, the operator might have to reenter the usercode and password to continue.

WEBPCM applications can find out what usercode was used to log on by calling GET_HEADER ($REMOTE-USER), but they cannot access the password in clear text. If Basic Authentication was used, the password is contained in the authorization header in base 64 encoding.

Accesscode and Chargecode

WEBPCM recognizes and supports accesscode, accesscode password, and chargecodes that are appended to the usercode and password in the browser authorization box. When the accesscode and chargecode are supplied, they are validated with USERDATA and SECURITYSUPPORT before a Transaction Server dialog is opened.

If an accesscode or chargecode is required but not supplied in the authorization header, then the response “401 – Unauthorized” is returned.