To publish databases to the Web via IWP, you need to enable and configure IWP on the host machine, and you need to set up one or more database files to allow IWP access. Each of these topics is covered in detail in the sections that follow.
Using FileMaker Pro, you can share up to 10 databases with up to five users. To share more files or share with more users, you need to use FileMaker Server Advanced as your IWP host. FileMaker Pro can serve only files that it opens as a host. That is, its not possible for FileMaker Pro to open a file as a guest of FileMaker Server Advanced and to further share it to IWP users.
Figure 21.4 shows the Instant Web Publishing setup screen in FileMaker Pro. In Windows, you get to this screen by choosing Edit, Sharing, Instant Web Publishing. On Mac, choose FileMaker Pro, Sharing, Instant Web Publishing. The top half of the Instant Web Publishing dialog box relates to the status of IWP at the application level; the bottom half details the sharing status of any currently open database files. The two halves function independently of one another and are discussed separately here. For now, we e just concerned with getting IWP working at the application level and therefore limit our discussion to the options on the top half of the Instant Web Publishing dialog box.
Turning Instant Web Publishing on and off is as simple as toggling the Off/On selection. Selecting On enables this particular copy of FileMaker Pro to act as an IWP host. You can choose the language that will be used on the IWP Database Homepage and in the status area. You can also configure a handful of advanced options, as shown in Figure 21.5.
By default, IWP is configured to use port 80 on the host machine. If another application, such as a web server, is already using that port, you see an error message and are asked to specify a different port to use. FileMaker, Inc., has registered port 591 with the Internet Assigned Numbers Authority (IANA), so thats the recommended alternative port number. The only downside of using a port other than 80 is that users need to explicitly specify the port as part of the URL to access IWP. For instance, instead of typing 127.0.0.1, your users would need to type 127.0.0.1:591 (or whatever port number you specified).
Note
If you are using Mac OS X, you may be asked to type your computers pass phrase if you attempt to change the port number when configuring IWP within the FileMaker client.
If you know the IP addresses of the machines your IWP users will use when accessing your solution, you can greatly increase your solutions security by restricting access to only those addresses. Multiple IP addresses can be entered as a comma-separated list. You can use an asterisk (*) as a wildcard in place of any part of the IP address (except for the first part). That is, entering 192.168.101.* causes any IP address from 192.168.101.0 to 192.168.101.255 to be accepted. Entering 192.* allows access to any user whose IP address begins with 192.
If you don set IP restrictions, anyone in the world who knows the IP address of your host machine and has network access to it can see at least the IWP Database Homepage (which lists IWP-enabled files). And if youve enabled the Instant Web Publishing extended privilege on the Guest privilege set, remote users could open the files as well. This is, of course, exactly the behavior youd want when IWP is used as part of a publicly accessible website.
You can enable two activity logs for tracking and monitoring your IWP solution: the application log and the access log.
The application log tracks script errors and web publishing errors:
The access log records all IWP activity at a granular level: Every hit is recorded, just as youd find with any web server. As a result, the access log can grow quite large very quickly, and there are no mechanisms that allow for automatic purging of the logs. Be sure to check the size of the logs periodically and to prune them as necessary to keep them from eating up disk space. (A knowledgeable system administrator can configure both Windows and Mac OS X to periodically trim or rotate logs to prevent uncontrolled log growth.)
Note
Each of the two logs can be read with any text editor, but you may find it helpful to build a FileMaker database into which you can import log data. It will be much easier to read and search that way.
The final option on the Advanced Web Publishing Options dialog box is the setting for the session disconnect time. As mentioned previously, IWP establishes a unique database session for each web user. This means that as a user interacts with the system, things such as global values, the current layout, and the active found set are remembered. Rather than just treating requests from the Web as discrete and unrelated events, as was the case in previous incarnations of IWP, the host maintains session data on each IWP user.
Because only five sessions can be active at any given time when FileMaker Pro is being used as an IWP host, its important that sessions be ended at some point. A session can be ended in several ways:
Are your IWP sessions not ending when you think they should? See "Problems Ending IWP Sessions" in the "Troubleshooting" section at the end of this chapter. |
Clicking on the house icon in the status area to return to the Database Homepage does not end a session. If a user reenters the file from the Database Homepage without ending his session, he returns to exactly the same place he left, even if a startup script or default layout is specified for the file.
One of the best features of the FileMaker product line is the capability to do web publishing directly from files hosted by FileMaker Server Advanced. Using FileMaker Pro as an IWP host works well for development, testing, and some limited deployment situations, but for many business applications, youll find that you want the added power and stability that come from using FileMaker Server Advanced for this purpose.
Using FileMaker Server Advanced as your IWP host provides several significant benefits. The first is simply that it scales better. With FileMaker Pro, you are limited to 5 concurrent IWP sessions; with FileMaker Server Advanced, you can have up to 100 IWP sessions. FileMaker Server Advanced can also host up to 125 files, compared to FileMaker Pros 10. Even more important, you have the option to use SSL for data encryption when using FileMaker Server Advanced as the web host. FileMaker Server Advanced is a more reliable web host as well. It is more likely that the shared files will always be available for web users, that theyll be backed up on a regular basis, and that the sites IP address won change when you use FileMaker Server. (Even in organizations that use dynamic addressing for desktop machines, servers are typically assigned static IP addresses.)
Chapter 25, "FileMaker Server and Server Advanced," covers in detail the various components and installation options of FileMaker Server and the Web Publishing Engine. Chapter 23, "Custom Web Publishing," also contains a good deal of installation and configuration information. Here, well assume that you have all the required components in place and will merely touch on the relevant configuration screens in the FileMaker Server Web Publishing Administration Console (WPAC). WPAC is a web-based configuration tool that allows you to attach a Web Publishing Engine to a FileMaker Server and configure it. As shown in Figure 21.6, you turn on Instant Web Publishing for FileMaker Server simply by toggling the On/Off buttons on the Publishing Engine configuration page. This page isby design, of coursequite similar to the IWP configuration dialog in the FileMaker Pro desktop application.
On the General Settings page, as shown in Figure 21.7, you can specify logging and session disconnection settings. These are analogous to their FileMaker Pro counterparts, which were discussed in depth in the preceding section. Refer to that section if you need additional information about what is contained in the logs or the significance of the session disconnection setting. The logs are written as text files in the following directory on the web server:
Mac OS X: /Library/FileMaker Server 8/Web Publishing/logs
Windows: Program FilesFileMakerFileMaker Server 8Web Publishinglogs
You can see a list of the databases that are accessible via IWP on the server by going to the FileMaker Server Published Databases page, shown in Figure 21.8. For a database to be IWP-accessible, one or more privilege sets needs to have the fmiwp extended privilege enabled. Theres no configuration or setup that you need to do in WPAC nor to the files themselves before hosting them with FileMaker Server. In fact, even while a file is being hosted by FileMaker Server, a user with the privilege to manage extended privileges can use FileMaker Pro to open the file remotely and edit the privilege sets so that the file is or isn IWP accessible.
Note
If you want a file to be accessible via IWP, but not to show up on the Database Homepage, you need to open the file with FileMaker Pro (open it directly, that is, not simply as a guest of FileMaker Server) and go into the Instant Web Publishing configuration screen. After you are there, select the file and then check the Don Display in Instant Web Publishing Homepage check box. You do not need to actually enable IWP or add any extended privileges to privilege sets to have access to this setting.
Security for Instant Web Publishing users is managed the same way its managed for FileMaker Pro users: via accounts and privileges. Accounts and privileges also dictate which database files are accessible via IWP. To be shared via IWP, a particular file needs to be open, and one or more privilege sets in that file needs to have the fmiwp extended privilege enabled. This is true regardless of whether you plan to use FileMaker Pro or FileMaker Server Advanced as the web host.
You assign the fmiwp extended privilege to a privilege set in any of three ways:
For more information on what extended privileges are and how to assign them to a privilege set, see "Extended Privileges," p. 342. |
Note
To assign extended privileges in any of these ways, a user must be logged in with a password that grants rights to Manage Extended Privileges.
The other sharing option you can configure on the Instant Web Publishing setup screen is whether the database name appears on the Database Homepage. In a multifile solution, you may want to have only a single file appear there so that users are forced to enter the system through a single, controlled point of entry.
Note
Any changes made in the sharing settings and privileges for a file take effect immediately; you do not need to restart FileMaker or close the file.
When users type the IP address (or domain name) of the IWP host in their browsers, the first thing theyll see is the IWP Database Homepage, an example of which is shown in Figure 21.9). The Database Homepage lists, in alphabetical order, all files on the host machine that have at least some privilege sets with the fmiwp extended privilege enabled. The Database Homepage cannot be suppressed, though it can be customized or replaced, as explained later in this chapter.
Users aren prompted for a password on their way to the Database Homepage. The password prompt occurs (unless you are logged in as a guest, as described in the following bulleted list) when users first try to interact with a database. IWP now uses an HTML forms-based interface for entering a username and password. To be authenticated, users must enter an active, valid username and password, and their accounts must be associated with a privilege set that has the fmiwp extended privilege enabled.
You should know a number of things about how accounts and privileges are authenticated under IWP:
If you e having difficulty getting past the password prompt from the IWP home page, see "Logging into an IWP-Enabled Database" in the "Troubleshooting" section at the end of this chapter. |
Tip
You can create a script that uses the new account management script steps to create your own customized login routine. Users would use Guest privileges to get to your login screen, and then your script would use the Re-login step to reauthenticate them as different users.
After a user is authenticated as a valid user of the file, that users privilege set then controls which actions can be performed, just as it does for users of the FileMaker Pro desktop application. Field and layout restrictions, record level access, creation and deletion of recordsall of these are managed exactly the same for IWP users as for FileMaker Pro users. The capability to make use of this unified security model is truly one of the best features of FileMaker IWP and makes it much simpler to deploy robust and secure IWP solutions.
For more information about setting up user accounts and privileges, see Chapter 12, "Implementing Security," p. 325. |
You will likely want to restrict your IWP users to some set of IWP-friendly layouts. If you have users who sometimes access your file via FileMaker (when they e in the office) and sometimes via IWP (from home), consider setting up two separate accounts for those people: one that has the fmiwp extended privilege and one that doesn .
Part I: Getting Started with FileMaker 8
FileMaker Overview
Using FileMaker Pro
Defining and Working with Fields
Working with Layouts
Part II: Developing Solutions with FileMaker
Relational Database Design
Working with Multiple Tables
Working with Relationships
Getting Started with Calculations
Getting Started with Scripting
Getting Started with Reporting
Part III: Developer Techniques
Developing for Multiuser Deployment
Implementing Security
Advanced Interface Techniques
Advanced Calculation Techniques
Advanced Scripting Techniques
Advanced Portal Techniques
Debugging and Troubleshooting
Converting Systems from Previous Versions of FileMaker Pro
Part IV: Data Integration and Publishing
Importing Data into FileMaker Pro
Exporting Data from FileMaker
Instant Web Publishing
FileMaker and Web Services
Custom Web Publishing
Part V: Deploying a FileMaker Solution
Deploying and Extending FileMaker
FileMaker Server and Server Advanced
FileMaker Mobile
Documenting Your FileMaker Solutions