Casie,
We've done this. It involves using Data Exchange by writing some code to run on our website to query F1 to verify that a person is a member or attender before allowing them access to the directory. We create a login page that asks for the person's online account login and password, and form our query to F1 with that information, as well as our church code. We receive info about that user in an XML response, which we parse and look for the member status of either member or regular attender. If the person is a member or regular attender, we put up a link to the directory, which is a single PDF file.
A better way would be to allow searching for someone's info rather than giving them the whole directory, but we don't have the money yet to develop that. But in concept it should be simple for an experienced website code writer to do.
Here's the code that our website architects (www.atomicplaypen.com)
developed to accomplish what I described in my earlier post. I don't
know exactly how it works (I am not a programmer in this
language), but the general idea is that we create a form on the webpage
and get the user to enter their F1 site login and password.
To
make this work, we created an F1 portal user account, apsite.user,
specifically to perform these queries, and this account has been given
Data Exchange security rights. We form a query using the individual
login and password, the F1 portal account apsite.user and the password
for that account, along with our church code. This forms the query to
Data Exchange in which we ask F1 for that individual's record. The
line that forms the query string is the one that begins with
"xmlns:tns='GetIndividual'". If the query string is formed correctly
and the portal user account in the string has rights to perform Data
Exchange queries, F1's server should respond with a record of the
individual with the F1 site user login provided.
The record
comes back in an XML response that we search for their membership
status. If the status is member or regular attender, we allow access.
Hoping this is useful to many,
Andrew Lang
IT Administrator
Bethlehem Baptist Church
Minneapolis Minnesota
****code begins here****
System.Text.StringBuilder payload = new System.Text.StringBuilder();
payload.Append("<?xml
version='1.0' encoding='utf-8'?><soap:Envelope
xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance'
xmlns:xsd='http://www.w3.org/2001/XMLSchema'
xmlns:soap='http://schemas.xmlsoap.org/soap/envelope/'><soap:Body><Request
xmlns='http://www.fellowshipone.com/'><sXML><tns:dataRequest
xmlns:tns='GetIndividual'><authenticateHeader><churchCode>YOURWEBLINKCHURCHCODEHERE</churchCode><user>YOURPORTALUSERLOGIN</user><password>YOURPORTALUSERPW</password><method>GetIndividual</method><version>2.0</version><methodGroup>People</methodGroup></authenticateHeader><parameters><weblink><userId>temp_username</userId><password>temp_password</password></weblink></parameters></tns:dataRequest></sXML></Request></soap:Body></soap:Envelope>");
payload.Replace("temp_username", txtUsername.Text);
payload.Replace("temp_password", txtPassword.Text);
AP.Utility.Protocol.HTTP http = new AP.Utility.Protocol.HTTP();
http.AddHeader("SOAPAction", "http://www.fellowshipone.com/Request");
http.ContentType = "text/xml";
http.Encoding = "utf-8";
http.URL = "https://services.fellowshipone.com/DataExchange/DataRequest.asmx";
http.Payload = payload;
http.Send();
if
(http.Response.ToString().Contains("<status>Member</status>")
||
http.Response.ToString().Contains("<status>Attendee</status>"))
{
FormsAuthentication.RedirectFromLoginPage(txtUsername.Text, false);
}
else if (http.Response.ToString().Contains("<ExceptionMessage>"))
{
lblUsernameError.Text = "The username/password you entered is not valid. Please try again.";
lblUsernameError.Visible = true;
}
else
{
lblUsernameError.Text = "Access to the membership directory is
currently granted only to members or regular attenders. Please contact
the church at 612-338-7653 if you are a member or regular attender and
cannot access this directory.";
lblUsernameError.Visible = true;
}
"Die before you die. There is no chance after."
-C.S. Lewis, Till We Have Faces.