|
|
|
Home » U++ Library support » U++ MT-multithreading and servers » HttpRequest : Add custon authentication capability
| HttpRequest : Add custon authentication capability [message #46243] |
Fri, 01 April 2016 18:26  |
omari
Messages: 276
Registered: March 2010
|
Experienced Member |
|
|
Hi,
i im trying to use NTLM authentication with HttpRequest,
for NTLM, i note the following particularity:
- Use 3 "GET" request.
- Keep connection alive between at least the lasts tow request.
- Use DES encryption.
After analysis of the used authentication mechanism in HttpRequest, I propose the following patch:
1 - remove the member variable "force_diget" et "digest"
2 - add a new memerer variable String "autheticate_header"
3 - in the void HttpRequest::StartRequest(), replace :
if(!IsNull(digest))
data << "Authorization: Digest " << digest << "\r\n";
else
if(!force_digest && (!IsNull(username) || !IsNull(password)))
data << "Authorization: Basic " << Base64Encode(username + ":" + password) << "\r\n";
by
data << autheticate_header;
4 - change 401 error management, in void HttpRequest::Finish(), replace :
if(status_code == 401 && !IsNull(username)) {
String authenticate = header["www-authenticate"];
if(authenticate.GetCount() && redirect_count++ < max_redirects) {
LLOG("HTTP auth digest");
Digest(CalculateDigest(authenticate));
Start();
return;
}
}
by
if(status_code == 401) {
String authenticate = header["www-authenticate"];
if(authenticate.GetCount() && redirect_count++ < max_redirects) {
if(!IsNull(username) || !IsNull(password)) {
if(authenticate.StartsWith("Basic"))
{
autheticate_header = "Authorization: Basic " + Base64Encode(username + ":" + password)+ "\r\n";
}
else
if(authenticate.StartsWith("Digest"))
{
LLOG("HTTP auth digest");
autheticate_header = "Authorization: Digest " + CalculateDigest(authenticate) + "\r\n";
}
else
{
WhenAuthentication(*this);
}
}
else {
WhenAuthentication(*this);
}
if(keep_alive)
StartRequest();
else
Start();
return;
}
}
5 - WhenAuthentication is declared as:
Callback1<HttpRequest&> WhenAuthentication;
6 - Add a mehode void ForceBasic(String user, String pw)
void ForceBasic(String user, String pw) {autheticate_header << "Authorization: Basic " << Base64Encode(user + ":" + pw) << "\r\n";}
with this patch, a custom Authentication function can be added :
void Autenticate(HttpRequest& http)
{
String www_authenticate = http.GetHeader("www-authenticate");
if(!www_authenticate.StartsWith("NTLM"))
{
return;
}
//...
}
...
HttpReqest r;
r.WhenAuthentication = callback(Autenticate);
regards
omari.
[Updated on: Sat, 09 April 2016 17:25] Report message to a moderator |
|
|
|
|
|
|
|
| Re: HttpRequest : Add custon authentication capability [message #46329 is a reply to message #46326] |
Thu, 21 April 2016 17:32  |
omari
Messages: 276
Registered: March 2010
|
Experienced Member |
|
|
I would be happy to contribute to U++.
mirek wrote on Tue, 19 April 2016 12:05
I really did not liked "ForceBasic" - that is changing current behavior.
in the current behavior, Basic Authentication is used without explicit action from user.
for security purpose, i think that the default shall be "No Basic Authentication", and need an explicit action from user, at least if there is no SSL.
regards
omari.
|
|
|
|
|
|
Goto Forum:
Current Time: Fri May 09 22:45:20 CEST 2025
Total time taken to generate the page: 0.03019 seconds
|
|
|
Members
Pages
Help
Register
Login
Home
