Documents/uHTTP Lib Auth

From Nutwiki
Jump to: navigation, search

MicroHTTP Library: Basic Authentication

On this page we will look into basic access authentication, as it is provided by the MicroHTTP library.

Note, that this type of authentication will transmit user names and passwords over the line with Base64 encoding only, which can be easily converted back to human readable text. Additional techniques like TLS must be used to secure the connection.

Enabling Access Protection

Applications can protect access to specific paths within their web content by calling

int HttpRegisterAuthBasic(const char *path, const char *login, const char *realm);

If any requested URL starts with the given path, then the server will send back a 401 response, which tells the client, that access to the requested resource requires authentication. The browser will typically display the realm and prompt the user for name and password.

Let's say, that on our webserver we move all protected files into a subdirectory named admin. Then the following code snippet starts a webserver, where all URLs starting with the word admin are protected by user name root and password secret. On the first access, the browser will prompt the user with an Admin Login dialog.

StreamInit();
MediaTypeInitDefaults();
HttpRegisterAuthBasic("admin", "root:secret", "Admin Login");
StreamClientAccept(HttpdClientHandler, NULL);

Next Step

Beside allowing authenticated users to modify the device's configuration remotely, you may further offer the capability to upgrade the firmware via the web interface by uploading files.