cyracks Posted February 18 Share Posted February 18 Is it possible to use basic http authentication with unigui ? I have build unigui application which is also exposed to the internet. Login form is used to identify users a little like logging in to android (numbers from 1 to 9 where you press 2 numbers to identify who you are). I do not want to enable long passwords for protection because as I said it is only meant to identify. But since app is exposed to the internet some random external user could open web page and easily guessed one of passwords. To prevent that I would like to use basic authentication which can be saved by browser and thus be transparent to valid user. Quote Link to comment Share on other sites More sharing options...
irigsoft Posted February 18 Share Posted February 18 13 minutes ago, cyracks said: use basic authentication which can be saved by browser and thus be transparent to valid user. Hi, how you thing basic auth will protect your password ? can you share some documentations for that ? I thing you can use basic auth but must make own procedure for that. Quote Link to comment Share on other sites More sharing options...
cyracks Posted February 18 Author Share Posted February 18 Basic auth would enable sort of two factor authentication. User would have to input basic authentication only for the first time, then browser would save it and from then on only numeric identification would be used (also if unigui app is accessed from some external programs, they do know how to authenticate with basic authentication). There are some workarounds, but question is really simple, can unigui app support basic http authentication ? Quote Link to comment Share on other sites More sharing options...
Wilton Ergon Posted February 19 Share Posted February 19 From what I understand, you want to save the user's name so that the next time, he only types the password, you can do this easily by saving cookies in the user's browser, and recover them the next time it is opened, the cookies are local, so when he goes to another computer he must enter the name again in addition to the password. See if this is really what you want. I believe that the term basic authentication has nothing to do with what you really need Quote Link to comment Share on other sites More sharing options...
cyracks Posted February 23 Author Share Posted February 23 Thank you for the answer and suggestion but that was not my question. I know there are workarounds but using basic authentication would enable more automatization then cookies (with basic authentication I can set the system in advanced so user does not even have to input credentials for basic authentication). Do you know if Unigui can be used with basic http authentication or how can I check it manually ? Quote Link to comment Share on other sites More sharing options...
Abaksoft Posted February 23 Share Posted February 23 18 hours ago, cyracks said: Do you know if Unigui can be used with basic http authentication or how can I check it manually ? Never use standard known web authentication. Http basic Authentication is a classical method wich concat [user + password ] in a base64 string crypt. In the futur, you will find someone who will crak this or bypass it with a simple js code passed in your html page. So, the solution is to create your own kitchen. https://learn.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/deprecation-of-basic-authentication-exchange-online Quote Link to comment Share on other sites More sharing options...
cyracks Posted February 23 Author Share Posted February 23 If I use external program where I can pre-set basic authentication with "100" characters long password nobody will crack it. Thank you for the answer but I asked how I can implement basic authentication (manual or official way) and not why that is not a good idea. Quote Link to comment Share on other sites More sharing options...
Sherzod Posted February 23 Share Posted February 23 15 minutes ago, cyracks said: how I can implement basic authentication \FMSoft\Framework\uniGUI\Demos\Desktop\HTTP Basic Authentication Quote Link to comment Share on other sites More sharing options...
cyracks Posted February 23 Author Share Posted February 23 Thank you for the right answer. Quote Link to comment Share on other sites More sharing options...
irigsoft Posted February 24 Share Posted February 24 12 hours ago, cyracks said: If I use external program where I can pre-set basic authentication with "100" characters long password nobody will crack it. Thank you for the answer but I asked how I can implement basic authentication (manual or official way) and not why that is not a good idea. Hi, I suggest you to use HMAC (it's more secure than Basic) https://stackoverflow.com/questions/22842516/web-api-basic-authentication-or-hmac-over-ssl "Is it a good and effective practice to use an HMAC to provide security to Web API calls when working over SSL, or are there any points that I am missing?" "Even if you're using SSL, an attacker who can control or get access to your initial request can pretend to be the desired HTTPS web service, and intercept your traffic easily (then get a hold of your API credentials)." HMAC example of amazon: https://www.wolfe.id.au/2012/10/20/what-is-hmac-authentication-and-why-is-it-useful/ Quote Link to comment Share on other sites More sharing options...
irigsoft Posted February 24 Share Posted February 24 14 hours ago, Sherzod said: \FMSoft\Framework\uniGUI\Demos\Desktop\HTTP Basic Authentication @Sherzod at this example how to: 1. set another users and pass ? 2. how to set Authorization Header with HMAC values ? like this example: https://www.wolfe.id.au/2012/10/20/what-is-hmac-authentication-and-why-is-it-useful/ 3. Is possible to apply Authorization Header (with HMAC) on every request after user log in, and how ? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.