EzDevInfo.com

http-basic-authentication interview questions

Top http-basic-authentication frequently asked interview questions

Facebook Connect and HTTP basic authentication

I am working on a site that uses Facebook Connect for user login/creation. I have a development server which is used for QA, and I'd like it to be password protected. We wanted to use HTTP basic authentication, but that seems to break Facebook Connect (it falls in a loop). Does anybody know why that may be happening?

I believe that basic authentication is done on a browser basis, and all the communication between Facebook and our site is done in the browser of the user. What could be the problem?


Source: (StackOverflow)

Jquery .ajax fails when basic auth username has @ symbol (ios / cordova)

I have a phonegap app w/ jQuery 1.9.1 Worked great as long as the username doesn't have '@' symbol in it (like in email addresses). It only fails on iOS.

I suspect it's probably not urlencoding the @ sign or something.

  • iPhone, it never hits any callbacks (done, fail or always), Wireshark shows request doesn't get to the server.
  • Chrome Desktop: works fine.
  • Android, works fine.

     $.ajax({
            url: "https://" + this.hostname + "/alertusmw/services/rest/" + endPoint,
            type: method,
            dataType: 'json',
            contentType: 'application/com.alertus-v1.0+json',
            cache:false,
            username: this.username,
            password: this.password,
            beforeSend: function (xhr) {
                xhr.setRequestHeader("Authorization",
                    "Basic " + $.base64.encode(this.username + ":" + this.password));
            },
            data: options.data
        }).done(function(response) {
            console.log("DONE: " + method + ' completed: ');
            console.log(response);
            options.success( response );
        })
        .fail(function(jqXHR, textStatus, errorThrown) {
            console.log("FAIL: " + method + " FAILED: " + textStatus + "\n" + "ERROR THROWN: " + errorThrown);
            console.log("jqXHR thing: ", jqXHR);
            options.error(jqXHR,textStatus,errorThrown);
        })
        .always(function(jqXHR, textStatus, errorThrown) {
            console.log("In the always", jqXHR, textStatus, errorThrown);
        });
    
    • Verified the base64 header is identical on iphone and chrome desktop.
    • It's not an ssl cert issue.
    • It's not a cors issue
    • It's not an invalid user/pass

Again works perfectly if username doesn't have an '@'

The reason I suspect it's something with url encoding is if it was posting it as: https://user@domain:password@blah.domain.com, the browser wouldn't probably include the domain:password part as the host (since the first @ is what separates user:pass from the domain...

Here's what clued me in to this:

enter image description here

^-- I thought the entire point of base64 encoding was exactly to avoid special characters causing issues... so I thought that maybe this was chrome being helpful...

Related SO Posts: - Basic Authentication fails in cordova ios (no answers, slightly different)


Source: (StackOverflow)

Advertisements

Is there a server agnostic way to implement BASIC Authentication?

I am attempting to add BASIC authentication to my RESTful web-service. Currently I have BASIC authentication for an Apache Tomcat 6.0 server, but I need to deploy my web-service on a WebSphere application server ver. 6.1 as well and I am having problems getting BASIC authentication running on WebSphere.

Is there a way in Java to check the authentication headers of an HTTP request and if the username/password provided (in Base64 encoding) doesn't match a known account force the user to enter in a new username/password?

I have tried implementing Spring Security, but since my project was made entirely without Spring it has been a huge pain trying to get it to work, and I am attempting to find a simple solution to my rather simple problem.

Technologies that I am currently using include: Java, Jersey/JAX-RS, Eclipse with Maven plugin.


Source: (StackOverflow)

Check if the user is authorized (HTTP Basic Authentication, Rails 3.0.9)

I'm using HTTP Basic Authentication with Rails 3.0.9 and I need to check if the user is authorized to show some elements in my html.erb files. How can I do that?


Source: (StackOverflow)

Jsoup connection with basic access authentication

Is there a way in Jsoup to load a document from a website with basic access authentication?


Source: (StackOverflow)

How can I retrieve Basic Authentication credentials from the header?

I am trying to write some simple tests User Authentication mechanism which uses Basic Authentication. How can I retrieve the credentials from the header?

string authorizationHeader = this.HttpContext.Request.Headers["Authorization"];

Where do I go from here? There are several tutorials but I new to .NET and authentication, could you explain in your answer exactly step-by-step the what and why you are doing.


Source: (StackOverflow)

Backbone HTTP basic rest api authentication

I am using Backbone.js and it communicates with a stateless rest API. Some calls require authentication, through HTTP basic.

What I don't understand is, somehow I have to authenticate each request, how could I do this securely? My first thought was to have a cookie, store the username and password but this would be vulnerable?

Can this be done securely?


Source: (StackOverflow)

HTTPS and BASIC authentication

When I use HTTP BASIC authentication along with HTTPS, are the username and password securely passed to the server?

I would be happy if you can help me with some references.

I mean, it would be great if I can cite StackOverflow Q&A as a reference in, say, assignments, reports, exams, or even in a technical paper. But I think I am not there yet.


Source: (StackOverflow)

Remove basic authentication header with apache mod proxy

I have a HTTP Basic secured website. I hide a Tomcat application server with mod_proxy. Can I remove the HTTP Basic header? The Tomcat application reads the header and returns 401 not authorized. Basic auth isn't needed because the application uses cookie sessions. So I think just removing the headers would be fine.


Source: (StackOverflow)

Making a HTTP GET request with HTTP-Basic authentication

I need to build a proxy for a Flash Player project I'm working on. I simply need to make a HTTP GET request with HTTP-Basic authentication to another URL, and serve the response from PHP as if the PHP file was the original source. How can I do this?


Source: (StackOverflow)

Get the HTTP Basic Auth username from javascript?

I have a webpage that is only accessible over http basic auth. How can I figure out the basic auth username in javascript in that page. i.e. when someone visits it (after logging in), I want to make a popup that says "Hello, you're currently signed in as the user $USERNAME"


Source: (StackOverflow)

How to send username:password to unittest's app.get() request?

This is part of my unit test in Flask-RESTful.

self.app = application.app.test_client()
rv = self.app.get('api/v1.0/{0}'.format(ios_sync_timestamp))
eq_(rv.status_code,200)

Within the command line I could use curl to send the username:password to the service:

curl -d username:password http://localhost:5000/api/v1.0/1234567

How do I achieve the same within my unit test's get() ?

Since my get/put/post require authentication otherwise the test would fail.


Source: (StackOverflow)

HTTP basic auth for Rack::Static app on Heroku

I have a simple Rack app hosted on Heroku. config.ru:

use Rack::Static, 
  :urls => ["/stylesheets", "/images", "/javascripts"],
  :root => "public"

run lambda { |env|
  [
    200, 
    {
      'Content-Type'  => 'text/html', 
      'Cache-Control' => 'public, max-age=86400' 
    },
    File.open('public/index.html', File::RDONLY)
  ]
}

How can I add HTTP Basic Auth to this? Bonus points if it only works in the production environment.

Thanks


Source: (StackOverflow)

Spring Security HTTP Basic Authentication

I am trying to do a really simple basic authentication with Spring Security. I have configured the namespace properly and there are no Exceptions in the server. In my "servlet.xml" I have got the next for Spring Security:

<security:http>
    <security:http-basic></security:http-basic>
    <security:intercept-url method="POST" pattern="/**" access="ROLE_USER" />
</security:http>


<security:authentication-manager alias="authenticationManager">
    <security:authentication-provider>
        <security:user-service>
            <security:user name="cucu" password="tas" authorities="ROLE_USER" />
            <security:user name="bob" password="bobspassword" authorities="ROLE_USER" />
        </security:user-service>
    </security:authentication-provider>
</security:authentication-manager>

It nearly all goes perfect: The methods that are not POST doesn't prompt any login form, and the POST method prompt it. The problem is, that nor cucu, neither bob can login there. Can anyone see what am I doing wrong?

Thanks in advance! ;-)


Source: (StackOverflow)

How do you configure spring security to authenticate against a database using basic auth?

Good morning Stack Overflow. This is my first post here so I apologise in advance if it is not formatted correctly. I am 13 weeks into coding with Java and am working on a RESTful web service. The back end is done and now I am working on creating a UI. One of the requirements is that a user log in using http basic. I have this configured to the point where when a user navigates to the page the popup dialogue comes up and you can enter one hard coded user i have in and it logs you in. But what I really need it to do is verify against users in a database. I have searched extensively to try and find a way to configure it to validate against a database but to no avail. Here is my spring-security.xml file with my dummy user.

<beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
    http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
    http://www.springframework.org/schema/security
    http://www.springframework.org/schema/security/spring-security-3.1.xsd">

    <!-- <http auto-config="true"> <intercept-url pattern="/welcome*" access="ROLE_USER" 
        /> <form-login login-page="/login" default-target-url="/welcome" authentication-failure-url="/loginfailed" 
        /> <logout logout-success-url="/logout" /> </http> -->

    <http>
        <intercept-url pattern="/*" access="ROLE_USER" />
        <http-basic />
    </http>

    <authentication-manager>
        <authentication-provider>
            <user-service>
                <user name="tmain" password="123456" authorities="ROLE_USER" />
            </user-service>
        </authentication-provider>
    </authentication-manager>

</beans:beans>

And here is the (I believe) only relevant information to the setup in my web.xml file.

<filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>

    <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

Can anyone give me some direction on configuring spring security to authenticate against a database rather than the dummy user I have? I have a User entity in the database with a firstname, lastname, email, password, activeStatus, and timezone. The email is the user's username. Any and all help would be appreciated. Thank you for taking the time to look this over.


Source: (StackOverflow)