next topic »

[Reply #15 on:]

I would like to control some home equipment connected to my
arduino on or off. High security wont be necessary.

I still have no idea how to implement the basic authenticiation in a sketch.

Did you check my example?

[Reply #16 on:]

I would like to control some home equipment connected to my
arduino on or off. High security wont be necessary.

Running your arduino on a non standard port behind a router and not releasing public links to the arduino URL may be all you need.

[Reply #17 on:]

@arian , yes i looked at your example but I noticed it was for the ECN28J60 Ethernet chip.
I have the arduino ethernet board with the W5100 chip.

@zoomkat yes , I m already doing that port 'trick' but I was looking for some extra security
which I could use for other projects as well.

[Reply #18 on:]

@arian , yes i looked at your example but I noticed it was for the ECN28J60 Ethernet chip.
I have the arduino ethernet board with the W5100 chip.

That's correct it's for enc28j60, but the parsing functions that you are looking for worked on application layer - which is chip independent.

[Reply #19 on:]

Im also in need of this. Looking for the simplest way of doing this aswell. For what is worth I'll try using the TextFinder Library and the HTML password field. I'll see how it goes...

I'll be checking the forum aswell xD

[Reply #20 on:]

The proper way to implement this is to use HTTP Authentication as Wagner described. There are gobs of explanations that a web search will provide you, but basically it comes down to programming the Arduino to look for an Authorization: header (with a valid user/password encoded therein) in the request, or returning  a 401 status if not.

This is an intrinsic behavior of web browsers to handle this authentication scheme. It would be very similar to implement the authentication using a cookie but that causes a little more work in having to generate a username/password input. HTTP authentication would do that for you.

[Reply #21 on:]

The proper way to implement this is to use HTTP Authentication as Wagner described. There are gobs of explanations that a web search will provide you, but basically it comes down to programming the Arduino to look for an Authorization: header (with a valid user/password encoded therein) in the request, or returning  a 401 status if not.

This is an intrinsic behavior of web browsers to handle this authentication scheme. It would be very similar to implement the authentication using a cookie but that causes a little more work in having to generate a username/password input. HTTP authentication would do that for you.

anyone been able to get this working? Im allso looking for a secure solution for my arduino webserver (allso for domotica-solution). Im new with Arduino, and i dont have much experience with php or html. I can write a simple button-page, but thats it

[Reply #22 on:]

Here is the example

   it don not work, i download and what im supppose to do with that?

[Reply #23 on:]

it don not work, i download and what im supppose to do with that?

You downloaded the example, and you don't know what to do with it, but you know it doesn't work. I don't think so.

[Reply #24 on:]

Just an addition to the suggestions already posted; I have also written a web server with the W5100 and use the authorization supplied in the GET request by the client.  My webserver is controlled by a PHP script using CURL which puts the authorization into the request:

Code:

GET /secret.ard HTTP/1.1
Host: localhost
Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtQW==

I use a Base64 library to unencode the credentials.  (search for adamvr-arduino-base64-4be16cd.zip)

In my program I look for the Authorization

Code:

if (requestLine.startsWith("Authorization: Basic ")){
  strcpy(username, getUsername(requestLine));
}

:

// Returns  username:password
char* getUsername(String authorizationLine){
  String encryptedDetails = authorizationLine.replace("Authorization: Basic ","");
  char encrypted[300];
  char decrypted[300];
   
  encryptedDetails.toCharArray(encrypted, 300);
   
  int length = base64_decode(decrypted, encrypted, 300);
 
  return decrypted;
}

I'll be using this for controlling my heating externally.  It's definitely worth putting some extra security in, but not too much

Hope this helps!

[Reply #25 on:]

Hi!
I'm new to Arduino, I'm from Cuba so my English is very bad.
I'm working in the same problem about Basic Authentication with Arduino web server. I don't think you need the Base64 library for Arduino because you only need to compare the generated code, you don't need to know the user and password just the code in order to allow access.
You can generate this code for a  user/password pair with any other available tool.

This is an easy soluction, the main problem of that way is that you cannot change the user and password at least re-program the arduino.

I'm working in a solution that have admin/admin as the default, and using a web form to change the user and password whenever I want. In this case is needed the Base64 library for Arduino to generate the new code.

Other Idea is supply a hardware switch to reset to the default configuration. In this case the default configuration ask for the Basic Authentication but will accept any code for the first time and will use that code as the valid code for the next time. You will need to save this new code to the EEPROM.

Hope this helps!

[Reply #26 on:]

I was Wagner, if you were able to get anywhere with this and make your example work. I am too looking for a way to secure an Arduino webpage.

Thanks,

Dan