HTTP Basic Authentication.

Hello guys,

is there any example , how can popup into the first connected client a basic authorization form to login?

 EthernetClient client = server.available();
  if (client) {
client.print("GET /api/fp/ HTTP/1.0");
client.println("Host: 192.168.2.57");  
client.println("Authorization: Basic YmRjYzE0MDE2ZDkxNjNmNjg5MWIxYzc1NWM3YjRhNzY6RDJNQVBsTmpBRGtMWkFCaw==");
client.println();
}

i am trying this but i dont get the desired results..
all i get is those commands printed into my explorer...

You need to show ALL of your code. That snippet makes it look like the Arduino is a client. Clients make GET requests. Servers do not. Your question is about serving up a login page.

PaulS:
You need to show ALL of your code. That snippet makes it look like the Arduino is a client. Clients make GET requests. Servers do not. Your question is about serving up a login page.

Paul thanks for your reply.

have to go like this?

serverName="192.168.2.57" ; //arduinosIP

  if (client.connect(serverName, 80))  
        {client.print("GET /api/fp/ HTTP/1.0");
client.println("Host: 192.168.2.57");  
client.println("Authorization: Basic YmRjYzE0MDE2ZDkxNjNmNjg5MWIxYzc1NWM3YjRhNzY6RDJNQVBsTmpBRGtMWkFCaw==");
client.println();
}

have to go like this?

Are you implementing a server, that needs to provide data only to authorized clients, or are you implementing a client that needs to log on to a server?

Yes Sorry good question

I am implementing a WebServer , and i need an Authorization for the clients that connects to it. I dont want form authentication , i need the basic authentication.
i will also save the username and password to EEPROM and client will change it from the webserver UI.

I am implementing a WebServer

Web servers do not make GET requests. So, the snippet you keep showing has no place in your code.

I don't understand this statement:

I dont want form authentication , i need the basic authentication.

I've only used form authentication, where the server first posts a login page.

PaulS:

I am implementing a WebServer

Web servers do not make GET requests. So, the snippet you keep showing has no place in your code.

I don't understand this statement:

I dont want form authentication , i need the basic authentication.

I've only used form authentication, where the server first posts a login page.

I ve already done this with form authentication, and i just save into a variable if user verified or not. its simple ok.

but recently i saw a video showing http authentication
and i am wondering if he uses some kind of library or something. its a very "clean" procedure

if anyone knows something ...

Perhaps a search of previous post.

https://www.google.com/search?as_q=authentication&as_epq=&as_oq=&as_eq=&as_nlo=&as_nhi=&lr=&cr=&as_qdr=all&as_sitesearch=http%3A%2F%2Fforum.arduino.cc%2Findex&as_occt=any&safe=images&tbs=&as_filetype=&as_rights=

The below post seems to have workable code at the bottom.

http://forum.arduino.cc/index.php?topic=116396.0

thanks zoomkat , i already saw this but its not what i am looking for,
i am searching for Basic Http Authentication ,

I just found this solution only in WebDuino examples of Web_Authentication
http://ten-fingers-and-a-brain.com/2012/01/webduino-now-with-support-for-http-basic-access-authentication/

But i do not know if this can be implemented into Mega2560 with Ethernet shield (i am at work can't test this)

/* Web_Authentication.ino - Webduino Authentication example */
/* This example assumes that you're familiar with the basics
 * of the Ethernet library (particularly with setting MAC and
 * IP addresses) and with the basics of Webduino. If you
 * haven't had a look at the HelloWorld example you should
 * probably check it out first */

/* you can change the authentication realm by defining
 * WEBDUINO_AUTH_REALM before including WebServer.h */
#define WEBDUINO_AUTH_REALM "Weduino Authentication Example"

#include "SPI.h"
#include "Ethernet.h"
#include "WebServer.h"

/* CHANGE THIS TO YOUR OWN UNIQUE VALUE.  The MAC number should be
 * different from any other devices on your network or you'll have
 * problems receiving packets. */
static uint8_t mac[] = { 0xDE, 0xAD, 0xBE, 0xEF, 0xFE, 0xED };

/* CHANGE THIS TO MATCH YOUR HOST NETWORK.  Most home networks are in
 * the 192.168.0.XXX or 192.168.1.XXX subrange.  Pick an address
 * that's not in use and isn't going to be automatically allocated by
 * DHCP from your router. */
static uint8_t ip[] = { 192, 168, 1, 210 };

/* This creates an instance of the webserver.  By specifying a prefix
 * of "", all pages will be at the root of the server. */
#define PREFIX ""
WebServer webserver(PREFIX, 80);

void defaultCmd(WebServer &server, WebServer::ConnectionType type, char *, bool)
{
  server.httpSuccess();
  if (type != WebServer::HEAD)
  {
    P(helloMsg) = "<h1>Hello, World!</h1><a href=\"private.html\">Private page</a>";
    server.printP(helloMsg);
  }
}

void privateCmd(WebServer &server, WebServer::ConnectionType type, char *, bool)
{
  /* if the user has requested this page using the following credentials
   * username = user
   * password = user
   * display a page saying "Hello User"
   *
   * the credentials have to be concatenated with a colon like
   * username:password
   * and encoded using Base64 - this should be done outside of your Arduino
   * to be easy on your resources
   *
   * in other words: "dXNlcjp1c2Vy" is the Base64 representation of "user:user"
   *
   * if you need to change the username/password dynamically please search
   * the web for a Base64 library */
  if (server.checkCredentials("dXNlcjp1c2Vy"))
  {
    server.httpSuccess();
    if (type != WebServer::HEAD)
    {
      P(helloMsg) = "<h1>Hello User</h1>";
      server.printP(helloMsg);
    }
  }
  /* if the user has requested this page using the following credentials
   * username = admin
   * password = admin
   * display a page saying "Hello Admin"
   *
   * in other words: "YWRtaW46YWRtaW4=" is the Base64 representation of "admin:admin" */
  else if (server.checkCredentials("YWRtaW46YWRtaW4="))
  {
    server.httpSuccess();
    if (type != WebServer::HEAD)
    {
      P(helloMsg) = "<h1>Hello Admin</h1>";
      server.printP(helloMsg);
    }
  }
  else
  {
    /* send a 401 error back causing the web browser to prompt the user for credentials */
    server.httpUnauthorized();
  }
}

void setup()
{
  Ethernet.begin(mac, ip);
  webserver.setDefaultCommand(&defaultCmd);
  webserver.addCommand("index.html", &defaultCmd);
  webserver.addCommand("private.html", &privateCmd);
  webserver.begin();
}

void loop()
{
  char buff[64];
  int len = 64;

  /* process incoming connections one at a time forever */
  webserver.processConnection(buff, &len);
}

Ok this sketch is what i was looking for , in case someone searching the same..

I have to combine the Ethernet.h with the Webserver.h checkCredentials function..

I finally found the solution , i can use http basic authentication with the classic ethernet library with the help of webduinos library,

this is for somebody searching the same , and if you have some better solution or comments i will be glad to hear them

#include <SPI.h>
#include <Ethernet.h>
#include <WebServer.h>
byte mac[] = { 0xDE, 0xAD, 0xBE, 0xEF, 0xFE, 0xED };
IPAddress ip(192,168,2,57);
EthernetServer server(90);
byte USER_AUTHENDICATED=0;

/////////////////////////////////////////////////////////////////////////////////////
#define PREFIX ""
WebServer webserver(PREFIX, 90);
/////////////////////////////////////////////////////////////////////////////////////
void privateCmd(WebServer &serverA, WebServer::ConnectionType type, char *, bool)
{
  if  (serverA.checkCredentials("YWRtaW46YWRtaW4="))
  {
    serverA.httpSuccess();
    USER_AUTHENDICATED=1;
    delay(20);
    P(helloMsg) = "<html><head><meta http-equiv='refresh' content=3;></head><body bgcolor='#000000' style='font-family:Verdana;color:#ffffff;font-size:12px;'><form>Login Succesfull!</form></body></html>";
    serverA.printP(helloMsg);
    delay(20);
    STARTWEB();
  }
  else
  {serverA.httpUnauthorized(); 
   USER_AUTHENDICATED=0;

  }
}


void loop() {
    char buff[64];
  int len = 64;
  // listen for incoming clients0
  webserver.processConnection(buff, &len);
 
 if (USER_AUTHENDICATED==1)
    {
      
      STARTWEB();
    }
  
}

void defaultCmd(WebServer &serverA, WebServer::ConnectionType type, char *, bool)
{
  if  (serverA.checkCredentials("YWRtaW46YWRtaW4="))
  {
    serverA.httpSuccess();
    USER_AUTHENDICATED=1;
    delay(20);
    P(helloMsg) = "<html><head><meta http-equiv='refresh' content=4;></head><body bgcolor='#000000' style='font-family:Verdana;color:#ffffff;font-size:12px;'><form>Login Succesfull!</form></body></html>";
    serverA.printP(helloMsg);
    delay(20);
    STARTWEB();
  }
  else
  {serverA.httpUnauthorized(); 
   USER_AUTHENDICATED=0;
  }
}
/////////////////////////////////////////////////////////////////////////////////////////////////////////////
void setup() {
 // Open serial communications and wait for port to open:
  Serial.begin(9600);

  // start the Ethernet connection and the server:
  Ethernet.begin(mac, ip);
  server.begin();
  
    
  /////////////////////////////////////////////////////////////////////////////
    webserver.setDefaultCommand(&privateCmd);
   // webserver.addCommand("private.html", &defaultCmd);

  webserver.begin();
  /////////////////////////////////////////////////////////////////////////////
}


void STARTWEB()
{
  //Start Webserver with classic arduino way.......
  EthernetClient client = server.available();
  if (client) {
    // an http request ends with a blank line
    boolean currentLineIsBlank = true;
    while (client.connected()) {
      if (client.available()) {
        char c = client.read();
        Serial.write(c);
        // if you've gotten to the end of the line (received a newline
        // character) and the line is blank, the http request has ended,
        // so you can send a reply
        if (c == '\n' && currentLineIsBlank) {
          // send a standard http response header
          client.println("HTTP/1.1 200 OK");
          client.println("Content-Type: text/html");
          client.println("Connection: close");  // the connection will be closed after completion of the response
	  client.println("Refresh: 5");  // refresh the page automatically every 5 sec
          client.println();
          client.println("<!DOCTYPE HTML>");
          client.println("<html>");
          // output the value of each analog input pin
          for (int analogChannel = 0; analogChannel < 6; analogChannel++) {
            int sensorReading = analogRead(analogChannel);
            client.print("analog input ");
            client.print(analogChannel);
            client.print(" is ");
            client.print(sensorReading);
            client.println("
");       
          }
          client.println("</html>");
          break;
        }
        if (c == '\n') {
          // you're starting a new line
          currentLineIsBlank = true;
        } 
        else if (c != '\r') {
          // you've gotten a character on the current line
          currentLineIsBlank = false;
        }
      }
    }
    // give the web browser time to receive the data
    delay(1);
    // close the connection:
    client.stop();
    Serial.println("client disonnected");
  }
}

I'm using a code in the STARWEB function that refresh each 5 seconds, but all time that the page refresh appers the hello message in a black page some body solved this issue?

I finally found the solution , i can use http basic authentication with the classic ethernet library with the help of webduinos library,

this is for somebody searching the same , and if you have some better solution or comments i will be glad to hear them

#include <SPI.h>
#include <Ethernet.h>
#include <WebServer.h>
byte mac[] = { 0xDE, 0xAD, 0xBE, 0xEF, 0xFE, 0xED };
IPAddress ip(192,168,2,57);
EthernetServer server(90);
byte USER_AUTHENDICATED=0;

/////////////////////////////////////////////////////////////////////////////////////
#define PREFIX ""
WebServer webserver(PREFIX, 90);
/////////////////////////////////////////////////////////////////////////////////////
void privateCmd(WebServer &serverA, WebServer::ConnectionType type, char *, bool)
{
  if  (serverA.checkCredentials("YWRtaW46YWRtaW4="))
  {
    serverA.httpSuccess();
    USER_AUTHENDICATED=1;
    delay(20);
    P(helloMsg) = "<html><head><meta http-equiv='refresh' content=3;></head><body bgcolor='#000000' style='font-family:Verdana;color:#ffffff;font-size:12px;'><form>Login Succesfull!</form></body></html>";
    serverA.printP(helloMsg);
    delay(20);
    STARTWEB();
  }
  else
  {serverA.httpUnauthorized(); 
   USER_AUTHENDICATED=0;

  }
}


void loop() {
    char buff[64];
  int len = 64;
  // listen for incoming clients0
  webserver.processConnection(buff, &len);
 
 if (USER_AUTHENDICATED==1)
    {
      
      STARTWEB();
    }
  
}

void defaultCmd(WebServer &serverA, WebServer::ConnectionType type, char *, bool)
{
  if  (serverA.checkCredentials("YWRtaW46YWRtaW4="))
  {
    serverA.httpSuccess();
    USER_AUTHENDICATED=1;
    delay(20);
    P(helloMsg) = "<html><head><meta http-equiv='refresh' content=4;></head><body bgcolor='#000000' style='font-family:Verdana;color:#ffffff;font-size:12px;'><form>Login Succesfull!</form></body></html>";
    serverA.printP(helloMsg);
    delay(20);
    STARTWEB();
  }
  else
  {serverA.httpUnauthorized(); 
   USER_AUTHENDICATED=0;
  }
}
/////////////////////////////////////////////////////////////////////////////////////////////////////////////
void setup() {
 // Open serial communications and wait for port to open:
  Serial.begin(9600);

  // start the Ethernet connection and the server:
  Ethernet.begin(mac, ip);
  server.begin();
  
    
  /////////////////////////////////////////////////////////////////////////////
    webserver.setDefaultCommand(&privateCmd);
   // webserver.addCommand("private.html", &defaultCmd);

  webserver.begin();
  /////////////////////////////////////////////////////////////////////////////
}


void STARTWEB()
{
  //Start Webserver with classic arduino way.......
  EthernetClient client = server.available();
  if (client) {
    // an http request ends with a blank line
    boolean currentLineIsBlank = true;
    while (client.connected()) {
      if (client.available()) {
        char c = client.read();
        Serial.write(c);
        // if you've gotten to the end of the line (received a newline
        // character) and the line is blank, the http request has ended,
        // so you can send a reply
        if (c == '\n' && currentLineIsBlank) {
          // send a standard http response header
          client.println("HTTP/1.1 200 OK");
          client.println("Content-Type: text/html");
          client.println("Connection: close");  // the connection will be closed after completion of the response
	  client.println("Refresh: 5");  // refresh the page automatically every 5 sec
          client.println();
          client.println("<!DOCTYPE HTML>");
          client.println("<html>");
          // output the value of each analog input pin
          for (int analogChannel = 0; analogChannel < 6; analogChannel++) {
            int sensorReading = analogRead(analogChannel);
            client.print("analog input ");
            client.print(analogChannel);
            client.print(" is ");
            client.print(sensorReading);
            client.println("
");       
          }
          client.println("</html>");
          break;
        }
        if (c == '\n') {
          // you're starting a new line
          currentLineIsBlank = true;
        } 
        else if (c != '\r') {
          // you've gotten a character on the current line
          currentLineIsBlank = false;
        }
      }
    }
    // give the web browser time to receive the data
    delay(1);
    // close the connection:
    client.stop();
    Serial.println("client disonnected");
  }
}

[/quote]