basic-authentication

问题 I'm implementing a RESTful web service using ASP.Net Web Api. I have concluded to use Basic authentication + SSL to do the authentication part. What is the best/correct way to implement that? My first attempt was to do it manually, parsing the Authorization header, decoding and verifying the user against my database. It works, but I wonder if I am missing something. I've seen some solutions using user roles and principals. While I'm not sure what these actually do, I'm almost sure I will not

问题 I have a Spring REST application which at first was secured with Basic authentication. Then I added a login controller that creates a JWT JSON Web Token which is used in subsequent requests. Could I move the following code out of the login controller and into the security filter? Then I would not need the login controller any longer. tokenAuthenticationService.addTokenToResponseHeader(responseHeaders, credentialsResource.getEmail()); Or could I remove the Basic authentication? Is it a good

问题 why has the resulting string literal of "username:password" be encoded with Base64 in the Authorization header? Whats the background of it? 回答1: This is the production rule for the userid-password tuple before it’s encoded: userid-password = [ token ] ":" *TEXT Here token is specified as follows: token = 1*<any CHAR except CTLs or tspecials> This is basically any US-ASCII character within the range of 32 to 126 but without some special characters ( ( , ) , < , > , @ , , , ; , : , \ , " , / ,

问题 One of our webapplications is using Basic Authentication and build with AngularJS. To test this application, I use Protractor, which uses Selenium to communicate with browsers. In Chrome, everything works fine and doing basic authentication is easy: username:password@host.ext Under Internet Explorer, the URL's with password and username are expected to be a security risk and are therefor not allowed. Until Internet Explorer 9, this setting could be turned off in the registry (FEATURE_HTTP

问题 I have spring web application with Spring security configured using java config approach. I want to exclude some URL patterns from authentication(eg: static resources etc..). I have done this earlier with spring security xml config but couldn't figure out with java config as adding antmatchers doesn't help. Following is my code added in security config class extending WebSecurityConfigurerAdapter @Override public void configure(HttpSecurity http) throws Exception { http.authorizeRequests()

问题 I want users to be able to log in via HTTP Basic authentication modes. The problem is that I also want them to be able to log out again - weirdly browsers just don't seem to support that. This is considered to be a social-hacking risk - user leaves their machine unlocked and their browser open and someone else can easily visit the site as them. Note that just closing the browser-tab is not enough to reset the token, so it could be an easy thing for users to miss. So I've come up with a

问题 I'm trying to connect/ do a POST request to an API with Angular2, It's a very simple API with a Basic Authentication password. When disabling the password on the api everything works like expected. But when I enable the Basic Authentication Angular can no longer connect to the API. In Postman everything works. I tried the following without success. I've got two headers "Content-Type" and "Authorization" headers.append("Content-Type", "application/x-www-form-urlencoded"); I've tried these two

问题 I'm trying to write a REST-API server with NodeJS like the one used by Joyent, and everything is ok except I can't verify a normal user's authentication. If I jump to a terminal and do curl -u username:password localhost:8000 -X GET , I can't get the values username:password on the NodeJS http server. If my NodeJS http server is something like var http = require('http'); http.createServer(function (req, res) { res.writeHead(200, {'Content-Type': 'text/plain'}); res.end('Hello World\n'); })

问题 Where can I find reference code that implements a HTTP Basic Authentication client in pure JavaScript, suitable for AJAX? Extra points for code, or pointers to code, that can be used independent of JS toolkits like YUI. No points for Java, Flash/Flex, PHP frameworks, etc. 回答1: The five-parameter version of the XMLHttpRequest.open method allows you to specify the username and password. (WHATWG spec) xhr.open(method, url, async, username, password) 回答2: There is a good article/tutorial written

问题 I am working with a proxy that requires authentication, i.e., in a browser if I try to open a page it will immediately ask for credentials. I supplied same credentials in my program but it fails with HTTP 407 error. Here is my code: HttpWebRequest request = (HttpWebRequest)WebRequest.Create(URL); IWebProxy proxy = WebRequest.GetSystemWebProxy(); CredentialCache cc = new CredentialCache(); NetworkCredential nc = new NetworkCredential(); nc.UserName = "userName"; nc.Password = "password"; nc