Web App Basic Authentication

Is it possible in a web app that uses special handlers e.g. /special/dowhatiwant to use HTTP basic authentication?

My guess is “why not”. Check the request headers. If they don’t have authorization, return a 401 error. If they do, evaluate them. Details of basic auth are here:

http://en.wikipedia.org/wiki/Basic_access_authentication

Thanks Brad, that was exactly what I need to know.

I made a simple web app. It has a WebLink with URL “/api/basicAuth” and target “New Window” in a WebPage. I added a handler for app.HandleSpecialURL:

[code]Function HandleSpecialURL(Request As WebRequest) As Boolean
dim result as Boolean
dim authHeader, items(), auth, username, password as string
dim i as integer

result = false

if request <> nil then
if request.Path = “basicAuth” then
authHeader = request.GetRequestHeader(“Authorization”)

  if authHeader <> "" then
    items = authHeader.Split(" ")
    for i = items.Ubound downto 0
      if items(i) = "" then
        items.Remove(i)
      end if
    next
    
    if items.Ubound = 1 and items(0) = "Basic" then
      auth = DecodeBase64(items(1))
      
      username = auth.NthField(":", 1)
      password = auth.NthField(":", 2)
      
      request.Print username + "</br>" + password
      request.Status = 200
      result = true
    end if
        
  else
    Request.Header("WWW-Authenticate") = "Basic realm=""basicAuth"""
    request.Status = 401
    result = true
    
  end if
  
  if not result then
    Request.Header("WWW-Authenticate") = "Basic realm=""basicAuth"""
    request.Status = 401
    result = true
    
  end if
end if

end if

return result
End Function
[/code]

When the link is clicked, a new tab will open, and the user will be asked for username and password. A simple page will be displayed with what the user entered. Subsequent reloads will bypass the login because the browser sends up previous authentication data for that realm when requested.

1 Like

Thanks Brad that is brilliant, I am going to give it a try this evening.