Is S7g2 can have HTTPS ..? how to validate the multi logins (different username and different password)

how to validate the multi logins (different username and different password).

 

1. basically i want have two/more user accounts, each user account will have its individual limitation to open pages or edit data ect.

how can we achieve this ..?

 

2. is can i provide my own login page instead of this  if we can where can i modify this..?

3. how can give the login authentication only for the first login rest of the pages would open but when tried to open individual pages it should as for the password how can i do this ..?

  • adboc
    Hi amar,

    The authorization procedure using by NetX HTTP Server is provided by the HTTP protocol itself: developer.mozilla.org/.../Authorization

    The login prompt is displayed by the browser and cannot be easily changed. However you may provide your own authorization by displaying a login and a password input widget and then handle the inputs in the request notify callback. To provide access for multiple users, the application should maintain an array of usernames and their corresponding passwords.

    Regards,
    adboc
  • amar

    In reply to adboc:

    Hi adboc,
    i have my own login page/widget how can handle this at authentication_check() function ..?

    for every pages its asking for the password if mentioned all pages.

    if not mentioned in the authentication_check();

    ip followed by the page is directly opening without the password.

    please help me regarding this asap.
  • adboc

    In reply to amar:

    Hi amar,

    If you provided your own login page, do not use the authentication_check() function, just return NX_SUCCESS.

    In the request_notify() callback, you should read a login and a password sent by a request, check them and set a cookie using the nx_http_server_callback_generate_response_header (Set-Cookie header), the value should be kind of a token matching the login/password. On the next request, check for the cookie and validate it, unfortunately you should parse the incoming headers on your own.

    Regards,
    adboc
  • int soumen

    Hello Amar,

    As per adboc you can able to send cookie to browser. 

    The below code will help you to parse the cookie from http request inside requst_notify()

     

    #define HTTP_REQUEST_HEADER_BUFF_SIZE (512)
    #define HTTP_REQUEST_COOKIE_BUFF_SIZE (128)

    BOOL fn_parse_cookies(NX_PACKET *packet_ptr, UCHAR *pchCookieBuff, uint uiBufferLen)
    {
    /** allocate header memory */
    UCHAR *requestHeader = (UCHAR *) malloc(HTTP_REQUEST_HEADER_BUFF_SIZE);
    int bytes_copied, key_index_ctr = 0, ctr = 0, search_key_len = (int) strlen ("Cookie:");
    UINT uiStatus;
    UCHAR ch;
    BOOL bCookieFound = FALSE;
    /* Retrieve data from packet pointed to by "packet_ptr". */
    uiStatus = nx_packet_data_extract_offset (packet_ptr, 0, (VOID *) requestHeader, HTTP_REQUEST_HEADER_BUFF_SIZE,
    (ULONG *) &bytes_copied);
    /** Cookie: searching loop */
    if (uiStatus == NX_SUCCESS)
    {
    while (ctr < bytes_copied)
    {
    /* Extract 8 chars form header and check for literal match of Cookie: */
    while (ctr < bytes_copied && key_index_ctr < search_key_len)
    {
    ch = requestHeader[ctr];
    // matching key characters with buffer characters
    if ("Cookie:"[key_index_ctr] != ch)
    {
    // match found, Cookie: found
    break;
    }
    ctr++;
    key_index_ctr++;
    } //loop - key matcher

    // compare
    if ((key_index_ctr == search_key_len) == 1)
    {
    // Cookie: Start found
    bCookieFound = TRUE;
    break;
    } // if - key start found

    // reset counter for future use
    key_index_ctr = 0;
    // Cookie: not yet found
    while (ctr < bytes_copied)
    {
    // loop until \r\n
    if (requestHeader[ctr] == '\n' && requestHeader[ctr - 1] == '\r')
    {
    // New Header: found
    ctr++;
    break;
    }
    ctr++;
    } // loop - next header search
    } // loop- cookie search
    } // if - header copied

    uint coo_ctr = 0;
    if (bCookieFound == TRUE)
    {
    bCookieFound = FALSE;
    while (ctr < bytes_copied && coo_ctr < uiBufferLen)
    {
    if (requestHeader[ctr] == '\n' && requestHeader[ctr - 1] == '\r')
    {
    // all cookie copied
    pchCookieBuff[coo_ctr - 1] = '\0';
    bCookieFound = TRUE;
    break;
    }
    pchCookieBuff[coo_ctr] = requestHeader[ctr];
    ctr++;
    coo_ctr++;
    }
    }

    /** free request header memory */
    free(requestHeader);
    return bCookieFound;
    }

     

    UINT request_notify(NX_HTTP_SERVER *server_ptr, UINT request_type, CHAR *resource, NX_PACKET *packet_ptr)

    {

    /** allocate cookie buffer */
    UCHAR *pchCookieBuff = malloc(HTTP_REQUEST_COOKIE_BUFF_SIZE);

    /** parse cookie **/
    fn_parse_cookies (packet_ptr, pchCookieBuff, HTTP_REQUEST_COOKIE_BUFF_SIZE);

    /** release cookie buffer */
    free(pchCookieBuff);

    // use cookie... :-)

    }

  • JanetC

    In reply to int soumen:

    When your application calls the request_notify (the callback defined in the nx_http_server_create call), this callback must indicate if it is done processing the client request/response or whether NetX HTTP Server should continue processing it.

    Example:

    my_request_notify()
    {

    if ( /* this is a post, we'll handle it here */)
    /* process a response to send back */
    else
    return NX_SUCCESS; /* Not a post. Let NetX HTTP server handle it */


    /* The client request is handled, so let NetX HTTP server know by the return status, and release the packet or you
    will have a packet leak (HTTP server will assume the packet is released */

    nx_packet_release(packet_ptr);
    return(NX_HTTP_CALLBACK_COMPLETED);
    }

    Also avoid using malloc and free in a multithread environment. Use static buffers or else you can use the dynamic memory array services offered in ThreadX.

    Regards,
    Janet