How to launch app with basic auth?

Questions and answers on designing your Servoy solutions, database modelling and other 'how do I do this' that don't fit in any of the other categories

How to launch app with basic auth?

Postby rieder » Mon Nov 12, 2018 3:31 pm

Hi

How can I protect an application (ng client), so it can be launched with basic authentication? Which means:

How could a client send a request to launch the application, and, if no credentials are passed, will get 401 as an answer?
And, if credentials are passed, our authentication (not Servoy internal) is executed and the application will start, if authentication is successful.

I found the argument servoy.webclient.basic.authentication which can be set to true. But then, Servoys internal authentication will be used.
I also managed to define a web service protected with basic auth, by implementing a ws_authenticate method. But how could the application then be launched?
Where should I put the web service to? Into login solution?

Any help would be appreciated a lot. We are stuck!
Kind regards
Birgit Rieder
7r AG, Switzerland
SAN Developer
http://www.seven-r.ch
User avatar
rieder
 
Posts: 177
Joined: Thu Jan 26, 2012 5:18 pm

Re: How to launch app with basic auth?

Postby mboegem » Tue Nov 13, 2018 5:11 pm

Hi,

You are mixing up some things here.
Basic authentication is just a way of passing your credentials to some server, but it is not the authentication itself.

Passing credentials to the webservice is done using basic authentication, but by implementing the ws_authenticate method you can retrieve the username and password and run that against through your own security.
To be able to use your own security, the particular module containing that logic should be a module of the webservice solution.
The webservice solution itself does not have to be a module of your main solution.

For NG client: you can not 'just' launch the solution using basic authentication.
Why not have a proper login form to handle this and then (similar to the webservice) run these credentials through your own security?
To get your login a bit smarter, you could implement something like has been described here:
viewtopic.php?f=69&t=22322

Hope this helps
Marc Boegem
Solutiative / JBS Group, Partner
• Servoy Certified Developer
• Servoy Valued Professional
• Freelance Developer

Image

Partner of Tower - The most powerful Git client for Mac and Windows
User avatar
mboegem
 
Posts: 1743
Joined: Sun Oct 14, 2007 1:34 pm
Location: Amsterdam

Re: How to launch app with basic auth?

Postby rieder » Tue Nov 13, 2018 6:41 pm

Hi Marc

Thank you for the answer!

I did not mean to "authenticate" with basic authentication by itself. Maybe I should explain better what our problem is?

Our NG Client solution will be accessible from the internet and the intranet. A client form outside (internet) will be authenticated by a service (web application firewall), which is not in our hand. Then, if successful, the request will be forwarded to our server, which is hosting the application(s). We are asked to accept the credentials using basic authentication (BA). I imagine, that we "somehow" receive the credentials over BA, authenticate the user (again) and launch the application WITHOUT login form.

If launched from within the intranet, the request is without BA, and we show the login form and authenticate the client as usual.

What I do not know: How can I retrieve the credentials, and authenticate, and response with the ng client in the first case? I managed to write a web service, which is protected with BA by implementing the method ws_authenticate. I retrieve the credentials, I authenticate the user. And then? Do I need the ws_read? Which returns what? How does the client see the first form and no login form? Or do

I hope, I explained better, where we stand and what questions we have? Maybe there is a simple sulution we do not see (that would be great :-)). Or we can overwrite Servoys internal authentication when checking the servoy.webclient.basic.authentication on the admin page?

Any help is very welcome.
Thank you and regards
Birgit Rieder
7r AG, Switzerland
SAN Developer
http://www.seven-r.ch
User avatar
rieder
 
Posts: 177
Joined: Thu Jan 26, 2012 5:18 pm

Re: How to launch app with basic auth?

Postby mboegem » Thu Nov 15, 2018 1:26 pm

Hi Birgit,

if I summarize your use case correctly, you are just getting a request containing credentials using basic authentication and you should be able to login your user into the NG client solution.

AFAIK on browser level there's no way to read the headers of a request (actually there is, but Chrome already marked this as deprecated)
This means you can not get the authorization header which contains the basic authentication string.

You already found a way of getting the credentials using a webservice.
What you could do is create an access token via your webservice and in response to the request you pass the redirect url (your solution URL) including the access token.
This should then look like this: http://<mySolutionURL>/solutions/<mySolution>/index.html?f=loginform&token=<myTempAccessToken>

The service that initially made the request should then open the webbrowser using this redirect URL.
You will be able to read the so called query string in order to retrieve the access token and use that to skip the login form whenever that token is still valid.

If the above can not work, you could try if a redirect response (official http status 302 response) could work.
AFAIK this can not be done using the RESTful webservice plugin which servoy ships.
However using the Velocity plugin, this is doable.
Again this should also use the access token approach.

Last but not least, you could use an SSO service (as Ron described in the forum post I referenced previously)
The initial request should then logon to the SSO service and your application should hook into this service as well to verify the actual authentication state.
This option however requires additional services.

Hope this helps
Marc Boegem
Solutiative / JBS Group, Partner
• Servoy Certified Developer
• Servoy Valued Professional
• Freelance Developer

Image

Partner of Tower - The most powerful Git client for Mac and Windows
User avatar
mboegem
 
Posts: 1743
Joined: Sun Oct 14, 2007 1:34 pm
Location: Amsterdam

Re: How to launch app with basic auth?

Postby rieder » Wed Nov 21, 2018 4:59 pm

Hi Marc

Thank you very much for your answer! What you summarize is exactly what we are asking/looking for. We did read your answer many times! The more we did read and experiment and research the internet, the more we understood. I think, we are close now. Here is, what we currently implemented (s. also the attached graphic):

    Webservice solution which references Authenticator solution.
    RESTful WebService X, protected with basic auth (by implementing method ws_authenticate which reads username and password and calls our authentication method). Returns OK (200) or UNAUTHORIZED (401).
    WebService X providing GET Request (by implementing method ws_read which returns SEE_OTHER (303)
    WebService X returning a location in the response header (by implementing ws_response_headers).

We did deploy the main NG Client solution and imported the WebService solution in that context. When executing the GET Request of service X, we see what we expect in the response. What we now have to find out is, how to get the so called token, you mentioned. Which means, how to save and transfer the credentials from the service to the URL which launches the application.

I hope, we are on the right track. Thanks for your help, which was appreciated a lot.
Best regards
Attachments
solutions.jpg
solutions
solutions.jpg (88.02 KiB) Viewed 2806 times
Birgit Rieder
7r AG, Switzerland
SAN Developer
http://www.seven-r.ch
User avatar
rieder
 
Posts: 177
Joined: Thu Jan 26, 2012 5:18 pm

Re: How to launch app with basic auth?

Postby rieder » Thu Nov 22, 2018 11:35 am

About the token: In the svySecurity module I found a way, how to implement the token.
Seems, we are are close to what we need :-)

Thank you and regards
Birgit Rieder
7r AG, Switzerland
SAN Developer
http://www.seven-r.ch
User avatar
rieder
 
Posts: 177
Joined: Thu Jan 26, 2012 5:18 pm


Return to Programming with Servoy

Who is online

Users browsing this forum: No registered users and 13 guests