MicroHTTP Library: Basic Authentication
On this page we will look into basic access authentication, as it is provided by the MicroHTTP library.
Note, that this type of authentication will transmit user names and passwords over the line with Base64 encoding only, which can be easily converted back to human readable text. Additional techniques like TLS must be used to secure the connection.
Enabling Access Protection
Applications can protect access to specific paths within their web content by calling
int HttpRegisterAuthBasic(const char *path, const char *login, const char *realm);
If any requested URL starts with the given path, then the server will send back a 401 response, which tells the client, that access to the requested resource requires authentication. The browser will typically display the realm and prompt the user for name and password.
Let's say, that on our webserver we move all protected files into a subdirectory named admin. Then the following code snippet starts a webserver, where all URLs starting with the word admin are protected by user name root and password secret. On the first access, the browser will prompt the user with an Admin Login dialog.
StreamInit(); MediaTypeInitDefaults(); HttpRegisterAuthBasic("admin", "root:secret", "Admin Login"); StreamClientAccept(HttpdClientHandler, NULL);
Beside allowing authenticated users to modify the device's configuration remotely, you may further offer the capability to upgrade the firmware via the web interface by uploading files.