Re: [lwip-users] Basic Authentication

[Ben Stuyts]

Hi Marco,

Sounds good! I’m interested in this. Would it be possible for you to post a complete patch?

Thanks,

Ben

On 22 Apr 2020, at 15:25, Marco Lazzaroni <address@hidden> wrote:

Il giorno lun 20 apr 2020 alle ore 12:35 Marco Lazzaroni <address@hidden> ha scritto:

About Basic Authentication, I suppose that I have to do the following:

- when I get a HTTP request, I have to check in the headers if the "Authorization: Basic xxxxx" is present: if not, I have to send a HTTP 401 with "WWW-Authenticate: Basic realm..."

- if the "authorization: Basic header" is present, and the credentials are correct, I have to reply with a Http 200 and the rest of the page

- wrong user/pass: HTTP 403

In case someone has the same need, i implemented basic authentication:

- fixed get_http_header (see https://savannah.nongnu.org/bugs/?58223 ) and added "if" for 401 

- added 401 "if" in http_find_error_file

- in http_parse_request():

        - if authorization header is missing, then return 401

        - if Authorization: Basic <credentials> are not ok (checked by external function), then return 401, else go on and send the web page

That's all, if someone will need some more detail I'll give it to them.

Cheers

 Marco

_______________________________________________
lwip-users mailing list
address@hidden
https://lists.nongnu.org/mailman/listinfo/lwip-users