Versions Compared

Old Version 22

changes.mady.by.user Don Bakke

Saved on

compared with

New Version Current

changes.mady.by.user Don Bakke

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Regardless of which authentication method(s) will be used, the Enable Authentication option needs to be set. Otherwise, the SRP HTTP Framework will automatically authenticate each request as valid (although any internal authorization logic will still work as normal). To set this option, run the HTTP Framework Setup form (e.g., EXEC NDW_HTTP_FRAMEWORK_SETUP from the System Monitor) and then click on the Authentication menu to open the Authentication Options page. Make sure the Enable Authentication? box is checked:

Image Modified

Using HTTP Basic Authentication

...

Unless changed by the developer, user credentials are maintained in the WEB_ACCOUNTS database table. To manage web accounts just run the Web Accounts form (e.g., EXEC NDW_WEB_ACCOUNTS). To create a new user you can enter in an ID and populate the rest of the fields manually or you can click on the New Account menu option. This will dynamically generate an ID and prepopulate other fields for you:

Image Modified

The Name field must be updated (it's a required field in this form) and the Save Account menu option clicked. We'll review the other fields later.

...

The Wikipedia article on HTTP Basic Authentication provides an easy to understand overview of how usernames and passwords are to be Base64 encoded and then added to the HTTP Authorization request header. API testing tools like Postman make this very easy to implement. Here's a simple guide:

Image Modified

  1. Click the Authorization tab (Note: Even though the term Authorization is used, it is technically Authentication).
  2. Pick HTTP Auth as the authentication type from the dropdown.
  3. Enter the Username and Password (for demonstration purposes, the above screenshot uses the same username and password that was auto-generated by the Web Accounts form). You might want to enable the Show Password chekbox as well.
  4. Click on the Preview Request button. This last step is necessary to transfer the authentication information into the HTTP Authorization request header. You can confirm this by clicking on the Headers tab (the one to the right of the Authorization tab):

Image Modified

The HTTP request can now be submitted by clicking the Send button and the SRP HTTP Framework should identify the username and password correctly and return an appropriate response. We'll discuss how APIs can identify the username and password used in the HTTP request for authorization purposes in another article.

...