Ok it is easy to setup mongoose web server with ssl support if mongoose is authenticating the clients, and it is possible to make https requests with mongoose web server. But can mongoose support "client" authentication(possibly with an ssl certificate) when it is sending out https requests?
If yes then how, if no which alternative library do you suggest?
PS: of course c/c++ and windows
Since July 2014 Mongoose DOES support client side certificates.
Mongoose does not support client side certificates.
Your best call is to use digest authentication, which is built in mongoose, or resort to other methods like cookie-based authentication, or oauth, etc.
You can find an example of cookie-based auth in https://github.com/cesanta/mongoose/blob/master/examples/chat.c
Related
I am developing an apple app which talks to a restful PHP web service.
Ideally i want this web service password protected.
What is the best way of achieving this,
Is it better to use a technique similar to OAUTH or is it over kill?
Or is it better to send user password and username in server each command and check its legit before caring out each individual command.
Thanks
It depends on the client. If the client is 3rd party, then it needs an OAuth like solution with access tokens. If the developer of the service and the client is the same, then the basic auth approach is enough. Ofc. you have to use encrypted connection.
I am deploying my cometd in jetty container. I want to pass kerberos credentials with the request. What should be the correct way to pass kerberos credential headers with the request which can work with all kind of transports (websockets, longpolling and callbackpolling).
Thanks,
Anuj
I'm almost done with a jax-rs webservice so currently I'm now working on security part, I have read several articles on implementation of jaas and jdbc realm roles. some how no one seems to talk about authenticating a user from a remote angular js client.
Assuming i set my roles in jdbc/realm and configure my web.xml file ,can i do this?
<form-login-config>
<form-login-page>+"http://54.200.2.152:8080/service/index.html+"</form-login-page>
<form-error-page>+"http://54.200.2.152:8080/service/error.html+"</form-error-page>
</form-login-config>
to re-direct to the remote angular-js client? and if i do that,how to i maintain the js_securitycheck session id? (meanwhile; sessioning is against rest principles, which is stateless .
Also, is <auth-method>BASIC</auth-method> preferable for using a remote angular-js client? sending basic64 code and how do I implement this?
Is it possible to use Spring Security – Kerberos Extension to make soap calls to Kerberos protected service ? We have Wss4jSecurityInterceptor for Spring-ws , but if the soap client want to send kerberos token , we don;t have any kerberosSecurityInterceptor ? Is there a way to do this using Spring Security – Kerberos Extension? Please advise?
No, that extension if for Web auth only.
For a Microsoft CRM project, we need NTLM authentication in the Delphi 2009 web service client.
It looks like Indy 10 Tiburon already has experimental NTLM support.
How can I activate the NTLM authentication for the THTTPRio component and use the logon information (user name, password, domain) of the destination web service server?
Edit: it would also be helpful if there is a way to use other authentication methods than 'Basic', for example HTTP Digest access authentication.
In the user name property of the WebNode subcomponent of the THTTPRio component, use the domain name followed by a backslash and the user name:
'domain\username'
After entering the WSDL URL at designtime, the HTTPRIO component will list available port and services.
I'm not entirely sure I understand your question - activate NTLM authentication? If you're looking for NTLM API imports for Delphi, you can find those in the JEDI Windows Security Library on the JEDI API home page. If the plan is to see how to use it, I'd say MSDN is your friend.