Apologies if I've missed something obvious, but I can't find any basic authentication in any of the http_server/https_server examples.
Like the OP, I'm looking to add username/password authentication to my https server (based on the "simple" examples).
Thanks.
Basic authentication with the ESP-IDF HTTPS-Server
-
- Posts: 8
- Joined: Mon Nov 30, 2020 10:52 am
-
- Posts: 8
- Joined: Mon Nov 30, 2020 10:52 am
Re: Basic authentication with the ESP-IDF HTTPS-Server
I've found the answer to where the Basic Auth is in the simple example:
https://github.com/espressif/esp-idf/co ... efeb1e6e58
This requires the latest stable ESP-IDF (v4.3.1)
Haven't got it working in my project yet, but will keep at it
https://github.com/espressif/esp-idf/co ... efeb1e6e58
This requires the latest stable ESP-IDF (v4.3.1)
Haven't got it working in my project yet, but will keep at it
Re: Basic authentication with the ESP-IDF HTTPS-Server
Use the following
usage
Code: Select all
esp_err_t httpRequestAuthorization(httpd_req_t *req)
{
httpd_resp_set_hdr(req, "WWW-Authenticate", "Basic realm=\"my_realm1\"");
httpd_resp_set_status(req, "401 Unauthorized");
httpd_resp_set_type(req, HTTPD_TYPE_TEXT);
httpd_resp_sendstr(req, "Unauthorized");
return ESP_OK;
}
Code: Select all
bool httpAuthenticateRequest(httpd_req_t *req, const char *server_username, const char *server_password)
{
char authorization_header[64] = {0};
char decoded_authorization[32] = {0};
size_t buf_len;
// Get header value string length
buf_len = httpd_req_get_hdr_value_len(req, "Authorization");
//ESP_LOGD(TAG, "Authorization header length %d", buf_len);
//bound check
if ((buf_len > 0) && (buf_len < 64))
{
// Copy null terminated value string into buffer
if (httpd_req_get_hdr_value_str(req, "Authorization", authorization_header, buf_len + 1) == ESP_OK)
{
//ESP_LOGD(TAG, "Authorization header : %s", authorization_header);
//find the "Basic " part of the header
char *encoded_authorization = strstr(authorization_header, "Basic ");
if(encoded_authorization != NULL)
{
//move the pointer to the start of the encoded authorization string
encoded_authorization = &encoded_authorization[strlen("Basic ")];
//ESP_LOGD(TAG, "Authorization string : %s", encoded_authorization);
//decode the authorization string
int decode_res = mbedtls_base64_decode((unsigned char *)decoded_authorization, sizeof(decoded_authorization), &buf_len, (unsigned char *)encoded_authorization, strlen(encoded_authorization));
if(decode_res == 0)
{
//ESP_LOGD(TAG, "Decoded Authorization string : %s", decoded_authorization);
//find the separator between username:password
char *colon_index = strchr(decoded_authorization, ':');
if(colon_index != NULL)
{
//replace colon index with null termination
colon_index[0] = 0;
//username is from start till our previous null termination
char *req_username = &decoded_authorization[0];
//the rest is the password
char *req_password = &colon_index[1];
//ESP_LOGD(TAG, "Username:%s, Password:%s", req_username, req_password);
//check if both username and password match the server's credentials
if ((strcmp(req_username, server_username) == 0) && (strcmp(req_password, server_password) == 0))
{
return true;
}
}
else
{
//ESP_LOGD(TAG, "Decoede authorization does not contain password");
}
}
else
{
//ESP_LOGD(TAG, "Decoding failed");
}
}
else
{
//ESP_LOGD(TAG, "Authorization value not in correct format");
}
}
else
{
//ESP_LOGD(TAG, "Cannot retrieve autorization value");
}
}
else
{
//ESP_LOGD(TAG, "No autorization header or too long");
}
//ESP_LOGW(TAG, "Authentication Failed");
return false;
}
Code: Select all
esp_err_t handlerGetRoot(httpd_req_t *req)
{
if(httpAuthenticateRequest(req, "username", "password") == false)
{
return httpRequestAuthorization(req);
}
...
}
Who is online
Users browsing this forum: No registered users and 66 guests