Authentication - WeOnlyDo Discussion board

Authentication (General questions)

by MickeK2, Saturday, December 12, 2009, 08:38 (5459 days ago)

Hello,
I'm experimenting with different solutions for user authentication with the WebServer ActiveX component. In my case I wish to protect the user data (username/password).

According to the documentation it seams like digest authentication is not supported. I know that HTTPS/SSL is supported but then the whole site will be encrypted, including all graphics. I believe this will reduce performance.

It would be nice to use the standard HTTP protocol but still have possibility to encrypt the sensitive information such as username and password.

Any comments or sugestions are appreciated.

Regards,
Michael from Sweden

Re: Authentication

by wodDamir, Saturday, December 12, 2009, 14:37 (5459 days ago) @ MickeK2

Hi Michael,

I assume you are reffering to Basic authentication, using Username/Password, whoose has value is used for autnentication.

If so, why don't you try simply setting Authentication property to True, and AuthenticationType to authBasic?

Regards,
Damba

Re: Authentication

by MickeK2, Saturday, December 12, 2009, 15:43 (5459 days ago) @ wodDamir

Thanks for reply,

'Basic access authentication' is considered today by many as insecure since the password and username is transferred without encryption. In 'Digest access authentication' this information is encrypted and considered as more secure.

I don't know if this is a serious issue in real life, but many forums recommend to stay away from Basic access authentication for security reasons. Instead, Digest access authentication or HTTPS/SSL is recommended.

Regards,
Michael

Re: Authentication

by wodDamir, Saturday, December 12, 2009, 20:05 (5458 days ago) @ MickeK2

Hi Michael,

Sorry for misunderstanding your first post. I'll talk to our programmers, to see if we could implement DIGEST as authentication type.

We will inform you as soon as we have news on this.

Regards,
Damba

Re: Authentication

by wodSupport, Sunday, December 13, 2009, 21:32 (5457 days ago) @ wodDamir

Micke,

I see that NTLM is supported - did you try using that one? It is not insecure as Basic is.

Let me know if it works for you!

Regards,
Kreso

Re: Authentication

by MickeK2, Tuesday, December 15, 2009, 17:28 (5456 days ago) @ wodSupport

Hi again,

I don't like the NT approach. I think I go for the SSL solution.
I think posting data from an unsecure page to a SSL page actually encrypt the data. This will do the protection I need. For all other trafic I can use normal http.

Thanks,
Michael