Home/Support/Support Forum/authentication log out
Welcome to Digi Forum, where you can ask questions and receive answers from other members of the community.

authentication log out

0 votes
Hello,

Is it possible to log out from HTTP authentication on NET+OS 7.4.?

I do manage to log out using a URL link specifying a wrong username:password
eg: _:_@10.2.0.10

But this log off the authentication from htm webpage only. These webpage have the <!-- RpPageHeader Rpurl="/config.htm" RpAccess=Realm1 RpFunctionPtr=ConfigPagePreProc -->

But when the authentication is check by the function naCgiCheckAccess inside RpExternalCgi, the theCgiPtr still have correct username and password.

So the logoff is only done for webpage having the header RpAccess=Realm1, but all other CGI request still authenticated.


Is there a function where you can clear all authentication that have been made, on both 'side', CGI and webpage?

Thanks

Seb
asked Feb 11, 2015 in NET+OS by SebB New to the Community (30 points)

Please log in or register to answer this question.

3 Answers

0 votes
Hello

Have you looked at API RpDeleteUser()? It is described in the Advanced Web Server Toolkit manual around or about page 155. This document is located in the NET+OS installation directory in the Documentation directory in file Advanced_Web_Server_Toolkit.pdf.
answered Feb 11, 2015 by dakotas_dad Veteran of the Digi Community (694 points)
0 votes
Hello,

Thanks for that, but RpDeleteUser seems to work only for the RomPager.
CGI pointers that are passed to RpExternalCgi still have the previous correct username and password.

Is there a way to set and reset username and password of ALL CGI pointers that can be passed to RpExternalCGI?

Seb
answered Feb 12, 2015 by SebB New to the Community (30 points)
Hello

    What security scheme are you using? Answers are basic, digest or SSL.
commented Feb 12, 2015 by dakotas_dad Veteran of the Digi Community (694 points)
Basic
NA_HTTP_SECURITY_BASIC_AUTHENTICATION
commented Feb 12, 2015 by SebB New to the Community (30 points)
A lot of browsers retain the user name if not the password in cache. So using basic authentication this may be a problem for you. Try using Digest authentication which passes a nonce  between the browser and the web server.
commented Feb 12, 2015 by dakotas_dad Veteran of the Digi Community (694 points)
0 votes
Hello,

Digest authentication is not good for what I need.

But I did resolve my problem by using only the RomPager.

I'm not using the RpExternalCGI anymore when a request needs a username and password.

Thanks for your help.

Seb
answered Feb 19, 2015 by SebB New to the Community (30 points)
...