authentication log out

Question

Hello,

Is it possible to log out from HTTP authentication on NET+OS 7.4.?

I do manage to log out using a URL link specifying a wrong username:password
eg: _:_@10.2.0.10

But this log off the authentication from htm webpage only. These webpage have the <!-- RpPageHeader Rpurl="/config.htm" RpAccess=Realm1 RpFunctionPtr=ConfigPagePreProc -->

But when the authentication is check by the function naCgiCheckAccess inside RpExternalCgi, the theCgiPtr still have correct username and password.

So the logoff is only done for webpage having the header RpAccess=Realm1, but all other CGI request still authenticated.


Is there a function where you can clear all authentication that have been made, on both 'side', CGI and webpage?

Thanks

Seb

Answer 1

Hello

Have you looked at API RpDeleteUser()? It is described in the Advanced Web Server Toolkit manual around or about page 155. This document is located in the NET+OS installation directory in the Documentation directory in file Advanced_Web_Server_Toolkit.pdf.

Answer 2

Hello,

Thanks for that, but RpDeleteUser seems to work only for the RomPager.
CGI pointers that are passed to RpExternalCgi still have the previous correct username and password.

Is there a way to set and reset username and password of ALL CGI pointers that can be passed to RpExternalCGI?

Seb

Comments

Hello

    What security scheme are you using? Answers are basic, digest or SSL.

---

Basic
NA_HTTP_SECURITY_BASIC_AUTHENTICATION

---

A lot of browsers retain the user name if not the password in cache. So using basic authentication this may be a problem for you. Try using Digest authentication which passes a nonce  between the browser and the web server.

Answer 3

Hello,

Digest authentication is not good for what I need.

But I did resolve my problem by using only the RomPager.

I'm not using the RpExternalCGI anymore when a request needs a username and password.

Thanks for your help.

Seb