Hi Ben,
this is not working secure, because only the URI /protected is compared.
If someone type in /protected/index.html or whatever file is inside, this
is not working anymore.
Also typing in /protected/ with the second "/" fails.
Best, Mike
Am Samstag, 25. Januar 2014 00:15:46 UTC+1 schrieb Ben Anderson:
>
> Sergey,
> I think that is exactly what I was looking for. Thanks for such a quick
> reply! I have included my quick sample code to test and it seems to work
> fine. Is this your expected usage pattern for an auth_handler?
>
> static int auth_handler(struct mg_connection *conn)
> {
> FILE *fp;
> int result = 0;
>
> printf("uri to requested -> %s\n", conn->uri);
>
> if ( strncmp("/protected", conn->uri, 10))
> {
> printf("Not Inside /protected, ok to proceed.\n");
> result = 1;
> }
> else // inside protected uri
> {
> printf("Inside /protected \n");
> if ((fp = fopen("/home/xetawave/Downloads/mongoose-5.2/passwords.txt",
> "r")) != NULL) {
> result = mg_authorize_digest(conn, fp);
> fclose(fp);
> }
> }
>
> printf("auth_handler result %d\n", result);
> return result;
> }
>
>
> On a different note, I noticed the IE11 can never authenticate with the
> Auth request (latest versions of chrome & FF do just fine). I haven't dug
> into the details yet.
>
> Thanks,
> Ben
>
> On Friday, January 24, 2014 1:53:48 PM UTC-7, Sergey Lyubka wrote:
>>
>> Glad you've asked Ben :-)
>> You should use mg_set_auth_handler() function which I have added
>> <https://github.com/cesanta/mongoose/commit/f977757a9d5950c097365e1cb90f6cce05f0238a>
>>
>> about 5 minutes ago :-)
>>
>> Modified auth.c is at
>> https://github.com/cesanta/mongoose/blob/master/examples/auth.c
>> Note that auth handler could be sensitive to URI, and authorize only
>> certain URIs
>> against the passwords file, for example those start with "/secret".
>>
>> I assume that function fulfills your needs, let me know if it doesn't.
>>
>> Sergey.
>>
>
--
You received this message because you are subscribed to the Google Groups
"mongoose-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/mongoose-users.
For more options, visit https://groups.google.com/d/optout.
