Can I use html5 Websockets with windows domain authentication?

Question

Our setup is like this: we use a coldfusion 10 server, and files are on a local intranet. Users use a domain login to access any files over https. I'm interested in using html5 websockets, but the first attempt gave me an error because no credentials were supplied. Is there a way around this? If not, is there a recommended technology for this scenario?

The user does log in on the client side. If it's possible, what I'd really like to do here is pass those credentials when making the connection to the server.

Answer 1

you should be able to supply the authentication header to your web socket server before the elevation to web socket read that and send it back in the headers for the elevation (first frame) then when the browser connects it should have the authentication it needs.

if your using a custom authentication E.G in page not authentication header you can also do this by passing any custom header to your server.

Or mandate that the first thing your web client sends is the authentication details this could be something like {username_hash}.{password_hash} if they don't close the socket to them.

Answer 2

Do not do this. You're now responsible for sending and encrypting the authentication credentials yourself, bypassing something that already works and is tested.

Anyone can snoop on an unencrypted websocket port. Use HTTPs for an intranet, use stable solutions, don't reinvent this wheel because it tickles your fancy.

In a couple of years some colleague will have to maintain this and will have to figure out how your homebrew version works versus something that's solid like plain browser authentication.

My advice: Leave this to the browser and to well-tested coldfusion libraries.