Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Is it possible to use Digest-Authentication with a XMLHTTPRequest?

Tags:

javascript

http

xmlhttprequest

web

I have a simple question: Is it possible to use Digest-Authentication with a XMLHTTPRequest?

If the answer is no, what's the technical reason? Or if it is possible - how can I do that?

Thanks a lot … google has no good answer so far :-/

EDIT:

Thanks for the answers. Modifying the header to match the digest authentication-scheme, after a nonce has been received, seems to be a solution.

But what I was really looking for was that I could change my current call: xmlhttp.open("GET", url, false, username, password); to sth. like that xmlhttp.open("GET", url, false, username, password, "DIGEST");

That’s also part of my initial question: Why does the open-method not offer the option to make a digest-request?

Maybe there is js-lib one could recommend that lets me do that - as you imagine I don't really want to change the one and simple xmlhttp.open to multiple requests and first get a nonce.

like image 627
user880625 Avatar asked Aug 23 '11 10:08

user880625

2 Answers

You can do it no problem. Just follow the parts of the specs you feel like ;)
https://www.rfc-editor.org/rfc/rfc2617
and is all you are missing to start writing your authentication library
http://pajhome.org.uk/crypt/md5/
on the client side.

pre-exchange user name and password
Hey I want to authenticate ----> server
Ok here is a nonce/salt ----> client
here is a md5 hash sum of my username password timestamp and the salt -----> server
I just hased up your password and username the same way you did and they are the same ----->client
Those are the basics of it.

I left out that you need to include the URI of the requested resource in the hashsum!!!!
Of course you do this with every request you make for a resource to the server that way some one intercepting the hash could only view the content you requested and could not make a request for a miscellaneous resource.This method does not secure the data just access to it.

like image 104
James Andino Avatar answered Sep 18 '22 15:09

James Andino

Have a look at this article : https://web.archive.org/web/20130227152456/http://marcin-michalski.pl/2012/11/01/javascript-digest-authentication-restful-webservice-spring-security-javascript-ajax/. It explains how to do JavaScript client for Digest Authentication with SpringSecurity in the server side. The code is available in github : https://github.com/Arrowgroup/JSDigestAuth

like image 22
Marcin Michalski Avatar answered Sep 17 '22 15:09

Marcin Michalski
Sign in to Comment

Related questions

JavaScript error when using Highcharts
Gravitational JavaScript
How do you keep your Javascript libraries updated to the latest versions in a large web project?
How do I load a page in a div?
Adding IFRAME to DOM by Javascript
Fastest way to search string in javascript
Show a txt file on a webpage which updates every second
ruby/rails equivalent to javascript decodeURIComponent?
JQuery Animated Text
WebStorm jQuery auto complete not working
Jquery: selector for an event on an element but not on its children?
How to sort list items using custom sort order in jQuery
canvas ImageData remove white pixels
javascript library for free form drawing
What is this? (function(){ })() [duplicate]
Check date in JavaScript
Issue using Google Analytics with Require.js
javascript regex to count whitespace characters
Passing parameters on event listeners with loops
Changing icon based on zoom level

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!