Roll Your Own Basic Authentication
Mike G
Posts: 2,702
Once you get your Spinneret or embedded app up and running the next logic step is to password protect your stuff. I know this because I have helped a few folks with their Spinneret projects and inevitably Im asked, How do I password protect my web site?.
This is about basic authentication. Basic authentication not the best solution but its better than nothin.
More information from wikipedia.org
http://en.wikipedia.org/wiki/Basic_access_authentication
Basic authentication uses the browser and HTTP headers to persist base-64 encoded user credentials. However, you know this because you just read the Wikipedia wiki above - hint hint.
First, the logic flow.
Authorization header
The authorization header line contains the base-64 encode username and password; web:web
If the Authorization header is not part of the request, then send the WWW-Authenticate header.
The WWW-Authenticate: header field cause the browser to popup an Authentication Required alert. Enter a username and password and click Ok. The browser will base-64 encode the credentials and send credential to the server using the Authorization header.
The base-64 credentials are not decoded on the server. When the server starts, the expected username and password are base-64 encoded and placed in a buffer. When the request comes in from the client only the base-64 strings are compared. This is not a standard, its simply the way I wrote the code.
In the attached demo, you will find a Header.Spin object. This object is used to tokenize the requested header and easily extract URL, header, GET, and POST collections. The demo is using a W5200. Sorry Spinneret users
As soon as I get a chance, I plan to update the Spinneret driver so It can use the same socket interface found in the W5200 driver.
This is about basic authentication. Basic authentication not the best solution but its better than nothin.
More information from wikipedia.org
http://en.wikipedia.org/wiki/Basic_access_authentication
Basic authentication uses the browser and HTTP headers to persist base-64 encoded user credentials. However, you know this because you just read the Wikipedia wiki above - hint hint.
First, the logic flow.
Does the current request contain an Authorization header? NO: Respond with the WWW-Authenticate: Basic realm="insert realm" header YES: Are the username and password correct? NO: Respond with the WWW-Authenticate: Basic realm="insert realm" header YES: Send the requested page
Authorization header
The authorization header line contains the base-64 encode username and password; web:web
Authorization: Basic d2ViOndlYg==
If the Authorization header is not part of the request, then send the WWW-Authenticate header.
WWW-Authenticate: Basic realm="localhost"
The WWW-Authenticate: header field cause the browser to popup an Authentication Required alert. Enter a username and password and click Ok. The browser will base-64 encode the credentials and send credential to the server using the Authorization header.
The base-64 credentials are not decoded on the server. When the server starts, the expected username and password are base-64 encoded and placed in a buffer. When the request comes in from the client only the base-64 strings are compared. This is not a standard, its simply the way I wrote the code.
In the attached demo, you will find a Header.Spin object. This object is used to tokenize the requested header and easily extract URL, header, GET, and POST collections. The demo is using a W5200. Sorry Spinneret users
As soon as I get a chance, I plan to update the Spinneret driver so It can use the same socket interface found in the W5200 driver. 
Comments
Question, Logged in fine, when I close the brouwser window , and open a new one up , its already authenticated . Anyway to kick you out each time you close the brouwser ?
Verry nice pice , Any Multsocket demos ?:p. the parseresourse is kinda trikky, with the ongoing xml replys
Do you mean the TokenizeHeader method in HttpHeader?
If you are sending XML on a POST to the server then update the TokenizeHeader method to look for the Content-Type: text/xml. If "text/xml" is found then do not decode the body. Or use GET over POST.