Il giorno lun 20 apr 2020 alle ore 12:35 Marco Lazzaroni <
address@hidden> ha scritto:
About Basic Authentication, I suppose that I have to do the following:
- when I get a HTTP request, I have to check in the headers if the "Authorization: Basic xxxxx" is present: if not, I have to send a HTTP 401 with "WWW-Authenticate: Basic realm..."
- if the "authorization: Basic header" is present, and the credentials are correct, I have to reply with a Http 200 and the rest of the page
- wrong user/pass: HTTP 403
In case someone has the same need, i implemented basic authentication:
- added 401 "if" in http_find_error_file
- in http_parse_request():
- if authorization header is missing, then return 401
- if Authorization: Basic <credentials> are not ok (checked by external function), then return 401, else go on and send the web page
That's all, if someone will need some more detail I'll give it to them.
Cheers
Marco