Not logged in. · Lost password · Register
Forum: General Help and Support Installation and Configuration RSS
Automated login using URL
Avatar
npickles #1
Member since Mar 2017 · 1 post
Group memberships: Members
Show profile · Link to this post
Subject: Automated login using URL
I am developing a wiki to document a Windows application.

I don't want the resulting wiki to be available to all, so basically there will be two users, one for admin and one for read only viewing of the wiki from within our application.

Our application is written in Delphi. We have it sorted so that we launch a browser window with the relevant parameters set within the URL to get to the right part of the wiki but I am having real issues trying to get my head around the authentication options and how these might be automated so our application can login to the wiki when the browser window is launched with the relevant URL.

I am using PHP 5.3.28 CGI/FastCGI on a Windows 10 PC using IIS 10 to test/prove the configuration. We usually use Chrome as the browser.

I am told by my developers that we would use a URL in the form http://username:password@ourwiki.co.uk, which should pass the username & password to the wiki.

Am I missing something, how can I achieve auto login through the URL from within our application?
Avatar
FosseWay #2
Member since May 2016 · 98 posts · Location: Canada
Group memberships: Members
Show profile · Link to this post
I am told by my developers that we would use a URL in the form http://username:password@ourwiki.co.uk, which should pass the username & password to the wiki.

When you say "my developers", do you mean "the developers who are developing the Delphi application"? If so, they are correct that it is possible to provide credentials for HTTP Basic authentication in a URL, as suggested in your post.

To support this, you'll probably want to set up your wiki to use DokuWiki's authhttp authentication plugin.

You should be aware that providing credentials in the URL in this way over http (as opposed to https) sounds like a bad idea from a security standpoint, especially if your wiki will be publicly available/on the internet. Anyone should feel free to correct me, but I believe that the credentials will be available in plaintext to anyone who can monitor the connection requests, e.g. your ISP.

Edit: I read a bit more on this topic, and I also noticed that this method of providing credentials is deprecated, and support is being removed from some browsers (e.g. Chrome). You may want to look at alternatives...?
This post was edited on 2017-04-03, 16:27 by FosseWay.
Avatar
SFITCS #3
User title: Scott Ferguson
Member since Dec 2014 · 438 posts · Location: Canberra, Australia
Group memberships: Members
Show profile · Link to this post
Quote by FosseWay on 2017-03-31, 18:47:
You should be aware that providing credentials in the URL in this way over http (as opposed to https) sounds like a bad idea from a security standpoint, especially if your wiki will be publicly available/on the internet. Anyone should feel free to correct me, but I believe that the credentials will be available in plaintext to anyone who can monitor the connection requests, e.g. your ISP.

No correction - just expansion. It's an incredibly bad idea even on a private LAN, and yes, that username and password are plaintext. There are other, BP/basic ITIL compliant ways of achieving the same outcome without potentially compromising networked assets.

@npickles This is really a Delphi or general internet question - nothing to do with DokuWiki specifically. i.e. Those "developers" should try reading the documentation for Delphi's TWebBrowser. DokuWiki supports several secure authentication methods.
Close Smaller – Larger + Reply to this post:
Verification code: VeriCode Please enter the word from the image into the text field below. (Type the letters only, lower case is okay.)
Smileys: :-) ;-) :-D :-p :blush: :cool: :rolleyes: :huh: :-/ <_< :-( :'( :#: :scared: 8-( :nuts: :-O
Special characters:
Go to forum
Imprint
This board is powered by the Unclassified NewsBoard software, 20150713-dev, © 2003-2015 by Yves Goergen
Current time: 2017-07-20, 18:31:12 (UTC +02:00)