60👍
You can include the user and password as part of the URL:
http://user:passwd@www.server.com/index.html
see this URL, for more
HTTP Basic Authentication credentials passed in URL and encryption
of course, you’ll need the username password, it’s not 'Basic hashstring.
hope this helps…
84👍
Per https://developer.mozilla.org/en-US/docs/Web/API/WindowBase64/Base64_encoding_and_decoding and http://en.wikipedia.org/wiki/Basic_access_authentication , here is how to do Basic auth with a header instead of putting the username and password in the URL. Note that this still doesn’t hide the username or password from anyone with access to the network or this JS code (e.g. a user executing it in a browser):
$.ajax({
type: 'POST',
url: http://theappurl.com/api/v1/method/,
data: {},
crossDomain: true,
beforeSend: function(xhr) {
xhr.setRequestHeader('Authorization', 'Basic ' + btoa(unescape(encodeURIComponent(YOUR_USERNAME + ':' + YOUR_PASSWORD))))
}
});
- [Django]-Uninstall Django completely
- [Django]-Unique fields that allow nulls in Django
- [Django]-How do I run tests for all my Django apps only?
62👍
NodeJS answer:
In case you wanted to do it with NodeJS: make a GET to JSON endpoint with Authorization header and get a Promise back:
First
npm install --save request request-promise
(see on npm) and then in your .js file:
var requestPromise = require('request-promise');
var user = 'user';
var password = 'password';
var base64encodedData = Buffer.from(user + ':' + password).toString('base64');
requestPromise.get({
uri: 'https://example.org/whatever',
headers: {
'Authorization': 'Basic ' + base64encodedData
},
json: true
})
.then(function ok(jsonData) {
console.dir(jsonData);
})
.catch(function fail(error) {
// handle error
});
- [Django]-Cross domain at axios
- [Django]-Why won't Django use IPython?
- [Django]-Django TextField and CharField is stripping spaces and blank lines
17👍
If you are in a browser environment you can also use btoa.
btoa is a function which takes a string as argument and produces a Base64 encoded ASCII string. Its supported by 97% of browsers.
Example:
> "Basic " + btoa("billy"+":"+"secretpassword")
< "Basic YmlsbHk6c2VjcmV0cGFzc3dvcmQ="
You can then add Basic YmlsbHk6c2VjcmV0cGFzc3dvcmQ= to the authorization header.
Note that the usual caveats about HTTP BASIC auth apply, most importantly if you do not send your traffic over https an eavesdropped can simply decode the Base64 encoded string thus obtaining your password.
This security.stackexchange.com answer gives a good overview of some of the downsides.
- [Django]-Are there any plans to officially support Django with IIS?
- [Django]-Phpmyadmin logs out after 1440 secs
- [Django]-Django error when installing Graphite – settings.DATABASES is improperly configured. Please supply the ENGINE value
3👍
no need to use user and password as part of the URL
you can try this
byte[] encodedBytes = Base64.encodeBase64("user:passwd".getBytes());
String USER_PASS = new String(encodedBytes);
HttpUriRequest request = RequestBuilder.get(url).addHeader("Authorization", USER_PASS).build();
- [Django]-How to specify an IP address with Django test client?
- [Django]-How do I include related model fields using Django Rest Framework?
- [Django]-How to get value from form field in django framework?
1👍
PHP – curl:
$username = 'myusername';
$password = 'mypassword';
...
curl_setopt($ch, CURLOPT_USERPWD, $username . ":" . $password);
...
PHP – POST in WordPress:
$username = 'myusername';
$password = 'mypassword';
...
wp_remote_post('https://...some...api...endpoint...', array(
'headers' => array(
'Authorization' => 'Basic ' . base64_encode("$username:$password")
)
));
...
- [Django]-Embed YouTube video – Refused to display in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'
- [Django]-Django-allauth: Linking multiple social accounts to a single user
- [Django]-Django.contrib.gis.db.backends.postgis vs django.db.backends.postgresql_psycopg2