URL usage with authentification

Hi Guys,

Kinda Juce related questions.

I’m trying to access an URL which require a login/password.

for example
https://www.bobo.com
login: bob
paswword: toto

I know that you can write the url like that but it looks like this doesn’t work in Juce (on Window at least)
https://bob:toto@www.bobo.com

might be related to IE forbidden this. (http://support.microsoft.com/kb/834489)

I checked on google and it seems possible to put that kind of info in the header so I tried to do this in Juce as well
http://en.wikipedia.org/wiki/Basic_access_authentication

juce::URL url("https://www.bobo.com");
juce::String str(bob:toto);
juce::MemoryBlock block(str.toUTF8().getAddress(), str.getNumBytesAsUTF8());
juce::String headers = "Authorization: Basic " + block.toBase64Encoding();
juce::InputStream *pIStream = url.createInputStream(false, 0, 0, headers, 0, 0);

This doesn’t work either.

Am I missing something ?

Thanks,

Does the server you’re connecting to support basic auth?

When you connect to the site in a browser, how does it work? Are you presented with a normal browser login box, or a web-generated form?

If the login prompt is a browser generated affair, you might benefit from using browser tools to get a feel for what’s going on. Most browsers have debugging tools that let you inspect received and sent headers. Watching how your browser negotiates the session will give you an idea of what you need to do.

There are also tools that can intercept (usually through a proxy) HTTP/S traffic and let you monitor the whole deal. This could be handy when debugging your JUCE output too.

If the site uses a form based login, most likely you simply need to send the params back as urlencoded variables. Note though that you’ll probably need to request the form first, get the form id, and return it along with your user name and password. This is a common idiom for defeating trivial cross site scripting attacks.

normal browser login box not a custom one.

I’ve ended up using libcurl which works pretty fine, so this is not a big deal.

This is quite an old subject, and I find myself needing to access a secure (HTTPS) site, and provding a Username & Password.

I've had a quick look around Juce's documention, and can't find anything  (I thought, perhaps passing a username/password on crating a URL or something)-

Testing some ideas I tried a few examples in JuceDemo - Oddly, I can use the (above mentioned version) HTTPS://<usr>:<pwd>@www.URI.com seemed to work (at one point) in the Browser Component Demo (I'm guessing it uses the system designed browser to do the gruntwork), but the HTTP demo,and it looks like it worked, but the HTTP Demo fails to connect (which, I suppose, I understand - shouldn't really be chucking around unencrpted auth details about )

Anyhow, I wondered if anything had changed since this question was raised?

Ah, I just found this, more recent, post  http://www.juce.com/forum/topic/url-class-doesnt-provide-standard-fields   :(

Hi all and happy new year!

I’m glad to be back on track with the last JUCE version 5.4.1!

I have got an old issue on Windows 10 64bit with the following code snippet:

  juce::URL url("http://juceuser:lovejuce@download.smode.fr/htaccesstest/");
  String htmlcontent = url.readEntireTextStream();

htmlcontent is empty because my website use htaccess login password.
Non protected web page works fine.

According to MSDN Wininet caller need to resend HttpSendRequest to use the good authentication method.

So I made a fix to juce\modules\juce_core\native\juce_win32_Network.cpp line 372

 retry: // support of url with login password need ugly goto label: so 1978 style.

    if (HttpSendRequestEx (request, &buffers, 0, HSR_INITIATE, 0))
    {
        int bytesSent = 0;

        for (;;)
        {
            const int bytesToDo = jmin (1024, (int) postData.getSize() - bytesSent);
            DWORD bytesDone = 0;

            if (bytesToDo > 0
                 && ! InternetWriteFile (request,
                                         static_cast<const char*> (postData.getData()) + bytesSent,
                                         (DWORD) bytesToDo, &bytesDone))
            {
                break;
            }

            if (bytesToDo == 0 || (int) bytesDone < bytesToDo)
            {
                if (HttpEndRequest (request, 0, 0, 0))
                    return;
                
                DWORD error = GetLastError();
                if (error == ERROR_INTERNET_FORCE_RETRY) // for support of url with login password need retry HttpSendRequestEx 
                    goto retry;

Hopping this can be merged in master branch
Best regards

Thanks, I’ll push something for this shortly (without a goto…).

It’ll be on the develop branch to begin with and will make it’s way onto master the next time we do a JUCE release.

Hi Ed!
Thanks for your concern about this,
And many thanks for the Juce develop branch, I will pull it when you are done with it.

Best regards

I’ve added it here.

1 Like

Your version fix my issue perfectly,
Many thanks for that.
The best.