Discussion:
HTTPServer Basic Authentication with Microsoft Edge/IE
(too old to reply)
JulianL
2019-11-26 05:06:45 UTC
Permalink
I have a simple request page to trigger a workflow hosted in HTTPServer connector. This is working fine but I now have to add authentication.

I turned on Basic Authentication and followed some advice found on this forum and the latest 7.2 docs to move the authentication handling to the 'After GetNext' hook instead of the 'After Accepting connection' hook.

This works well enough if I try to access the site using Chrome. However, if I try to access using Firefox or IE/Edge with incorrect credentials the behaviour is not at all user friendly. The browser displays a blank page with no error and attempting to reload the page does not cause the browser login dialog to be displayed. The only way to attempt to login again is by quitting the browser and starting again. This is despite the browser correctly receiving a 401 error from the 'httpServer.Conn.rejectClientAuthentication()' function.

I am not sure if I am missing something or if anyone knows a trick to get IE/Edge in particular to display an error and in particular allow the user to attempt to re-authenticate on page reload.

If not I think I will have to implement a cookie/session based solution.

Any suggestions Welcome.

Julian.
Eddie Hartman
2019-11-26 17:57:49 UTC
Permalink
Post by JulianL
I have a simple request page to trigger a workflow hosted in HTTPServer connector. This is working fine but I now have to add authentication.
I turned on Basic Authentication and followed some advice found on this forum and the latest 7.2 docs to move the authentication handling to the 'After GetNext' hook instead of the 'After Accepting connection' hook.
This works well enough if I try to access the site using Chrome. However, if I try to access using Firefox or IE/Edge with incorrect credentials the behaviour is not at all user friendly. The browser displays a blank page with no error and attempting to reload the page does not cause the browser login dialog to be displayed. The only way to attempt to login again is by quitting the browser and starting again. This is despite the browser correctly receiving a 401 error from the 'httpServer.Conn.rejectClientAuthentication()' function.
I am not sure if I am missing something or if anyone knows a trick to get IE/Edge in particular to display an error and in particular allow the user to attempt to re-authenticate on page reload.
If not I think I will have to implement a cookie/session based solution.
Any suggestions Welcome.
Julian.
If you are using your own scripted logic to check credentials, then you should also set up the return payload to the client. I often create a scripted function (in a Resources > Script library script that I pre-load for ALs) with my own httpReturn() function:

function httpReturn(code, msg, exit){
// Set a default value for exit (if it is not used in the function invocation) to true.
exit = exit || true;

// Make sure there is a work Entry - in case this function is called from an AL
// Prolog Hook.
if(typeof work == "undefined"){
return;
}else{
task.logmsg("DEBUG", "Returning HTTP response (" + code + ") " + msg)

// Now set up the attributes that will be used by the built-in HTTP Parser
// of the HTTP Server Connector to make the reply to the client
work["http.resultCode"]=code;
work["http.status"]=code;
work["http.resultMsg"]=msg;

// If exit is true, then leave the Flow and reply to the client
if(exit){
system.exitFlow();
}
}
}

Now I can call it if auth fails like this:

httpReturn("401", "Unauthorized");

Hope this helps!
/Eddie

Loading...