Authentication

The server supports both Basic (base64) and Digest (MD5) authentication, although they have not been tested with all clients. In this implementation, the contents of certain directories of the file system can be protected, such that the user will be required to issue a username/password to access the content of the directory.

To protect a directory with a basic authentication, there is a specific macro:

CYG_HTTPD_AUTH_TABLE_ENTRY(entry, path, domain, un, pw, mode)

entry            : an identifier unique to this entry.
path             : the path to the directory whose content must be
                    authenticated before it is sent out
domain           : a domain identifier for this directory.
un               : username for authentication
pw               : password for authentication
mode             : CYG_HTTPD_AUTH_BASIC for base64 encoding or 
                   CYG_HTTPD_AUTH_DIGEST for MD5 encoding

for example, to require basic authentication of the content of directory "/ecos/" with a username of "foo" and password "bar", the following is used:

CYG_HTTPD_AUTH_TABLE_ENTRY(hal_domain1_entry,          \
                           "/ecos/",    "ecos_domain", \
                           "foo",       "bar",         \
                           CYG_HTTPD_AUTH_BASIC);

Any request for a file in the directory /ecos/ will now trigger a credential check. These credentials, once provided, are automatically sent by the client for every request within the particular domain.

It must be noticed that the path name set in the macro is relative to the HTML document directory, CYGDAT_NET_HTTPD_SERVEROPT_HTMLDIR and it is the first part of the path provided by the client request (including the leading slash).

In order to reduce the footprint of the server, authentication is not enabled by default, and so the option CYGOPT_NET_ATHTTPD_USE_AUTH must be used to enable support for basic and digest authentication.

The MD5 digest authentication support is implemented using the RSA Data Security, Inc. MD5 Message-Digest Algorithm. Derivative works with MD5 digest authentication included must be identified as "derived from the RSA Data Security, Inc. MD5 Message-Digest Algorithm" in all material mentioning or referencing the derived work. See the file md5.c within this package for license details.