Grokbase Groups Node.js nodejs October 2012
FAQ
Hi,

Can anyone provide some sample code to show how a node http server can be
secured using basic username/password authentication. Here's my sample
server :-

var express = require('express');
var server = express.createServer();

server.use(express.static(__dirname + '/public'));
server.listen(80);

I've seen packages such as http-auth etc ...

Thanks in advance !

--
Job Board: http://jobs.nodejs.org/
Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
You received this message because you are subscribed to the Google
Groups "nodejs" group.
To post to this group, send email to nodejs@googlegroups.com
To unsubscribe from this group, send email to
nodejs+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/nodejs?hl=en?hl=en

Search Discussions

  • Greelgorke at Oct 25, 2012 at 11:44 am
    http://expressjs.com/api.html#basicAuth

    Am Donnerstag, 25. Oktober 2012 11:23:08 UTC+2 schrieb gng:
    Hi,

    Can anyone provide some sample code to show how a node http server can be
    secured using basic username/password authentication. Here's my sample
    server :-

    var express = require('express');
    var server = express.createServer();

    server.use(express.static(__dirname + '/public'));
    server.listen(80);

    I've seen packages such as http-auth etc ...

    Thanks in advance !
    --
    Job Board: http://jobs.nodejs.org/
    Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
    You received this message because you are subscribed to the Google
    Groups "nodejs" group.
    To post to this group, send email to nodejs@googlegroups.com
    To unsubscribe from this group, send email to
    nodejs+unsubscribe@googlegroups.com
    For more options, visit this group at
    http://groups.google.com/group/nodejs?hl=en?hl=en
  • Gng at Oct 25, 2012 at 12:31 pm
    Thanks. I added that so my code now looks like :-

    var express = require('express');

    var server = express.createServer();

    server.use(express.basicAuth('test','testpass'));

    io = require('socket.io').listen(server);
    io.set('log level', 1); // reduce logging

    server.use(express.static(__dirname + '/public'));
    server.use(express.basicAuth(function(user,pass){
    return 'test'==user & 'testpass' == pass;
    }));


    server.listen(80);


    On starting the server and first accessing a page, there is indeed a prompt
    for a username and password. If that's supplied, the page is then rendered.
    However, on restarting and visiting the page, no prompt is made (browser
    cache is flushed etc) - is there a way to overcome that ?
    On Thursday, 25 October 2012 12:44:49 UTC+1, greelgorke wrote:

    http://expressjs.com/api.html#basicAuth

    Am Donnerstag, 25. Oktober 2012 11:23:08 UTC+2 schrieb gng:
    Hi,

    Can anyone provide some sample code to show how a node http server can be
    secured using basic username/password authentication. Here's my sample
    server :-

    var express = require('express');
    var server = express.createServer();

    server.use(express.static(__dirname + '/public'));
    server.listen(80);

    I've seen packages such as http-auth etc ...

    Thanks in advance !
    --
    Job Board: http://jobs.nodejs.org/
    Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
    You received this message because you are subscribed to the Google
    Groups "nodejs" group.
    To post to this group, send email to nodejs@googlegroups.com
    To unsubscribe from this group, send email to
    nodejs+unsubscribe@googlegroups.com
    For more options, visit this group at
    http://groups.google.com/group/nodejs?hl=en?hl=en
  • Greelgorke at Oct 25, 2012 at 1:07 pm
    check your cookies. flushing cache has no effect on cookies.

    Am Donnerstag, 25. Oktober 2012 14:31:53 UTC+2 schrieb gng:
    Thanks. I added that so my code now looks like :-

    var express = require('express');

    var server = express.createServer();

    server.use(express.basicAuth('test','testpass'));

    io = require('socket.io').listen(server);
    io.set('log level', 1); // reduce logging

    server.use(express.static(__dirname + '/public'));
    server.use(express.basicAuth(function(user,pass){
    return 'test'==user & 'testpass' == pass;
    }));


    server.listen(80);


    On starting the server and first accessing a page, there is indeed a
    prompt for a username and password. If that's supplied, the page is then
    rendered. However, on restarting and visiting the page, no prompt is made
    (browser cache is flushed etc) - is there a way to overcome that ?
    On Thursday, 25 October 2012 12:44:49 UTC+1, greelgorke wrote:

    http://expressjs.com/api.html#basicAuth

    Am Donnerstag, 25. Oktober 2012 11:23:08 UTC+2 schrieb gng:
    Hi,

    Can anyone provide some sample code to show how a node http server can
    be secured using basic username/password authentication. Here's my sample
    server :-

    var express = require('express');
    var server = express.createServer();

    server.use(express.static(__dirname + '/public'));
    server.listen(80);

    I've seen packages such as http-auth etc ...

    Thanks in advance !
    --
    Job Board: http://jobs.nodejs.org/
    Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
    You received this message because you are subscribed to the Google
    Groups "nodejs" group.
    To post to this group, send email to nodejs@googlegroups.com
    To unsubscribe from this group, send email to
    nodejs+unsubscribe@googlegroups.com
    For more options, visit this group at
    http://groups.google.com/group/nodejs?hl=en?hl=en
  • Gng at Oct 25, 2012 at 1:16 pm
    Sorry, I should have been more specific: I have removed cookies (even
    restarted the browser) but I do not get challenged again.

    Is there anything that I'm missing ? The way I understand things is that on
    clearing any set cookies, you should be challenged each time the page is
    next visited.
    On Thursday, 25 October 2012 14:07:28 UTC+1, greelgorke wrote:

    check your cookies. flushing cache has no effect on cookies.

    Am Donnerstag, 25. Oktober 2012 14:31:53 UTC+2 schrieb gng:
    Thanks. I added that so my code now looks like :-

    var express = require('express');

    var server = express.createServer();

    server.use(express.basicAuth('test','testpass'));

    io = require('socket.io').listen(server);
    io.set('log level', 1); // reduce logging

    server.use(express.static(__dirname + '/public'));
    server.use(express.basicAuth(function(user,pass){
    return 'test'==user & 'testpass' == pass;
    }));


    server.listen(80);


    On starting the server and first accessing a page, there is indeed a
    prompt for a username and password. If that's supplied, the page is then
    rendered. However, on restarting and visiting the page, no prompt is made
    (browser cache is flushed etc) - is there a way to overcome that ?
    On Thursday, 25 October 2012 12:44:49 UTC+1, greelgorke wrote:

    http://expressjs.com/api.html#basicAuth

    Am Donnerstag, 25. Oktober 2012 11:23:08 UTC+2 schrieb gng:
    Hi,

    Can anyone provide some sample code to show how a node http server can
    be secured using basic username/password authentication. Here's my sample
    server :-

    var express = require('express');
    var server = express.createServer();

    server.use(express.static(__dirname + '/public'));
    server.listen(80);

    I've seen packages such as http-auth etc ...

    Thanks in advance !
    --
    Job Board: http://jobs.nodejs.org/
    Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
    You received this message because you are subscribed to the Google
    Groups "nodejs" group.
    To post to this group, send email to nodejs@googlegroups.com
    To unsubscribe from this group, send email to
    nodejs+unsubscribe@googlegroups.com
    For more options, visit this group at
    http://groups.google.com/group/nodejs?hl=en?hl=en
  • Mscdex at Oct 25, 2012 at 1:29 pm

    On Oct 25, 9:16 am, gng wrote:
    Is there anything that I'm missing ? The way I understand things is that on
    clearing any set cookies, you should be challenged each time the page is
    next visited.
    Why do you have this line?:
    server.use(express.basicAuth('test','testpass'));

    --
    Job Board: http://jobs.nodejs.org/
    Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
    You received this message because you are subscribed to the Google
    Groups "nodejs" group.
    To post to this group, send email to nodejs@googlegroups.com
    To unsubscribe from this group, send email to
    nodejs+unsubscribe@googlegroups.com
    For more options, visit this group at
    http://groups.google.com/group/nodejs?hl=en?hl=en
  • Angel Java Lopez at Oct 25, 2012 at 1:35 pm
    AFAIK, basic authentication data trips on an HTTP header, not using a cookie

    According to
    http://en.wikipedia.org/wiki/Basic_access_authentication
    Existing browsers retain authentication information until the tab or
    browser is closed or the user clears the
    history.[1]<http://en.wikipedia.org/wiki/Basic_access_authentication#cite_note-0>

    So, maybe you must clear the page history, too.
    On Thu, Oct 25, 2012 at 10:29 AM, mscdex wrote:
    On Oct 25, 9:16 am, gng wrote:
    Is there anything that I'm missing ? The way I understand things is that on
    clearing any set cookies, you should be challenged each time the page is
    next visited.
    Why do you have this line?:
    server.use(express.basicAuth('test','testpass'));

    --
    Job Board: http://jobs.nodejs.org/
    Posting guidelines:
    https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
    You received this message because you are subscribed to the Google
    Groups "nodejs" group.
    To post to this group, send email to nodejs@googlegroups.com
    To unsubscribe from this group, send email to
    nodejs+unsubscribe@googlegroups.com
    For more options, visit this group at
    http://groups.google.com/group/nodejs?hl=en?hl=en
    --
    Job Board: http://jobs.nodejs.org/
    Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
    You received this message because you are subscribed to the Google
    Groups "nodejs" group.
    To post to this group, send email to nodejs@googlegroups.com
    To unsubscribe from this group, send email to
    nodejs+unsubscribe@googlegroups.com
    For more options, visit this group at
    http://groups.google.com/group/nodejs?hl=en?hl=en
  • Dan Milon at Oct 25, 2012 at 1:36 pm
    Basic Auth does not use cookies. After you provide the credentials, its
    up to the browser to stop sending the Authentication header. Usually
    that happens after a browser restart. Try private browsing.

    danmilon.
    On 10/25/2012 04:16 PM, gng wrote:
    Sorry, I should have been more specific: I have removed cookies (even
    restarted the browser) but I do not get challenged again.

    Is there anything that I'm missing ? The way I understand things is that
    on clearing any set cookies, you should be challenged each time the page
    is next visited.

    On Thursday, 25 October 2012 14:07:28 UTC+1, greelgorke wrote:

    check your cookies. flushing cache has no effect on cookies.

    Am Donnerstag, 25. Oktober 2012 14:31:53 UTC+2 schrieb gng:

    Thanks. I added that so my code now looks like :-

    var express = require('express');

    var server = express.createServer();

    server.use(express.basicAuth('test','testpass'));

    io = require('socket.io <http://socket.io>').listen(server);
    io.set('log level', 1); // reduce logging

    server.use(express.static(__dirname + '/public'));
    server.use(express.basicAuth(function(user,pass){
    return 'test'==user & 'testpass' == pass;
    }));


    server.listen(80);


    On starting the server and first accessing a page, there is
    indeed a prompt for a username and password. If that's supplied,
    the page is then rendered. However, on restarting and visiting
    the page, no prompt is made (browser cache is flushed etc) - is
    there a way to overcome that ?

    On Thursday, 25 October 2012 12:44:49 UTC+1, greelgorke wrote:

    http://expressjs.com/api.html#basicAuth
    <http://expressjs.com/api.html#basicAuth>

    Am Donnerstag, 25. Oktober 2012 11:23:08 UTC+2 schrieb gng:

    Hi,

    Can anyone provide some sample code to show how a node
    http server can be secured using basic username/password
    authentication. Here's my sample server :-

    var express = require('express');
    var server = express.createServer();

    server.use(express.static(__dirname + '/public'));
    server.listen(80);

    I've seen packages such as http-auth etc ...

    Thanks in advance !

    --
    Job Board: http://jobs.nodejs.org/
    Posting guidelines:
    https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
    You received this message because you are subscribed to the Google
    Groups "nodejs" group.
    To post to this group, send email to nodejs@googlegroups.com
    To unsubscribe from this group, send email to
    nodejs+unsubscribe@googlegroups.com
    For more options, visit this group at
    http://groups.google.com/group/nodejs?hl=en?hl=en
    --
    Job Board: http://jobs.nodejs.org/
    Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
    You received this message because you are subscribed to the Google
    Groups "nodejs" group.
    To post to this group, send email to nodejs@googlegroups.com
    To unsubscribe from this group, send email to
    nodejs+unsubscribe@googlegroups.com
    For more options, visit this group at
    http://groups.google.com/group/nodejs?hl=en?hl=en
  • Gng at Oct 28, 2012 at 10:41 pm
    Hi all,

    Sorry to appear dumb about this, but no amount of tweaking (private
    browsing, clearing cookies, restarting browser etc) seems to fix this. My
    simple server code is as follows:-

    var express = require('express');
    var server = express.createServer();

    server.use(express.basicAuth('test','testpass'));

    io = require('socket.io').listen(server);

    server.use(express.static(__dirname + '/public'));
    server.use(express.basicAuth(function(user,pass){
    return 'test'==user & 'testpass' == pass;
    }));


    server.listen(80);

    So I'd expect every new user that trys to browse a resource in the server
    to be presented with a login/password challenge. The browser could cache
    this detail (based on the user permission) for the duration of the browser
    session (but this is immaterial) - the point is every unique user would get
    challenged. I'm not seeing this at all - any new client can access a
    resource without a challenge.

    Again, any help much appreciated !

    Thanks.


    On Thursday, 25 October 2012 14:36:19 UTC+1, Dan Milon wrote:

    Basic Auth does not use cookies. After you provide the credentials, its
    up to the browser to stop sending the Authentication header. Usually
    that happens after a browser restart. Try private browsing.

    danmilon.
    On 10/25/2012 04:16 PM, gng wrote:
    Sorry, I should have been more specific: I have removed cookies (even
    restarted the browser) but I do not get challenged again.

    Is there anything that I'm missing ? The way I understand things is that
    on clearing any set cookies, you should be challenged each time the page
    is next visited.

    On Thursday, 25 October 2012 14:07:28 UTC+1, greelgorke wrote:

    check your cookies. flushing cache has no effect on cookies.

    Am Donnerstag, 25. Oktober 2012 14:31:53 UTC+2 schrieb gng:

    Thanks. I added that so my code now looks like :-

    var express = require('express');

    var server = express.createServer();

    server.use(express.basicAuth('test','testpass'));

    io = require('socket.io <http://socket.io>').listen(server);
    io.set('log level', 1); // reduce logging

    server.use(express.static(__dirname + '/public'));
    server.use(express.basicAuth(function(user,pass){
    return 'test'==user & 'testpass' == pass;
    }));


    server.listen(80);


    On starting the server and first accessing a page, there is
    indeed a prompt for a username and password. If that's supplied,
    the page is then rendered. However, on restarting and visiting
    the page, no prompt is made (browser cache is flushed etc) - is
    there a way to overcome that ?

    On Thursday, 25 October 2012 12:44:49 UTC+1, greelgorke wrote:

    http://expressjs.com/api.html#basicAuth
    <http://expressjs.com/api.html#basicAuth>

    Am Donnerstag, 25. Oktober 2012 11:23:08 UTC+2 schrieb gng:

    Hi,

    Can anyone provide some sample code to show how a node
    http server can be secured using basic username/password
    authentication. Here's my sample server :-

    var express = require('express');
    var server = express.createServer();

    server.use(express.static(__dirname + '/public'));
    server.listen(80);

    I've seen packages such as http-auth etc ...

    Thanks in advance !

    --
    Job Board: http://jobs.nodejs.org/
    Posting guidelines:
    https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
    You received this message because you are subscribed to the Google
    Groups "nodejs" group.
    To post to this group, send email to nod...@googlegroups.com<javascript:>
    To unsubscribe from this group, send email to
    nodejs+un...@googlegroups.com <javascript:>
    For more options, visit this group at
    http://groups.google.com/group/nodejs?hl=en?hl=en
    --
    Job Board: http://jobs.nodejs.org/
    Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
    You received this message because you are subscribed to the Google
    Groups "nodejs" group.
    To post to this group, send email to nodejs@googlegroups.com
    To unsubscribe from this group, send email to
    nodejs+unsubscribe@googlegroups.com
    For more options, visit this group at
    http://groups.google.com/group/nodejs?hl=en?hl=en
  • Dan Milon at Oct 29, 2012 at 10:07 am
    Express middlewares are called in the order you define them.
    The static middleware will call the next middleware only if it failed
    serving the static resource.

    You need basicAuth before static.

    danmilon.
    On 10/29/2012 12:41 AM, gng wrote:
    Hi all,

    Sorry to appear dumb about this, but no amount of tweaking (private
    browsing, clearing cookies, restarting browser etc) seems to fix this.
    My simple server code is as follows:-

    var express = require('express');
    var server = express.createServer();

    server.use(express.basicAuth('test','testpass'));

    io = require('socket.io').listen(server);

    server.use(express.static(__dirname + '/public'));
    server.use(express.basicAuth(function(user,pass){
    return 'test'==user & 'testpass' == pass;
    }));


    server.listen(80);

    So I'd expect every new user that trys to browse a resource in the
    server to be presented with a login/password challenge. The browser
    could cache this detail (based on the user permission) for the duration
    of the browser session (but this is immaterial) - the point is every
    unique user would get challenged. I'm not seeing this at all - any new
    client can access a resource without a challenge.

    Again, any help much appreciated !

    Thanks.



    On Thursday, 25 October 2012 14:36:19 UTC+1, Dan Milon wrote:

    Basic Auth does not use cookies. After you provide the credentials, its
    up to the browser to stop sending the Authentication header. Usually
    that happens after a browser restart. Try private browsing.

    danmilon.
    On 10/25/2012 04:16 PM, gng wrote:
    Sorry, I should have been more specific: I have removed cookies (even
    restarted the browser) but I do not get challenged again.

    Is there anything that I'm missing ? The way I understand things is that
    on clearing any set cookies, you should be challenged each time the page
    is next visited.

    On Thursday, 25 October 2012 14:07:28 UTC+1, greelgorke wrote:

    check your cookies. flushing cache has no effect on cookies.

    Am Donnerstag, 25. Oktober 2012 14:31:53 UTC+2 schrieb gng:

    Thanks. I added that so my code now looks like :-

    var express = require('express');

    var server = express.createServer();

    server.use(express.basicAuth('test','testpass'));

    io = require('socket.io <http://socket.io>
    <http://socket.io>').listen(server);
    io.set('log level', 1); // reduce logging

    server.use(express.static(__dirname + '/public'));
    server.use(express.basicAuth(function(user,pass){
    return 'test'==user & 'testpass' == pass;
    }));


    server.listen(80);


    On starting the server and first accessing a page, there is
    indeed a prompt for a username and password. If that's supplied,
    the page is then rendered. However, on restarting and visiting
    the page, no prompt is made (browser cache is flushed etc) - is
    there a way to overcome that ?

    On Thursday, 25 October 2012 12:44:49 UTC+1, greelgorke wrote:
    http://expressjs.com/api.html#basicAuth
    <http://expressjs.com/api.html#basicAuth>
    <http://expressjs.com/api.html#basicAuth
    <http://expressjs.com/api.html#basicAuth>>
    Am Donnerstag, 25. Oktober 2012 11:23:08 UTC+2 schrieb gng:
    Hi,

    Can anyone provide some sample code to show how a node
    http server can be secured using basic
    username/password
    authentication. Here's my sample server :-

    var express = require('express');
    var server = express.createServer();

    server.use(express.static(__dirname + '/public'));
    server.listen(80);

    I've seen packages such as http-auth etc ...

    Thanks in advance !

    --
    Job Board: http://jobs.nodejs.org/
    Posting guidelines:
    https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
    <https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines>
    You received this message because you are subscribed to the Google
    Groups "nodejs" group.
    To post to this group, send email to nod...@googlegroups.com
    <javascript:>
    To unsubscribe from this group, send email to
    nodejs+un...@googlegroups.com <javascript:>
    For more options, visit this group at
    http://groups.google.com/group/nodejs?hl=en?hl=en
    <http://groups.google.com/group/nodejs?hl=en?hl=en>

    --
    Job Board: http://jobs.nodejs.org/
    Posting guidelines:
    https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
    You received this message because you are subscribed to the Google
    Groups "nodejs" group.
    To post to this group, send email to nodejs@googlegroups.com
    To unsubscribe from this group, send email to
    nodejs+unsubscribe@googlegroups.com
    For more options, visit this group at
    http://groups.google.com/group/nodejs?hl=en?hl=en
    --
    Job Board: http://jobs.nodejs.org/
    Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
    You received this message because you are subscribed to the Google
    Groups "nodejs" group.
    To post to this group, send email to nodejs@googlegroups.com
    To unsubscribe from this group, send email to
    nodejs+unsubscribe@googlegroups.com
    For more options, visit this group at
    http://groups.google.com/group/nodejs?hl=en?hl=en

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupnodejs @
categoriesnodejs
postedOct 25, '12 at 10:41a
activeOct 29, '12 at 10:07a
posts10
users5
websitenodejs.org
irc#node.js

5 users in discussion

Gng: 4 posts Greelgorke: 2 posts Dan Milon: 2 posts Angel Java Lopez: 1 post Mscdex: 1 post

Content

People

Support

Translate

site design / logo © 2022 Grokbase