• No results found

HTTP Authentifizierung

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "HTTP Authentifizierung"

Copied!
22
0
0

Loading.... (view fulltext now)

Download now ( 22 Page )

Full text

(1)

www.ict.tuwien.ac.at

HTTP Authentifizierung

Valentin Lein Matr. Nr. 0526536

(2)

www.ict.tuwien.ac.at

Inhalt

§

HTTP Basic Authentication

(3)

www.ict.tuwien.ac.at

HTTP Basic Authentication

§

Internet Engineering Task Force (IETF): RFC 2617

HTTP Authentication: Basic and Digest Access Authentication

§

Client muss sich beim Server Authentifizieren

(4)

www.ict.tuwien.ac.at

HTTP Basic Authentication - Ablauf

1: Request

2: 401 Unauthorized WWW-Authenticate: Basic

3: GET Authorization: Basic Base64-Message 5: 200 Ok

(5)

www.ict.tuwien.ac.at

Request

Hypertext Transfer Protocol

GET /skripten/FeTo/online2002/index.html HTTP/1.1 Host: www.ict.tuwien.ac.at

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; de; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: de-de,de;q=0.8,en-us;q=0.5,en;q=0.3 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Connection: keep-alive Referer: http://www.ict.tuwien.ac.at/skripten/FeTo/

(6)

www.ict.tuwien.ac.at

Authentification Required

Hypertext Transfer Protocol

HTTP/1.1 401 Authorization Required Request Version: HTTP/1.1

Response Code: 401

Date: Mon, 13 Dec 2010 15:42:14 GMT Server: Apache

WWW-Authenticate: Basic realm="FeTo"

Content-Length: 519

Keep-Alive: timeout=15, max=100 Connection: Keep-Alive

Content-Type: text/html; charset=iso-8859-1 Line-based text data: text/html

(7)

www.ict.tuwien.ac.at

Aufforderung des Users zur

Authentifikation

(8)

www.ict.tuwien.ac.at

Authentifikation des Clients

Hypertext Transfer Protocol

GET /skripten/FeTo/online2002/index.html HTTP/1.1

Request Method: GET

Request URI: /skripten/FeTo/online2002/index.html Request Version: HTTP/1.1

Host: www.ict.tuwien.ac.at

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; de; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: de-de,de;q=0.8,en-us;q=0.5,en;q=0.3 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.ict.tuwien.ac.at/skripten/FeTo/ Authorization: Basic ZmV0bzpmZXRv Credentials: feto:feto

(9)

www.ict.tuwien.ac.at

Response OK

Hypertext Transfer Protocol

HTTP/1.1 200 OK

Request Version: HTTP/1.1 Response Code: 200

Date: Mon, 13 Dec 2010 15:42:14 GMT Server: Apache

Last-Modified: Mon, 07 Jun 2004 10:43:32 GMT ETag: "5542b9-421-3dc42f1c05d00"

Accept-Ranges: bytes Content-Length: 1057

[Content length: 1057]

Keep-Alive: timeout=15, max=99 Connection: Keep-Alive

Content-Type: text/html

(10)

www.ict.tuwien.ac.at

Alternativen zu Basic Authentication

§

HTTP+HTML Form-Based Authentication

§

Digest Access Authentication

(11)

www.ict.tuwien.ac.at

HTTP+HTML Form-Based Authentication

1: Request

2: HTML Form:username?, password?, "login“ button 3: From data: username, password

5: Ok

(12)

www.ict.tuwien.ac.at

Digest Access Authentication

§

Wie Basic Authentication im IETF: RFC 2617

§

Client muss beim Authentifizieren MD5 Verschlüsselung verwenden

(13)

www.ict.tuwien.ac.at

Bsp. aus RFC 2617

§

http://www.nowhere.org/dir/index.html

§

Username: "Mufasa“

(14)

www.ict.tuwien.ac.at

Authentification Required

HTTP/1.1 401 Unauthorized

WWW-Authenticate: Digest realm="testrealm@host.com", qop="auth,auth-int„,

nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093", opaque="5ccc069c403ebaf9f0171e9517f40e41„ Content-Type: text/html

(15)

www.ict.tuwien.ac.at

Aufforderung des Users zur

Authentifikation

Mufasa

(16)

www.ict.tuwien.ac.at

Berechnung der Response

§

1. Der MD5 hash der Kombination: Username, Authentication realm und Password wird berechnet => HA1.

§

2. Der MD5 hash der Kombination: method und digest URI wird berechnet, hier "GET" und "/dir/index.html". => HA2.

§

3. Der MD5 hash des HA1, server nonce (nonce), request

counter (nc), client nonce (cnonce), quality of protection code (qop) und HA2 wird berechnet =>"response"

(17)

www.ict.tuwien.ac.at

Authentifikation des Clients

Authorization: Digest username="Mufasa",

realm="testrealm@host.com", nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093", uri="/dir/index.html", qop=auth, nc=00000001, cnonce="0a4f113b", response="6629fae49393a05397450978507c4ef1", opaque="5ccc069c403ebaf9f0171e9517f40e41„

(18)

www.ict.tuwien.ac.at

Server response OK

HTTP/1.0 200 OK Server: HTTPd/0.9

Date: Sun, 10 Apr 2005 20:27:03 GMT Content-Type: text/html

(19)

www.ict.tuwien.ac.at

NTLM (NT LAN Manager) Authentication

§

Challenge-Response-Authentifizierung

§

Ursprünglich proprietäres Protokoll von Microsoft seit 2007 veröffentlicht

(20)

www.ict.tuwien.ac.at

NTLM Authentication

1: GET

2: 401 Unauthorized WWW-Authenticate: NTLM

3: GET Authorization: NTLM base64-encoded username

4: 401 Unauthorized WWW-Authenticate:

NTLM <base64-encoded type-2-message> Challenge

5: GET Authorization: NTLM

<base64-encoded type-3-message> hashed Challenge

6: 200 Ok

(21)

www.ict.tuwien.ac.at

(22)

www.ict.tuwien.ac.at

Quellen:

§

Basic und Digest Access Authentication

http://tools.ietf.org/html/rfc2617

§

NTLM Authentication

References

Download now ( PDF - 22 Page - 815.04 KB )

Related documents

Place Identity: Assessing Individual's Preferences and Perceptions of Residential Characteristics.

6.1.1 Discussion of Research Question 1: Moderation Effect of Urbanism, Historicism, and Millennial Generation on the Relationship between Perception of Residential Functions

CHANGING TIDES NAVIGATING TODAY S EVOLVING ART ECOLOGY. REBECCA TAYLOR Executive Vice President FITZ & CO

THE ART WORLD ECOSYSTEM OF TODAY | CRISIS ACCOUNTABILITY CRISIS CORPORATE SPONSORS VISITORS MEMBERS DONORS / COUNCIL MEMBERS TRUSTEES GOVERNMENT OFFICIALS GRANTMAKING

DELEGATING LOG MANAGEMENT TO THE CLOUD USING SECURE LOGGING

Using the anonymous communication channel, the logging monitor send log data to the logging cloud .None of the values in the upload message individually or in

Fully Static and Compressed Topology Using Power Saving in Digital circuits for Reduced Transistor Flip flop

The power of the FF is mostly dissipated in the operation of clock-related transistors, and reduction of transistor count is effective to avoid cell area increase

Enhancement Of Load Balancing For Dynamic Loads Using D-Ststcom

One controller is used to get the amplitude of the in-phase components of reference supply currents (Ispdr),while the other PI controller is exploited to calculate the amplitude

On The Nature Of The Higgs Boson

In conclusion, theoretical arguments and experimental evidence ensure that no particles of the standard model are fakeons, apart from possibly the Higgs boson and the top quark,

Quantitative MRI correlates of hippocampal and neocortical pathology in intractable temporal lobe epilepsy

3.2 Landmark placement for in-vivo to ex-vivo registration of hippocampal specimens. a) An example hippocampus be- fore grossing. b) Surface rendering of the ex-vivo MR of the

Automation for Instrument Cluster Panel Testing Using Machine Vision and NI-PXI Hardware-In-the-Loop

The machine vision system with image algorithm to read data present in the instrument cluster panel like speed, fuel level, telltale and text message for fully automated closed