Announcement

Collapse
No announcement yet.

WEB API access authentication

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • WEB API access authentication

    Ttested the function of custom WEB using WEB API.
    We'd like to impliment custom web access without administor authentication.

    Please find the file below lins.
    https://drive.google.com/drive/u/0/f...Up2VFdSYlNQRE0



    1) Made http folder
    2) Made setting folder in http folder
    3) put serialconnection.html file on setting folder
    4) I also put xpwLib.js on Setting folder
    5) I set security value below
    URI : /fs
    Auth Type ; none
    User level User

    URI : /http/setting
    Auth Type ; none
    User level User

    URI : /http
    Auth Type ; none
    User level User
    6) try to access serialconnection web
    192.168.21.21/setting/serialconnection.html
    7) xPico200 request to put in ID and Password.
    8) I put ID:admin, PW: PASSWORD. I can access to custom web.

    So it seem that administrator login required to access customer web and using WEB API

    Are there any setting to access without admin authentication, Please let me know and advise.



  • #2
    Set the URI to just /setting not /http/setting

    You can remove the other 2 URIs. The URI only needs to be the path from the web server view, not the filesystem root.

    Comment


    • #3
      I set only /setting. and remove another URI.
      /setting

      After that, do not need administrator login. but it seem that webserver cannot access to xpwLib.js

      file system is below
      /http/setting/serialconnection.html
      /http/xpwLib.js

      below is in serialconnection.html file.

      <head>
      <script src="xpwLib.js"></script>
      </head>
      <body>


      I moved xpwLib.js file to setting folder like below.
      /http/setting/serialconnection.html
      /http/setting/xpwLib.js

      and change the head of html file like below.
      <head>
      <script src="../xpwLib.js"></script>
      </head>
      <body>

      in this case, web server can access to xpwLib.js file but we need to do the administrator login to access customer web(serialconnection.html).

      Do you have any idea?



      Comment


      • #4
        I tested again below condition

        I set /setting as http server security setting.
        /setting
        none
        User

        file system is below
        /http/setting/serialconnection.html
        /http/setting/xpwLib.js


        When I accessed serialconnection.html, Need administrator access.

        I guess that I can access srialconnection.html without authentication, but I guess that serialconnection.html file cannot access to xpwLib.js without authentication.


        Comment


        • #5
          What happens if in serialconnection.html, you set:

          <head>
          <script src="/setting/xpwLib.js"></script>
          </head>
          <body>

          Comment


          • #6
            Same phenomenon.
            It is required logged in as administrator.

            I add "guest" user as user privilege.

            HTTP Server security setting is
            /setting
            None
            User

            File system is
            http/setting/serialconnection.html
            http/setting/xpwLib.js

            in serialconnection.html file, I changed like below.

            <head>
            <script src="/setting/xpwLib.js"></script>
            </head>

            Comment


            • #7
              Depending on which functions of xpwLib.js you are using, it could require access to other URIs, such as /import/config, or / for QuickConnect.

              You should run the browser's developer tools or Wireshark to see what URI the browser is trying to access prior to asking for credentials.

              Comment


              • #8
                I tested WEB-serial sample code (serial.html). In this code, need authentication.

                http://wiki.lantronix.com/developer/...WebAPItoDevice



                Comment


                • #9
                  Yes, because you don't have /action/status set without authentication.

                  If you don't want authentication for any web pages, then set the URI to / and authentication to None.

                  Comment


                  • #10
                    I know when we set / to URI and set None to Auth type, authentication is not need to web access.
                    But in this case we can access to WEB Manager without authentication.

                    Our customer
                    WEB Manager access: access with authentication
                    Custom WEB : access without authentication

                    I think that if we use WEBAPI, I cannot access custom web without authentication. Is it right?



                    Comment


                    • #11
                      The WebAPI has multiple URIs that are used, depending on which functions you need. The documentation is here:
                      https://docs.lantronix.com/products/...0/web-api-ref/

                      If you want to use WebAPI functions without authentication, then those URIs need to be configured that way, and you can leave / with authentication.

                      Another way to understand what you are using is to use the developer tools built into Chrome or Firefox browsers and see what URIs your webpage is trying to access.

                      Comment

                      Working...
                      X