02-24-2013 01:23 PM
Hi!
I followed this procedure to password protect my web service and the static files.
http://digital.ni.com/public.nsf/allkb/DF41D5DA8EEB4840862577D90058C208
When testing it out with my web service it seems to work fine on any web browser. http://localhost:8080/add/add/1/2 first will present a login. Once the user is logged in the page refreshes and the results of the operation are shown. http://localhost:8080/logout works as well.
I followed the procedure in the FAQ to include an index.html file.
http://www.ni.com/white-paper/7747/en#toc15
When I try to access the page (via http:localhost:8080/add/web/index.html) I'm greeted with the National Instruments login screen. I enter my credentials and in Chrome and Internet Explorer the screen refreshes and I see my html file. In Firefox it hangs for awhile on the authentication screen and then reloads back to the authenticaiton screen (as if the username and password did not take).
Attached are my files. If you want to try and recreate this please follow this procedure:
* Unzip the attached project to a folder
* Open the project in LabVIEW 2012
* Check the properties of the web service to ensure that the build paths are correct
* Follow the procedure above for setting up NI Auth on your web service and adding the "testpermission2" permission. Be sure to remove "Everyone" from that "testpermission2" or you will never see a login prompt.
* Build/Deploy the web service
* open http://localhost:8080/logout to ensure that you are not currently authenticated
* open http://localhost:8080/add/add/1/2 and login, observe behavior
* open http://localhost:8080/add/web/index.html you should still be logged in so you will see the "Hello World!" just fine
* open http://localhost:8080/logout to log back out
* open http://localhost:8080/add/web/index.html and see if you are able to login.
I've tried disabelling my plugins in Firefox and still have this problem. I'm really scratching my head on how to overcome this other than throwing away NI Auth and use something else. My web service is going to run off of a static front end driven by javascript and html. So the access point will be the html file. I need to have some username and password scheme worked out. I also need to be able to see what user is currently logged in with my Web Service VIs (does anyone know if that is possible with NI Auth)?
The other BIG issue I have with NI Auth is that it requires Silverlight. So much for mobile support, eh? Anyone know of a good plug-and-play alternative so I don't have to reinvent the wheel? I guess I could impliment some kind of token system on my web service side.
In the meantime, getting NI Auth to properly work with Firefox would help.
Thanks for your input,
-Nic
02-24-2013 02:46 PM
Sorry, I don't have any good ideas about your Firefox problem (though it would seem that Firefox is not conforming to some web standard) but if you need to get the details on who's logged into your current session you can use this VI:
http://zone.ni.com/reference/en-XX/help/371361J-01/lvcomm/get_auth_details/
It is definitely possible to create your own authentication scheme, though I'd be careful to make sure that your client side script encrypted the username and password before transmitting them.
02-24-2013 02:54 PM
Hi! Thanks for your reply.
The Get Auth Details appears to work for me. I staired at the paragraph that explained how to make a httpRequestID for a bit, but I finally understood what it was telling me to do... lol
So it does appear that NI Auth will work for me, and hopefully there will be some way to overcome this weird Firefox/Silverlight behavior. I connect to it from another machine with an earlier version of Firefox and experienced similar behavior. Once logged it through some other URL than the index.html file (like a web service response url), Firefox works fine after that. Also, if I hit refresh, i get the login again but if I put a ? at the end of the index.html in the url I get the html file. I think it is successfully logging me in, just not successfully bringing up the content of index.html after the login.
Is there anyway to change the login screen? I'd like to at least replace the NI graphic with my companies graphic that we would like to use for the service...
02-24-2013 02:56 PM
"It is definitely possible to create your own authentication scheme, though I'd be careful to make sure that your client side script encrypted the username and password before transmitting them."
Maybe I can just make a new login page (mobile friendly), but still uses NI Auth somehow... Seems like ultimately a good idea to use NI Auth because of the tight integration with LabVIEW. But I'm going to be sure to abstract it just incase I change my mind later.
Hrmmmmmm......
02-24-2013 04:37 PM - edited 02-24-2013 04:37 PM
Disclaimer: I in no way mean to bash NI and I have used NI Auth myself in the past
If you are going to go to the trouble of abstracting NI Auth, I would recommend instead investing your time in your own authentication scheme (or implementing a standard scheme in LV).
NI Auth is great and works for low security applications where you just don't want people fooling around with your application who shouldn't be.
However, NI Auth is really not that secure. If I remember correctly, the username is transmitted in plain text and I don't think the encryption algorithm is that sophisticated. It is nice that it's already integrated into LV, but there really are very few features at this time.
If you want something to be really secure, you need to take measures beyond what NI Auth provides and before you go to the work of building abstraction on top of a basic and somewhat shaky protocol, I'd seriously consider implementing a more stable base.
<insert 2 cents complete>
02-25-2013 09:11 AM
Yeah...I'm starting to realize that myself.
What gets me is that NI uses a Silverlight for a simple login form. What is NI's obsession with Silverlight lately? If Silverlight is good enough for NI maybe I should ditch LabVIEW and learn Silverlight....
02-25-2013 01:36 PM
Hi Nickerbocker,
It looks like this is a bug with how the server sends caching information to the browser. If you hold shift and refresh the index.html page after logging in you should see your HTML document again. I'm going to file a CAR to track this issue. Let me know if shift-refresh doesn't work for you.
02-25-2013 11:34 PM
NI Auth uses the Secure Remote Password protocol (SRP) for client authentication (see http://srp.stanford.edu/).
It's on the IETF standards track as a cryptographically secure authentication and key negotiation protocol (RFC 2945)
and is currently implemented in OpenSSL and GnuTLS for key exchange (RFC 5054), among other prominent projects.
It's quite secure when used with strong passwords and I recommend it over HTTP basic/digest auth or a custom solution.
02-26-2013 09:46 AM
Hi Haris, Thank you for your reply. I really don't know much about NI Auth except that:
1) It does not work properly with Firefox which is an extremely popular web browser.
2) The login screen is a Silverlight control which does not work on Mobile.
3) The login screen makes it look like the user is logging into the NI website and not my application.
Do you know if there is a way to over come those problems with NI Auth?
02-26-2013 09:50 AM
Hi, Thanks for helping me submit the bug properly to NI. Shift-F5 does not work. I'm just presented with the login screen again. Seems like the only way I can SEE the index.html static page is if I first try and access a Web Service directly, enter my credentials there and then navigate to my index.html page.
@pspangler wrote:
Hi Nickerbocker,
It looks like this is a bug with how the server sends caching information to the browser. If you hold shift and refresh the index.html page after logging in you should see your HTML document again. I'm going to file a CAR to track this issue. Let me know if shift-refresh doesn't work for you.