Presentation is loading. Please wait.

Presentation is loading. Please wait.

Browser Web Server Users DB 2a. Redirect to login page plugin 1. access a protected page Login Web Server (https) aislogin.cern.ch edh.cern.ch 3a. Set.

Published byRaymond Summers Modified over 8 years ago

Similar presentations

Presentation on theme: "Browser Web Server Users DB 2a. Redirect to login page plugin 1. access a protected page Login Web Server (https) aislogin.cern.ch edh.cern.ch 3a. Set."— Presentation transcript:

1 Browser Web Server Users DB 2a. Redirect to login page plugin 1. access a protected page Login Web Server (https) aislogin.cern.ch edh.cern.ch 3a. Set login cookie; redirect back to the protected page 2b. Redirect to login page 3b. Access the protected page again; send login cookie Login Process Users DB copy

2 AA3A256BF06038A190D903B3A2ED8F5D79F428006D4ACAEF4AC 25A97046DC4BA5C2AE67B8BBB6C6508C0406C64E3331E8C4DB0 A86CE4B4CE1A1EC7B96F7EC640704A5A4BFE7D4FE7FB96E6D6C 57F346D914BEA2D8BAFDD62D2CA811532572C7B952B1F73 /*200 chars*/ typedef struct { UINT4 cksum; UINT4 dateOfIssue; UINT4 IP; UINT4 HRId; UINT4 CERNId; char username[27]; char language; unsigned char version; unsigned char flags[40]; }; /* 89 bytes */ 1.Verify username & password create MD5 hash and check against database get other user information (CERNID, PERSONID, IP, ….) 2. Encrypt user information Private Key 3. Set AI_SESSION cookie Set-Cookie: AI_SESSION=8E6EF5CA5F5602E2D13DA53349FAD84907B8F100A84DAA8A1B3F2DE40B01A21396554EF 439941F576D470827999A83E9CAB124F2FFBB1F96336D2B07C3B5F63E12E826A9055F4EBB652AAE4FF43AAB2CC842D CA076B5C7944D79CC410CBA4006154409B1; path=/; domain=.cern.ch 4. Verify that browser accepts cookies 800 bits Login application

3 AA3A256BF06038A190D903B3A2ED8F5D79F42800 6D4ACAEF4AC25A97046DC4BA5C2AE67B8BBB6C65 08C0406C64E3331E8C4DB0A86CE4B4CE1A1EC7B9 6F7EC640704A5A4BFE7D4FE7FB96E6D6C57F346D 914BEA2D8BAFDD62D2CA811532572C7B952B1F73 1. Verify and decrypt AI_SESSION cookie typedef struct { UINT4 cksum; UINT4 dateOfIssue; UINT4 IP; UINT4 HRId; UINT4 CERNId; char username[27]; char language; unsigned char version; unsigned char flags[40]; }; /* 89 bytes */ 2. If any errors, redirect to the login page 3. Create server-side cookies AI_USER=50070;AI_USERNAME=AWIECEK;AI_HRID=493034;AI_LANG=EN;AI_XRESOLUTION=0;AI_YRESOLUTION=0 Public Key Webserver Plugin Operation

4 GET http://aisws7.cern.ch/protected/showcookies User-Agent: lwp-request/1.37 302 AIS login required Connection: close Date: Thu, 21 Sep 2000 04:28:43 GMT Location: https://aislogin.cern.ch/login-servlet/Login?REFER=http://aisws7.cern.ch/protected/showcookies Server: Netscape-Enterprise/3.6 SP3 Client-Date: Thu, 21 Sep 2000 04:28:43 GMT Client-Peer: 137.138.180.19:80 An Error Occurred An Error Occurred 302 AIS login required BROWSER request WEBSERVER response Login step 1

5 GET https://aislogin.cern.ch/login-servlet/Login?REFER=http://aisws7.cern.ch/protected/showcookies User-Agent: lwp-request/1.37 200 OK Cache-Control: no-cache Date: 21 Sep 2000 04:26:12 GMT Pragma: No-cache Server: Netscape-Enterprise/3.6 SP2 ServletExecWAI/2.1 Content-Type: text/html; charset=iso-8859-1 Expires: Thu, 01 Jan 1970 00:00:00 GMT Client-Date: Thu, 21 Sep 2000 04:28:44 GMT Client-Peer: 137.138.25.20:443 Client-SSL-Cert-Issuer: /C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority Client-SSL-Cert-Subject: /C=CH/SP=Switzerland/L=Geneva/O=CERN/OU=AS-SAS/CN=aislogin.cern.ch Client-SSL-Cipher: EXP-RC4-MD5 Client-SSL-Warning: Peer certificate not verified MIME-Version: 1.0 Title: Common Login Common Login. BROWSER request WEBSERVER response Login step 2

6 POST https://aislogin.cern.ch/login-servlet/Login?REFER=http://aisws7.cern.ch/protected/showcookies User-Agent: lwp-request/1.37 Content-Length: 47 Content-Type: application/x-www-form-urlencoded 302 Moved temporarily Date: 21 Sep 2000 04:26:13 GMT Location: CheckLogin?REFER=http://aisws7.cern.ch/protected/showcookies Server: Netscape-Enterprise/3.6 SP2 ServletExecWAI/2.1 Content-Type: text/html Client-Date: Thu, 21 Sep 2000 04:28:45 GMT Client-Peer: 137.138.25.20:443 Client-SSL-Cert-Issuer: /C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority Client-SSL-Cert-Subject: /C=CH/SP=Switzerland/L=Geneva/O=CERN/OU=AS-SAS/CN=aislogin.cern.ch Client-SSL-Cipher: EXP-RC4-MD5 Client-SSL-Warning: Peer certificate not verified MIME-Version: 1.0 Set-Cookie: AI_SESSION=8E6EF5CA5F5602E2D13DA53349FAD84907B8F100A84DAA8A1B3F2DE40B01A21396554EF439941F576D470827999A83E9CA B124F2FFBB1F96336D2B07C3B5F63E12E826A9055F4EBB652AAE4FF43AAB2CC842DCA076B5C7944D79CC410CBA4006154409B1; path=/; domain=.cern.ch Set-Cookie: SECURE_LOGIN=1; expires=Sat, 22-Nov-2003 14:12:52 GMT; path=/; domain=.cern.ch BROWSER request WEBSERVER response Login step 3

7 GET https://aislogin.cern.ch/login-servlet/CheckLogin?REFER=http://aisws7.cern.ch/protected/showcookies User-Agent: lwp-request/1.37 Cookie: AI_SESSION=AA3A256BF06038A190D903B3A2ED8F5D79F428006D4ACAEF4AC25A97046DC4BA5C2AE67B8BBB6C6508C0406C64E3331 E8C4DB0A86CE4B4CE1A1EC7B96F7EC640704A5A4BFE7D4FE7FB96E6D6C57F346D914BEA2D8BAFDD62D2CA811532572C7B952B1F73 200 OK Cache-Control: no-cache Date: 21 Sep 2000 04:26:14 GMT Pragma: No-cache Server: Netscape-Enterprise/3.6 SP2 ServletExecWAI/2.1 Content-Type: text/html; charset=iso-8859-1 Expires: Thu, 01 Jan 1970 00:00:00 GMT Client-Date: Thu, 21 Sep 2000 04:28:46 GMT Client-Peer: 137.138.25.20:443 Client-SSL-Cert-Issuer: /C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority Client-SSL-Cert-Subject: /C=CH/SP=Switzerland/L=Geneva/O=CERN/OU=AS-SAS/CN=aislogin.cern.ch Client-SSL-Cipher: EXP-RC4-MD5 Client-SSL-Warning: Peer certificate not verified MIME-Version: 1.0 Title: Login Succeeded Login Succeeded You may now proceed to http://aisws7.cern.ch/protected/showcookies BROWSER request WEBSERVER response Login step 4

8 GET http://aisws7.cern.ch/protected/showcookies User-Agent: lwp-request/1.37 Cookie: AI_SESSION=AA3A256BF06038A190D903B3A2ED8F5D79F428006D4ACAEF4AC25A97046DC4BA5C2AE67B8BBB6C6508C0406C64E3331 E8C4DB0A86CE4B4CE1A1EC7B96F7EC640704A5A4BFE7D4FE7FB96E6D6C57F346D914BEA2D8BAFDD62D2CA811532572C7B952B1F73 200 OK Connection: close Date: Thu, 21 Sep 2000 04:28:47 GMT Server: Netscape-Enterprise/3.6 SP3 Content-Type: text/html Client-Date: Thu, 21 Sep 2000 04:28:47 GMT Client-Peer: 137.138.180.19:80 Cookies: AI_SESSION=AA3A256BF06038A190D903B3A2ED8F5D79F428006D4ACAEF4AC25A97046DC4BA5C2AE67B8BBB6C6508C0406C64E3331 E8C4DB0A86CE4B4CE1A1EC7B96F7EC640704A5A4BFE7D4FE7FB96E6D6C57F346D914BEA2D8BAFDD62D2CA811532572C7B952B1F73; AI_USER=50070; AI_USERNAME=AWIECEK; AI_HRID=493034; AI_LANG=EN; AI_XRESOLUTION=0; AI_YRESOLUTION=0 BROWSER request WEBSERVER response Login step 5

9 GET http://aisws7.cern.ch/not-protected/showcookies User-Agent: lwp-request/1.37 Cookie: AI_SESSION=AA3A256BF06038A190D903B3A2ED8F5D79F428006D4ACAEF4AC25A97046DC4BA5C2AE67B8BBB6C6508C0406C64E3331 E8C4DB0A86CE4B4CE1A1EC7B96F7EC640704A5A4BFE7D4FE7FB96E6D6C57F346D914BEA2D8BAFDD62D2CA811532572C7B952B1F73 200 OK Connection: close Date: Thu, 21 Sep 2000 04:28:47 GMT Server: Netscape-Enterprise/3.6 SP3 Content-Type: text/html Client-Date: Thu, 21 Sep 2000 04:28:47 GMT Client-Peer: 137.138.180.19:80 Cookies: AI_SESSION=AA3A256BF06038A190D903B3A2ED8F5D79F428006D4ACAEF4AC25A97046DC4BA5C2AE67B8BBB6C6508C0406C64E3331 E8C4DB0A86CE4B4CE1A1EC7B96F7EC640704A5A4BFE7D4FE7FB96E6D6C57F346D914BEA2D8BAFDD62D2CA811532572C7B952B1F73; BROWSER request WEBSERVER response Login step 6

10 Features: Any cookie-enabled browser Password is requested only once and encrypted (SSL) Does not use standard HTTP authentication Supports HTTP & HTTPS Supports clients inside and outside of CERN Does authentication only, authorization is handled by applications Requires a Web Server plugin The AIS Common Login

Download ppt "Browser Web Server Users DB 2a. Redirect to login page plugin 1. access a protected page Login Web Server (https) aislogin.cern.ch edh.cern.ch 3a. Set."

Similar presentations

Presenter: James Huang Date: Sept. 29, 2014 1.  HTTP and WWW  Bottle Web Framework  Request Routing  Sending Static Files  Handling HTML  HTTP Errors.

Presenter: James Huang Date: Sept. 29,  HTTP and WWW  Bottle Web Framework  Request Routing  Sending Static Files  Handling HTML  HTTP Errors.
World Wide Web Basics Original version by Carolyn Watters (Dalhousie U. Computer Science)

World Wide Web Basics Original version by Carolyn Watters (Dalhousie U. Computer Science)
HTTP HyperText Transfer Protocol. HTTP Uses TCP as its underlying transport protocol Uses port 80 Stateless protocol (i.e. HTTP Server maintains no information.

HTTP HyperText Transfer Protocol. HTTP Uses TCP as its underlying transport protocol Uses port 80 Stateless protocol (i.e. HTTP Server maintains no information.
HTTP – HyperText Transfer Protocol

HTTP – HyperText Transfer Protocol
Web basics HTTP –http://www.ietf.org/rfc/rfc2616.txt –http://www2002.org/CDROM/refereed/444/ URI/L/Ns –http://www.ietf.org/rfc/rfc2396.txt HTML –http://www.w3.org/TR/html401/

Web basics HTTP – – URI/L/Ns – HTML –
CS320 Web and Internet Programming Generating HTTP Responses

CS320 Web and Internet Programming Generating HTTP Responses
16-Jun-15 HTTP Hypertext Transfer Protocol. 2 HTTP messages HTTP is the language that web clients and web servers use to talk to each other HTTP is largely.

16-Jun-15 HTTP Hypertext Transfer Protocol. 2 HTTP messages HTTP is the language that web clients and web servers use to talk to each other HTTP is largely.
CS 105 – Introduction to the World Wide Web  HTTP Request*  Domain Name Translation  Routing  HTTP Response*  Privacy and Cryptography  Adapted.

CS 105 – Introduction to the World Wide Web  HTTP Request*  Domain Name Translation  Routing  HTTP Response*  Privacy and Cryptography  Adapted.
HTTP Hypertext Transfer Protocol. HTTP messages HTTP is the language that web clients and web servers use to talk to each other –HTTP is largely “under.

HTTP Hypertext Transfer Protocol. HTTP messages HTTP is the language that web clients and web servers use to talk to each other –HTTP is largely “under.
How the web works: HTTP and CGI explained

How the web works: HTTP and CGI explained
HTTP Presented By: Holly Mortinson Amy Drout Kyle Balmer & Matt Conklin.

HTTP Presented By: Holly Mortinson Amy Drout Kyle Balmer & Matt Conklin.
HTTP Exercise 01. Three Internet Protocols IP TCP HTTP Routes messages thru “Inter-network “ 2-way Connection between programs on 2 computers So they.

HTTP Exercise 01. Three Internet Protocols IP TCP HTTP Routes messages thru “Inter-network “ 2-way Connection between programs on 2 computers So they.
Web, HTTP and Web Caching

Web, HTTP and Web Caching
2/9/2004 Web and HTTP February 9, 2004. 2/9/2004 Assignments Due – Reading and Warmup Work on Message of the Day.

2/9/2004 Web and HTTP February 9, /9/2004 Assignments Due – Reading and Warmup Work on Message of the Day.
Hypertext Transport Protocol CS - 328 Dick Steflik.

Hypertext Transport Protocol CS Dick Steflik.
 What is it ? What is it ?  URI,URN,URL URI,URN,URL  HTTP – methods HTTP – methods  HTTP Request Packets HTTP Request Packets  HTTP Request Headers.

 What is it ? What is it ?  URI,URN,URL URI,URN,URL  HTTP – methods HTTP – methods  HTTP Request Packets HTTP Request Packets  HTTP Request Headers.
MEC 2014 4/19/2017 7:51 PM © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.

MEC /19/2017 7:51 PM © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.
Session 11: Security with ASP.NET

Session 11: Security with ASP.NET
Cross-Site Scripting Vulnerabilities Adam Doupé 11/24/2014.

Cross-Site Scripting Vulnerabilities Adam Doupé 11/24/2014.
Java Technology and Applications

Java Technology and Applications

Similar presentations

Ads by Google