Presentation is loading. Please wait.

Presentation is loading. Please wait.

Web Server Design Assignment #4: Authentication Due: 04/14/2010 Old Dominion University Department of Computer Science CS 495/595 Spring 2010 Martin Klein.

Similar presentations


Presentation on theme: "Web Server Design Assignment #4: Authentication Due: 04/14/2010 Old Dominion University Department of Computer Science CS 495/595 Spring 2010 Martin Klein."— Presentation transcript:

1 Web Server Design Assignment #4: Authentication Due: 04/14/2010 Old Dominion University Department of Computer Science CS 495/595 Spring 2010 Martin Klein

2 Grading To be done by an automated program that will test most (all?) combinations –assignment is listed under the day it is to be demoed in class –each group will give a 3-4 minute status report the week before an assignment is due! If you have a question: –email the class list –mimic the behavior of a well known Apache server (e.g., www.cs.odu.edu)

3 Methods to Support Same as assignments 1-3

4 Status Codes to Support Same as assignments 1-3, plus: –401 Unauthorized

5 Request Headers Same as assignments 1-3, plus –Authorization

6 Response Headers Same as assignments 1 -3, plus: –WWW-Authenticate –Authorization-Info

7 MIME Types, Encodings, etc. All of these as per assignments 1-3: –MIME types –Encoding types –Character sets –Languages

8 Authentication Implement Basic & Digest authentication as per RFC 2617 and Lectures 10 & 11 I’ll construct cnonces like this: –md5(timestamp:method:URI:user:passwd)

9 Specifying Authentication Protection In your server configuration file: –provide private key (any word or phrase) to use in generate nonce & opaque values (yes, this is not the safest way to do this…) –provide a configurable value for how to protect directories: name = “WeMustProtectThisHouse!” –http://www.youtube.com/watch?v=dnECY26PSHkhttp://www.youtube.com/watch?v=dnECY26PSHk all functions combined in a single file for simplicity (you would normally separate them) this file protects the directory it is in, and recursively protects all of its sub-directories

10 WeMustProtectThisHouse! Format (Basic) % cat WeMustProtectThisHouse\! # # Hashed lines are comments # order is not important, but here are # two special lines: # authorization-type=Basic realm=“Folks-Stevens Indoor Tennis Center” # always quote realm since it might have spaces # # user format = name:md5(password) # mklein:d3b07384d113edec49eaa6238ad5ff00 bda:c157a79031e1c40f85931829bc5fc552 jbollen:66e0459d0abbc8cd8bd9a88cd226a9b2

11 WeMustProtectThisHouse! Format (Digest) % cat WeMustProtectThisHouse\! # # Hashed lines are comments # order is not important, but here are # two special lines: # authorization-type=Digest realm=“Colonial Place” # always quote realm since it might have spaces # # user format = name:md5(name:realm:password) # mklein:Colonial Place:53bbb5135e0f39c1eb54804a66a95f08 bda:Colonial Place:b8e13248f7bb96682093c850d5c7da46 jbollen:Colonial Place:c5d7f97a6ac34b393ba2d252c7331d5a

12 Keep in mind: Status report in 1 week!

13 START NOW!!!


Download ppt "Web Server Design Assignment #4: Authentication Due: 04/14/2010 Old Dominion University Department of Computer Science CS 495/595 Spring 2010 Martin Klein."

Similar presentations


Ads by Google