Secure Website in Chrome Kiosk Mode
Question
I have a little Node app on heroku. It's embedded in a Chrome kiosk app .
I would like the app to only be accessible on the Chromebooks that have it installed in kiosk mode.
I've tried HTTP authentication, but after I put in my password and username, the app never loads. However this is also not ideal in the first place, as I would like to avoid requiring a password on the Chromebook.
Any ideas?
2 answers
solution1
6 2015-12-04 23:30:24
If you provision the chromebooks yourself, you might be able to use TLS client authentication.
You would install an ssl certificate on the chromebook once which you can then use to authenticate to the web server. A nodejs example can be found here http://nategood.com/nodejs-ssl-client-cert-auth-api-rest
There is also a passport.js module for this https://github.com/ripjar/passport-client-cert
In theory a user can install the certificate on his own, he would get a message asking him to confirm the installation of the certificate, hit okay and that's it.
But be aware, that the certificate can easily be extracted from the chromebook via the settings.
solution2
5 2015-12-06 05:43:05
If I understand correctly, you want to make your website only accessible from the chromebooks you configured. Please clarify if this is not what you meant.
Then you can have a landing page (can require authentication) that generates a random token for your chromebooks on first run only. Store this token in a cookie or local storage, and send it every time the app runs to verify on the server.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.