how to implement digest authentication for httpserver by poco

Question

Im a newbie in POCO library and webapi also

I want to create a HTTP server that is provide APIs can be requested from client. In getinfo APIs i want to add digest authentication for my HTTP server. I tried requireAuthentication() function but i dont know how to get username and password from the login form. I read about Poco/Net/HTTPDigestCredentials class also but class member function just accept HTTPRequest type not HTTPServerRequest type. Anyone know how to implement digest authentication for httpserver by poco pls help me.

Thanks a lot.

This is my code:

#include <iostream>
#include <vector>
#include <Poco/Util/ServerApplication.h>
#include <Poco/Net/ServerSocket.h>
#include <Poco/Net/HTTPServer.h>
#include <Poco/Net/HTTPRequestHandlerFactory.h>
#include <Poco/Net/HTTPRequestHandler.h>
#include <Poco/Net/HTTPServerRequest.h>
#include <Poco/Net/HTTPServerResponse.h>
#include <Poco/Net/HTTPDigestCredentials.h>
#include <Poco/Net/HTTPAuthenticationParams.h>

using namespace std;

class Ping : public Poco::Net::HTTPRequestHandler
{
public:
    void handleRequest(Poco::Net::HTTPServerRequest &request, Poco::Net::HTTPServerResponse &response)
    {
        response.setChunkedTransferEncoding(true);
        response.setContentType("application/json");

        std::ostream &responseStream = response.send();
        responseStream << request.get("Host");

        responseStream << "{\"status\":\"200\",\"message\":\"OK\"}";
        responseStream.flush();
    };
};

class getinfo : public Poco::Net::HTTPRequestHandler
{
private:
public:
    void handleRequest(Poco::Net::HTTPServerRequest &request, Poco::Net::HTTPServerResponse &response)
    {
        response.requireAuthentication("bsc");
        response.setChunkedTransferEncoding(true);
        response.setContentType("text/html");

        std::ostream &responseStream = response.send();
    };
};

class HandlerFactory : public Poco::Net::HTTPRequestHandlerFactory
{
public:
    Poco::Net::HTTPRequestHandler *createRequestHandler(const Poco::Net::HTTPServerRequest &request)
    {
        if (request.getMethod() == Poco::Net::HTTPServerRequest::HTTP_GET)
        {

            if (request.getURI() == "/ping")
            {

                return new Ping();
            }

            if (request.getURI() == "/app/getinfo")
            {

                return new getinfo;
            }
        }
    }
};

// Server  Application
class MyWebHTTPServerApplication : public Poco::Util::ServerApplication
{
protected:
    int main(const std::vector<std::string> &args)
    {

        Poco::UInt16 port = 9999;

        Poco::Net::ServerSocket socket(port);

        Poco::Net::HTTPServerParams *pParams = new Poco::Net::HTTPServerParams();

        pParams->setMaxQueued(100);

        pParams->setMaxThreads(16);

        Poco::Net::HTTPServer server(new HandlerFactory(), socket, pParams);

        server.start();

        waitForTerminationRequest();

        server.stop();

        return EXIT_OK;
    }
};

POCO_SERVER_MAIN(MyWebHTTPServerApplication);

Answer 1

i dont know how to get username and password from the login form

You don't - the point of digest access authentication is not to send password in clear text. You have to send a request first, get back a 401 with a nonce , which you then use for hashing username, realm and password. See this answer or Wikipedia for details.

See HTTPCredentialsTest on how to use Poco::Net::HTTPDigestCredentials