The CDP4 WebServices make use of Basic Authentication and has support for authentication cookies. When a user wants to make use of the CDP4 WebServices, this user must provide a username and password. The username and password must be added in the HEADER of the HTTP request. The key of the HTTP Header is: "Authorization", the value of the HTTP HEADER is the concatenation of the string "Basic" and the Base64 encoded string that is the result of the concatentation of the username and password, separated by a colon.
value = "Basic " + Base64Encode("username:password")
Notice the space between the word "Basic" and the encoded username and password.
It is important to realize that the encoded username and password are not encrypted and can easily be decifered. When the CDP4 WebServices are used in production and contain sensitive information, it is advised to NOT make use of HTTP but of HTTPS. The CDP4 WebServices do not support HTTPS by themselves, a reverse proxy such as nginx should be used to achieve this. By using nginx it is also possible to expose multiple instances of the CDP4 WebServices from the same server via port 80 (HTTP) or 443 (HTTPS) by forwarding the requests to the proper instance based on the hostname or URI of the request.
Last modified 1 year ago.