Chilkat HOME Android™ Classic ASP C C++ C# Mono C# .NET Core C# C# UWP/WinRT DataFlex Delphi ActiveX Delphi DLL Visual FoxPro Java Lianja MFC Objective-C Perl PHP ActiveX PHP Extension PowerBuilder PowerShell PureBasic CkPython Chilkat2-Python Ruby SQL Server Swift 2 Swift 3,4,5... Tcl Unicode C Unicode C++ Visual Basic 6.0 VB.NET VB.NET UWP/WinRT VBScript Xojo Plugin Node.js Excel Go
(MFC) HTTP Basic Auth with Secure StringsDemonstrates how to do HTTP basic authentication using secure strings. This example requires Chilkat v9.5.0.71 or greater.
#include <CkJsonObject.h> #include <CkCrypt2.h> #include <CkSecureString.h> #include <CkHttp.h> void ChilkatSample(void) { CkString strOut; // This example requires the Chilkat API to have been previously unlocked. // See Global Unlock Sample for sample code. bool success; // Imagine we've previously saved our encrypted login and password within a JSON config file // that contains this: // { // "http_login": "mCrOmA7mBA7Au9RuJGb9hw==", // "http_password": "jJtiI9TgErTTpqBz9JtHBw==" // } CkJsonObject json; json.LoadFile("qa_data/passwords/http.json"); CkCrypt2 crypt; // These are the encryption settings we previously used to encrypt the credentials within the JSON config file. crypt.put_CryptAlgorithm("aes"); crypt.put_CipherMode("cbc"); crypt.put_KeyLength(128); crypt.SetEncodedKey("000102030405060708090A0B0C0D0E0F","hex"); crypt.SetEncodedIV("000102030405060708090A0B0C0D0E0F","hex"); crypt.put_EncodingMode("base64"); CkSecureString ssLogin; CkSecureString ssPassword; // Decrypt to the secure string. (the strings will still held in memory encrypted, but are now encrypted using // a randomly generated session key.) crypt.DecryptSecureENC(json.stringOf("http_login"),ssLogin); crypt.DecryptSecureENC(json.stringOf("http_password"),ssPassword); CkHttp http; // Cause the "Authorization: Basic ..." header to be added to HTTP requests // by setting the Login and Password properties. However, instead of setting the password property // directly, set it via the SetPassword method using the secure string. http.put_Login(ssLogin.access()); http.SetPassword(ssPassword); // Also indicate that Basic authentication is to be used.. http.put_BasicAuth(true); // Do an HTTP GET w/ Basic authentication. // REMEMBER: Always use TLS with Basic authentication. Otherwise your credentials are exposed for the world to see.. const char *responseStr = http.quickGetStr("https://www.chilkatsoft.com/helloWorld.html"); // Show the request header we sent in the QuickGetStr: strOut.append(http.lastHeader()); strOut.append("\r\n"); // The LastHeader looks something like this: // GET /helloWorld.html HTTP/1.1 // Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 // Connection: keep-alive // User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:49.0) Gecko/20100101 Firefox/49.0 // Accept-Language: en-us,en;q=0.5 // Authorization: Basic bXlIdHRwTG9naW46bXlIdHRwUGFzc3dvcmQ= // Accept-Encoding: gzip // Host: www.chilkatsoft.com SetDlgItemText(IDC_EDIT1,strOut.getUnicode()); } |
© 2000-2022 Chilkat Software, Inc. All Rights Reserved.