Avatar of jeffr1970
jeffr1970 asked on

how do you put authentication credentials in http headers

I've searched the web and here on experts exchange but I can't seem to find this. We are setting up taking credit cards online. Our clearing house is sending back there data stream, but say they can't put a user name and password in the response url. So this is our next step. We are data base guys with very little experience in this area. Any help you guys can provide is much appreciated.
HTMLHTTP ProtocolWeb Development

Avatar of undefined
Last Comment
Bernie Bsen

8/22/2022 - Mon
Bernie Bsen

why do you need username and password in header?

Is this an assynchronour process (you submit data not waiting for the answer - clearing house sends back information later and jou have to identify this information against your submit)?

Please provide more information about your data flow.
ASKER
jeffr1970

The clearing house does send the response url a few minutes after the submit. The problem we are having is that all the files are secured. We were thinking if we could put the user name and password in the http header then we could authenticate with our server and get at the programs and data we need.
Bernie Bsen

I supposed that. Which information dou you pass to the clearing house or is it possible, to pass an identifier that you get back from the clearing house?
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy
ASKER
jeffr1970

We can pass an echo command with anything we want attached to it, for example echo_x=XXXXX.
Bernie Bsen

so generate an encrypted key containing some unguessable information using a two way encryption method and use this as key

example

Key containing     userid=4711;accountid=ABCDE
encrypt it so it looks like      epWbVJeaoFOfoZaboQ%3D%3D

and transmit it like echo_x=epWbVJeaoFOfoZaboQ%3D%3D

when clearing house returns key

decrypt it again, check structure (userid=«value», accountid=«value»)
compare if information fits to the remaining parameters and then you can be sure, that returned info is authentic. Even if somebody knows about the structure, propper encryption ensures that values cannot be read out from the datastring.

And so you are able to process in a normal way in yout authentication process.

ASKER
jeffr1970

The respone that we get back is a url that is on an unsecuried site. We will then go to a secured web folder and access ntfs secured folders. At this point we then need to send through http that this is an authenticated user.  
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ASKER CERTIFIED SOLUTION
Bernie Bsen

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question