Solved

how do you put authentication credentials in http headers

Posted on 2010-11-10
7
258 Views
Last Modified: 2012-05-10
I've searched the web and here on experts exchange but I can't seem to find this. We are setting up taking credit cards online. Our clearing house is sending back there data stream, but say they can't put a user name and password in the response url. So this is our next step. We are data base guys with very little experience in this area. Any help you guys can provide is much appreciated.
0
Comment
Question by:jeffr1970
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 6

Expert Comment

by:brb6708
ID: 34103277
why do you need username and password in header?

Is this an assynchronour process (you submit data not waiting for the answer - clearing house sends back information later and jou have to identify this information against your submit)?

Please provide more information about your data flow.
0
 

Author Comment

by:jeffr1970
ID: 34103391
The clearing house does send the response url a few minutes after the submit. The problem we are having is that all the files are secured. We were thinking if we could put the user name and password in the http header then we could authenticate with our server and get at the programs and data we need.
0
 
LVL 6

Expert Comment

by:brb6708
ID: 34103680
I supposed that. Which information dou you pass to the clearing house or is it possible, to pass an identifier that you get back from the clearing house?
0
Report: Liquid Web beats Amazon, Rackspace & More

A study by performance analyst firm Cloud Spectator finds that Liquid Web beats rivals Amazon, Rackspace and DigitalOcean when it comes to website and cloud application performance.

 

Author Comment

by:jeffr1970
ID: 34104135
We can pass an echo command with anything we want attached to it, for example echo_x=XXXXX.
0
 
LVL 6

Expert Comment

by:brb6708
ID: 34104549
so generate an encrypted key containing some unguessable information using a two way encryption method and use this as key

example

Key containing     userid=4711;accountid=ABCDE
encrypt it so it looks like      epWbVJeaoFOfoZaboQ%3D%3D

and transmit it like echo_x=epWbVJeaoFOfoZaboQ%3D%3D

when clearing house returns key

decrypt it again, check structure (userid=«value», accountid=«value»)
compare if information fits to the remaining parameters and then you can be sure, that returned info is authentic. Even if somebody knows about the structure, propper encryption ensures that values cannot be read out from the datastring.

And so you are able to process in a normal way in yout authentication process.

0
 

Author Comment

by:jeffr1970
ID: 34104756
The respone that we get back is a url that is on an unsecuried site. We will then go to a secured web folder and access ntfs secured folders. At this point we then need to send through http that this is an authenticated user.  
0
 
LVL 6

Accepted Solution

by:
brb6708 earned 500 total points
ID: 34105498
ok, seems to fit to my proposal. The echo_string can contain all information needed for that.
0

Featured Post

Salesforce Made Easy to Use

On-screen guidance at the moment of need enables you & your employees to focus on the core, you can now boost your adoption rates swiftly and simply with one easy tool.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Google Analytics - viewing a page 10 86
Management of Huawei B315 2 74
Can't Find the Homepage on my site 4 47
transfer content to new site design 7 49
When it comes to write a Context Sensitive Help (an online help that is obtained from a specific point in state of software to provide help with that state) ,  first we need to make the file that contains all topics, which are given exclusive IDs. …
There’s a good reason for why it’s called a homepage – it closely resembles that of a physical house and the only real difference is that it’s online. Your website’s homepage is where people come to visit you. It’s the family room of your website wh…
The viewer will the learn the benefit of plain text editors and code an HTML5 based template for use in further tutorials.
HTML5 has deprecated a few of the older ways of showing media as well as offering up a new way to create games and animations. Audio, video, and canvas are just a few of the adjustments made between XHTML and HTML5. As we learned in our last micr…

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question