[mapguide-internals] Problem with Authorization/Authentication of mapguide clients (not browser) in mapagent CGI

Trevor Wekel trevor.wekel at autodesk.com
Mon Dec 8 23:35:53 EST 2008


Yes.  The mapagent uses HTTP basic authentication.  For secure sites, HTTPS/SSL is required.

The mapagent also supports URL parameters as follows:

USERNAME=xxx&PASSWORD=yyy
- Clear text username and password

SESSION=MapGuideSessionId
- MapGuide session identifier created using CreateSession

If you are running on Windows, try using Fiddler to snoop the HTTP requests/responses http://www.fiddlertool.com.  It may provide you with more information.

The Ajax and Fusion viewers create a session when the map in loaded and will SESSION=xxxyyy for subsequent requests.

Thanks,
Trevor


-----Original Message-----
From: mapguide-internals-bounces at lists.osgeo.org [mailto:mapguide-internals-bounces at lists.osgeo.org] On Behalf Of Kenneth Skovhede, GEOGRAF A/S
Sent: Friday, December 05, 2008 1:30 PM
To: MapGuide Internals Mail List
Subject: Re: [mapguide-internals] Problem with Authorization/Authentication of mapguide clients (not browser) in mapagent CGI

I belive MapGuide uses regular HTTP authentication:
http://en.wikipedia.org/wiki/Basic_access_authentication

Maestro uses the .Net credential system to authenticate,
which I presume uses HTTP authentication.

You can also send the credentials by either a querystring or a form.
The fields are "USERNAME" and "PASSWORD".

If you are looking for security, you must use HTTPS/SSL on the webserver.

Regards, Kenneth Skovhede, GEOGRAF A/S



UV skrev:
> Hi all,
>
> I need some information about how authentication is implemented between
> the mapguide clients and the mapagent CGI.
>
> I did some debugging of the webagent which showed that no conditions to
> authorize the access are meet regarding the environment variables passed
> in via the HTTP request from the mapguide client applications.
>
> I am able to access the server via a browser using mapadmin and request
> some data.
> The first authentication also fails but causes the browser to prompt me
> with a login window.
> The subsequent request then has the HTTP_AUTHORIZATION variable set
> which permits the request to be passed on the the mapguide server.
>
> When I try to access the mapagent with maestro or mapguide studio this
> does NOT HAPPEN
> and the failed authentication simply fails the login of the client.
>
> Can someone shed some light on this please?
> Which values are supposed to be passed from the mapguide clients?
>
> Thanks
> UV
>
> _______________________________________________
> mapguide-internals mailing list
> mapguide-internals at lists.osgeo.org
> http://lists.osgeo.org/mailman/listinfo/mapguide-internals
>
_______________________________________________
mapguide-internals mailing list
mapguide-internals at lists.osgeo.org
http://lists.osgeo.org/mailman/listinfo/mapguide-internals


More information about the mapguide-internals mailing list