Page 280 - Asterisk™: The Future of Telephony
P. 280

LOGIN
               The LOGIN command authenticates credentials for the Manager interface’s HTML view.
               Once you are logged in, Asterisk stores a cookie on your browser (valid for the length
               of the httptimeout setting). This cookie is used to connect to the same session. The URL:
               http://localhost:8088/asterisk/rawman?action=login&username=asterisk_http
               &secret=gooey
               sends a login command to the web server that includes the credentials. If successful,
               the web server responds with:

                   Response: Success
                   Message:  Authentication accepted
               This, of course, is a very simplistic way for a login to work. Sending the username and
               secret password in a URL is bad practice, though it’s very useful during development.
               A more appropriate way to handle the login, and an example of more complex com-
               mand processing, is to use a challenge/response sequence. Issue a request like this:
               http://localhost:8088/asterisk/rawman?action=challenge&AuthType=md5

               The CHALLENGE command initiates a challenge/response sequence that can be used to
               log in a user. The server responds by sending a challenge (an arbitrary string) in the
               response:
                   Response: Success
                   Challenge: 113543555
               Your application answers the challenge by computing the MD5 hash of the challenge
               concatenated with the user’s password. Here’s how a user might manually calculate
               the MD5 hash:
                   # echo -n 113543555gooey | md5sum
                              50a0f43ad4c9d99a39f1061cf7301d9a  -
               You can then use the calculated hash as the login key in a URL like this:
               http://localhost:8088/asterisk/rawman?action=login&username=asterisk_http
               &authtype=md5&key=50a0f43ad4c9d99a39f1061cf7301d9a

                           For security reasons, the login action must take place within five seconds
                           of the challenge action. Note also that cookies must be enabled for the
                           challenge/response to work, as the cookie ensures that the login action
                           uses the same manager session ID as the challenge action.

               If you use a manager URL to request the challenge (instead of using rawman), the response
               will be formatted as HTML:
                   <title>Asterisk™ Manager Interface</title>
                   <body bgcolor="#ffffff">
                   <table align=center bgcolor="#f1f1f1" width="500">
                   <tr><td colspan="2" bgcolor="#f1f1ff"><h1>  Manager Tester</h1></td></tr>


               252 | Chapter 11: The Asterisk GUI Framework
   275   276   277   278   279   280   281   282   283   284   285