Bypass login on iphone

[uuu1234]

Hi,

 

I'm trying to bypass username and password login when I access Isy994i web page from my iphone. I have generated a self signed certificate on ISY and iphone seems to take it OK, however iphone still doesn't save the login password and insist me to login every time. I'd appreciate any suggestion of what I'm missing, do I need a CA signed cert for this to work? or any other option to walk around this without buying an app.

 

Thanks

[stusviews]

There is no option to bypass (or save) login credentials. This is done for security.

[MWareman]

Try using Lastpass to automate password entry.

[fahrvergnuugen]

You can save your username & password quite easily because it is a standard HTTP 401 challenge, so you can submit your credentials via the URL.

 

The syntax is:

http://username:password@hostname

 

So if your username is mwareman, and your password is "topsecret" and your ISY is on IP address 10.0.1.10, enter this URL into safari:

 

http://mwareman:topsecret@10.0.1.10

 

Then bookmark it and save it as a web short cut on your home screen. This will put an application icon directly on your iPhone's springboard which has the username and password saved in the address.

 

Safari will complain about accessing a phishing site because it detects that you are passing a username & password in the URL. You can ignore the warning every time, or you can disable the warning in the preferences (only do this if you know what you are doing).

 

HTH!

[uuu1234]

Thanks for everyone's help, when I searched other posts of similar requests, I was under the impression Safari will save the login/password of ISY web access for me if I'm connecting through proper ssl certificate. just so I'm absolutely clear, the reason iphone sarafi wouldn't save the login/password for me is because the web server (in this case isy) requests it not to, it's not because safari think my connection is still not secure enough?

 

Fahrvergnuugen: Thanks for the suggestion, I'm not brave enough to put my login password in plain text in an url though.

 

I have tried loginbox app on iphone to automate the login process but somehow it doesn't work with isy web page and I could never record the login session. I don't feel comfortable with all my passwords in the cloud, so I've not tried lastpass either.

[jerlands]

Fahrvergnuugen: Thanks for the suggestion, I'm not brave enough to put my login password in plain text in an url though.

 

 

You can use https://username:password@mysite.dns.org:portnumber and bookmark it.

 

 

Jon...

[uuu1234]

Feel free to correct me, but my understanding is that the communication will be encrypted AFTER the https url, but not the url itself. In another word, if I try to access my ISY in a public wifi with the https://username:password@address:porturl, someone with a sniffer will be able to catch my login password?

[MWareman]

Feel free to correct me, but my understanding is that the communication will be encrypted AFTER the https url, but not the url itself. In another word, if I try to access my ISY in a public wifi with the https://usernameassword@addressorturl, someone with a sniffer will be able to catch my login password?

No. The rfc specifies how a URL is handled. The usernameassword@ before the fqdn is base32 encoded and added as an 'Authorization' header by the browser, and sent with the GET request after the encryption is negotiated.

 

This means, its safe - assuming you have a trusted certificate making it obvious if you are accessing thru a man in the middle proxy.

[uuu1234]

Thanks for the explanation MWareman, I will give it a try then.