uuu1234 Posted December 9, 2015 Posted December 9, 2015 Hi, I'm trying to bypass username and password login when I access Isy994i web page from my iphone. I have generated a self signed certificate on ISY and iphone seems to take it OK, however iphone still doesn't save the login password and insist me to login every time. I'd appreciate any suggestion of what I'm missing, do I need a CA signed cert for this to work? or any other option to walk around this without buying an app. Thanks
stusviews Posted December 9, 2015 Posted December 9, 2015 There is no option to bypass (or save) login credentials. This is done for security.
MWareman Posted December 9, 2015 Posted December 9, 2015 Try using Lastpass to automate password entry.
fahrvergnuugen Posted December 9, 2015 Posted December 9, 2015 (edited) You can save your username & password quite easily because it is a standard HTTP 401 challenge, so you can submit your credentials via the URL. The syntax is: http://username:password@hostname So if your username is mwareman, and your password is "topsecret" and your ISY is on IP address 10.0.1.10, enter this URL into safari: http://mwareman:topsecret@10.0.1.10 Then bookmark it and save it as a web short cut on your home screen. This will put an application icon directly on your iPhone's springboard which has the username and password saved in the address. Safari will complain about accessing a phishing site because it detects that you are passing a username & password in the URL. You can ignore the warning every time, or you can disable the warning in the preferences (only do this if you know what you are doing). HTH! Edited December 9, 2015 by fahrvergnuugen
uuu1234 Posted December 10, 2015 Author Posted December 10, 2015 Thanks for everyone's help, when I searched other posts of similar requests, I was under the impression Safari will save the login/password of ISY web access for me if I'm connecting through proper ssl certificate. just so I'm absolutely clear, the reason iphone sarafi wouldn't save the login/password for me is because the web server (in this case isy) requests it not to, it's not because safari think my connection is still not secure enough? Fahrvergnuugen: Thanks for the suggestion, I'm not brave enough to put my login password in plain text in an url though. I have tried loginbox app on iphone to automate the login process but somehow it doesn't work with isy web page and I could never record the login session. I don't feel comfortable with all my passwords in the cloud, so I've not tried lastpass either.
jerlands Posted December 10, 2015 Posted December 10, 2015 Fahrvergnuugen: Thanks for the suggestion, I'm not brave enough to put my login password in plain text in an url though. You can use https://username:password@mysite.dns.org:portnumber and bookmark it. Jon...
uuu1234 Posted December 10, 2015 Author Posted December 10, 2015 Feel free to correct me, but my understanding is that the communication will be encrypted AFTER the https url, but not the url itself. In another word, if I try to access my ISY in a public wifi with the https://username:password@address:porturl, someone with a sniffer will be able to catch my login password?
MWareman Posted December 11, 2015 Posted December 11, 2015 Feel free to correct me, but my understanding is that the communication will be encrypted AFTER the https url, but not the url itself. In another word, if I try to access my ISY in a public wifi with the https://usernameassword@addressorturl, someone with a sniffer will be able to catch my login password?No. The rfc specifies how a URL is handled. The usernameassword@ before the fqdn is base32 encoded and added as an 'Authorization' header by the browser, and sent with the GET request after the encryption is negotiated. This means, its safe - assuming you have a trusted certificate making it obvious if you are accessing thru a man in the middle proxy.
uuu1234 Posted December 12, 2015 Author Posted December 12, 2015 Thanks for the explanation MWareman, I will give it a try then.
Recommended Posts