cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Logon authentication in REST web service

Former Member

on ‎07-05-2011 11:08 PM

0 Kudos

Hi Experts,

I have a requirement here,i used a SAP function module that authenticate the SAP user name and password to authenticate user.

Now the end user sends a https call from his mobile device like this:

http://xx.xxx.xxx.xxx/sap/USERNAME=myusername&PASSWORD=mypassword.

I am extracting the the user name and password then try to authenticate the user name and password in my web service.

In this form of URL anyone can easily hack the user name and password.

Can anyone tell me how can i secure user name and password in this scenario????

I don't want to use Basic authentication settings because if end user try with a wrong password its gets user locked.

I would really thankful to you!!!

Thanks,

Sanjay@tpc

Edited by: Gourav Khare on Jul 6, 2011 10:23 AM: Message Subject changed

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

Former Member
‎04-21-2014 9:57 PM
0 Kudos

Hi.

Do not send a username password combination but a username hash(username:password) combination, also work with hashvalues in your backend not with passwords saved anywhere.

Passwords should never be send over the network and should neither be stored.

The http get parameters are also secured via https, so as long as your ssl connection is not compromised it is no problem to transfer them in  a "fat url".

Best regards

Roland

Show replies
Show replies
Former Member
‎07-06-2011 8:17 AM
0 Kudos

I think that Alternative Logon Order, can be nice for your issue.

Take a look:

http://help.sap.com/saphelp_nw04/helpdata/en/c6/839c4eea6f374b8e230ef4b152b110/frameset.htm

Show replies
Show replies
Former Member
‎07-06-2011 6:00 AM
0 Kudos

Dear Sanjay aka Marco,

Please desist posting same question multiple time, you are also using two id on SCN. Using clones is strictly forbidden and kindly raise request to delete your one id and keep another.

Now regarding your question it is unclear what you are trying to achieve, can you be more specific with some example to make us uderstand what actual problem is.

Regards,

Gourav

Show replies
Show replies
Ask a Question