Help

Roku Developer Program

Join our online forum to talk to Roku developers and fellow channel creators. Ask questions, share tips with the community, and find helpful resources.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
WilDD
Roku Guru
‎02-10-2011 09:18 AM

Digest Authentication

Is Digest Authentication supported on anything other than roUrlTransfer, such as roVideoScreen, roAudioPlayer, roSlideshow, roPosterScreen, etc.?
0 Kudos
Reply
8 REPLIES 8
rilex
Visitor
‎02-10-2011 10:14 AM

Re: Digest Authentication

I hope you're also considering Basic Auth. Digest Authentication in IIS requires a Domain Controller and it is generally not used.
0 Kudos
Reply
gonzotek
Visitor
‎02-10-2011 11:02 AM

Re: Digest Authentication

"rilex" wrote:
I hope you're also considering Basic Auth. Digest Authentication in IIS requires a Domain Controller and it is generally not used.
Roku's docs have this to say about basic:
Boolean SetUserAndPassword(String user, String password)
 Enables HTTP authentication using the specified user name and password. Note that HTTP basic authentication is deliberately disabled due to it being inherently insecure. HTTP digest authentication is supported.
Remoku.tv - A free web app for Roku Remote Control!
Want to control your Roku from nearly any phone, computer or tablet? Get started at http://help.remoku.tv
by Apps4TV - Applications for television and beyond: http://www.apps4tv.com
0 Kudos
Reply
rilex
Visitor
‎02-10-2011 11:31 AM

Re: Digest Authentication

So Basic exists, but is not enabled? Or am I misunderstanding what they're trying to say? If it is deliberately disabled, why not do a check to validate that the connection is going over SSL?
0 Kudos
Reply
RokuKevin
Visitor
‎02-10-2011 11:33 AM

Re: Digest Authentication

It is not directly supported (via SetUserAndPassword() method) by ifHttpAgent used on many screen components. However, adding your own headers is supported so you can make either Digest Authentication or Basic Authentication work with any of the screen components. You'd just have to add the headers yourself. There are examples in the docs.

--Kevin
0 Kudos
Reply
jcohn
Visitor
‎10-02-2012 07:14 AM

Re: Digest Authentication

"There are examples in the docs."

I'm trying to figure out how to add my own headers in order to do digest authentication with roVideoScreen. I see examples for basic authentication, but the server I'm connecting to only suports digest. If anyone can point me at a digest authentication example, I'd greatly appreciate it.

I've successfully used SetUserAndPassword with a roUrlTransfer component. This provides digest authentication for roUrlTransfer components. It is very frustrating that the same functionality is not available for the roVideoScreen component. Why not directly support SetUserAndPassword in ifHttpAgent?

Thanks,
Jon
0 Kudos
Reply
jcohn
Visitor
‎10-03-2012 01:50 PM

Re: Digest Authentication

bump...

No ideas?

If I can simply access the headers in the 401 response to grab the nonce, then I will be able to manually construct my authentication headers. Is there really no way to get at these headers?

Thanks for any help or suggestions,
Jon
0 Kudos
Reply
RokuJoel
Binge Watcher
‎10-03-2012 02:03 PM

Re: Digest Authentication

http://sdkdocs.roku.com/display/RokuSDKv48/ifUrlEvent

roAssociativeArray GetResponseHeaders(Void)

Returns an roAssociativeArray containing all the headers returned by the server for appropriate protocols (such as HTTP).

Headers are only returned when the status code is greater than or equal to 200 and less than 300.



Add Header:
http://sdkdocs.roku.com/display/RokuSDK ... rlTransfer

Void AddHeader(String name, String value)

Add the specified HTTP header. Only valid for HTTP URLs.

If "x-roku-reserved-dev-id" is passed as name, the Roku box ignores the passed in value. In its place, sends the devid of the application publisher of the currently running app. This allows the developers server to know the client app talking to it is on the Roku box.
0 Kudos
Reply
TheEndless
Channel Surfer
‎10-03-2012 02:39 PM

Re: Digest Authentication

"jcohn" wrote:
bump...

No ideas?

If I can simply access the headers in the 401 response to grab the nonce, then I will be able to manually construct my authentication headers. Is there really no way to get at these headers?

Thanks for any help or suggestions,
Jon

Not ideal, but could you do a Head() request with the roUrlTransfer component to get the information you need to add the headers to the roVideoScreen's ifHttpAgent interface?
My Channels: http://roku.permanence.com - Twitter: @TheEndlessDev
Instant Watch Browser (NetflixIWB), Aquarium Screensaver (AQUARIUM), Clever Clocks Screensaver (CLEVERCLOCKS), iTunes Podcasts (ITPC), My Channels (MYCHANNELS)
0 Kudos
Reply
Need Assistance?
Welcome to the Roku Community! Feel free to search our Community for answers or post your question to get help.

Become a Roku Streaming Expert!

Share your expertise, help fellow streamers, and unlock exclusive rewards as part of the Roku Community. Learn more.