First FezCobra II application

luca_santoro · January 9, 2014, 11:49am

Hello ,
I am very happy because i have almost completed my first application with the Fez Cobra II net.

It is a HTTP Server that enables the monitoring of the state of a central alarm unit.
The central alarm unit can be connected via RS 232 or via LAN (using a RS-232 to Ethernet module).

Initially I had several performance issues in http/https communication, to solve them I adopted a thread pool (There is an interesting thread on this forum) to handle the request.
I used static html pages with asynchronous calls to json services with the minimum data set.
Another trick was to force the cache on the client for html, js , images etc…
All of the resources (html, js etc. ) reside in a resource file and then on the flash ( no SSD).
This caused me some problems during development because I often had to recompile and deploy, but using the emulator microsoft was fast.
Lastly I overclocked the ram of the Fez Cobra II and it really is much faster ( 40% faster in a request / response), for now I have not had any problems.
I have integrated authentication (form and basic) and a server-side session management with user access control and sending emails.

I would like to try it on a Raptor, but the size of the small Cobra II are optimal (It would be nice a Raptor with the Cobra II package :D).

Sorry for my English (Google Translator)

Luca

jasdev · January 10, 2014, 12:03am

Wow - very impressive!

Patrick · January 10, 2014, 10:17am

Hi Luca, can you tell or show me something more about the way you integrated the form and basic authentication in your webserver?

Thx!

luca_santoro · January 15, 2014, 5:30am

Hi Patrick,

For basic authentication just check “authorization header”
if it contains the BASE64 encoded pair user:password, decode it and just check its validity.
If it is not valid or not exists simply add the header in the response
WWW-Authenticate: Basic realm = “your realm” and httpStatus = 401

In summary, in my project I created a server session management.
I used two cookies, a session cookie and an authorization cookie.
For each request check the validity of the session cookie.
For resource that to be authorize, i check the validity of the authorization cookie within rules saved into the server session (FORM) or the validity of the header Authorization (Basic).
If not authorized redirect to the login page (FORM) or add the header
WWW-Authenticate … (Basic) and httpStatus = 401

For me, all resources are to be authorize except those in a white list.
The application can run in Basic or Forms authentication but not in both (i use only Form)