logo elektroda
logo elektroda
X
logo elektroda
Advanced Search
logo elektroda

How to Enable Web Authentication in OpenBeken Version 1.17.342 and newer

castorw 
Login window for the administrative interface with the password field filled.
Intro
Authentication to administrative interface is present for most connected devices and a basic security requirement. OpenBeken supports web authentication since version 1.17.342. Web authentication is implemented using simple HTTP basic authentication mechanism. This allows protection of devices against unwanted access or malicious configuration or control. When web authentication is enabled the entire web admin interface and APIs are protected with HTTP basic authentication. This (currently) does not apply to various integrations implemented within OpenBeken.

Supported platforms:
* OpenBK7231T,
* OpenBK7231N,
* OpenXR809,
* OpenBL602.

Setup
To enable web password authentication login to your OpenBeken device web interface and enter Config -> Configure WiFi & Web configuration section.

On the bottom you can see Web Authentication section. This section provides two options:
* Enable web authentication - enables web authentication and will require user to log in before accessing web admin interface,
* Admin Password - password to be used.

Username is always admin.

Screenshot showing network authentication interface with an enabled option and a password field.


Usage
Next time you will access web portal or API, you will be required to enter username (admin) and configured password. Any integrations using any web-based API will need to authenticate as well.

Login window with basic HTTP authentication showing user admin.


Safe Mode
By default web authentication (if configured) is enabled even when the device enters Safe Mode. This acts as a security measure, since device creates open AP to which anyone can connect and could possibly control the device or even misconfigure it to cause damage (eg. relays used to control heating, water pumps, etc.).

If you, however, wish to disable password authentication is safe mode, this can be done using global flag 44 in Config -> Configure General/Flags section. It is not recommended though.

Configuration window with flag options in the OpenBeken interface.


And that would be all, now your device has at least some basic security when it comes to administration 😉
About Author
castorw
castorw wrote 1 posts with rating 2 . Been with us since 2023 year.

Comments

p.kaczmarek2 13 Dec 2023 23:25

This is surely a very important feature. Here's a link to the first public build that includes it: https://github.com/openshwprojects/OpenBK7231T_App/releases/tag/1.17.343 Btw, the LittleFS issue we've... [Read more]

mbk_med 29 Sep 2024 19:35

Hi, is it possible to have Authentication on the W600 platform? Thank you. [Read more]

p.kaczmarek2 29 Sep 2024 19:40

@divadiow do you have W600 at hand? @max4elektroda ? [Read more]

max4elektroda 29 Sep 2024 19:58

Sorry, no W600 here, but W800, which is in the same line with W600 for the define in new_pins.h. So I could try with W800 [Read more]

divadiow 29 Sep 2024 20:04

a transplanted TW-02 in a mini switch. Air602 in the post. [Read more]

max4elektroda 29 Sep 2024 20:36

PR1369 is compiling ATM Added after 27 [minutes]: Ahh, its missing a "char webPassword[33]" in "mainConfig_t". If I calculated correctly and we have "initCommandLine[512]" starting at 0x000005E0... [Read more]

mbk_med 29 Sep 2024 20:47

Hi, I have 3 wall sockets with a W600 that I just successfully flashed. [Read more]

p.kaczmarek2 29 Sep 2024 20:57

My memory may not be right but I seem to remember that there was some issue with config size on W600 or W800.... that it was failing to save config when the config size was bigger than given threshold...... [Read more]

max4elektroda 29 Sep 2024 21:21

O.k, made a PR with a password reduced to 30 bytes. Tested W800 : After OTA I had to restart it by hand and then at least WiFi config was gone (started as Open AP). But setting SSID and PW worked and... [Read more]

divadiow 29 Sep 2024 21:29

https://obrazki.elektroda.pl/1561370500_1727638305_thumb.jpg https://obrazki.elektroda.pl/1833429400_1727637621_thumb.jpg [Read more]

max4elektroda 29 Sep 2024 21:34

Nice, did your config "survive" the update on W600? [Read more]

p.kaczmarek2 29 Sep 2024 21:37

Wait, shouldn't config stay if you don't change the size of config structure? As per new_cfg.c: static byte CFG_CalcChecksum(mainConfig_t *inf) { int header_size; int remaining_size; byte crc; int... [Read more]

max4elektroda 29 Sep 2024 21:43

I didn't attach serial, so I can't tell what was wrong... In the end it seems to work [Read more]

divadiow 29 Sep 2024 22:10

appears to have done. did OTA to latest public then OTA to PR. The only minor behavioural thing is that the password is ineffective if you use the same browser session after setting the password. device... [Read more]

max4elektroda 29 Sep 2024 22:20

Yes, that's the problem with the used basic auth, it's saved in the browser as long as the tab/window isn't closed; since there is no additional information, it will access the device even after a reb... [Read more]

max4elektroda 17 Oct 2024 16:17

Since @divadiow asked in git: @pkaczmarek2 could you please take a look in git if my assumption about the reason is reasonable ;-)? [Read more]

%}