For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Cwong_134054's avatar
Cwong_134054
Icon for Nimbostratus rankNimbostratus
Aug 18, 2014

HTML form authentication using F5 local database

Hi   I would like to use a HTML form to do authentication and compare the username and password to a data group in the BIGIP but it seems that when i enter the username or password, it is not retri...
application delivery
devops
iRules
LTM
Cwong_134054's avatar
Cwong_134054
Icon for Nimbostratus rankNimbostratus
Aug 18, 2014

Repost

when HTTP_REQUEST_DATA {

  set namevals [split [HTTP::payload] "&"]
  set [HTTP::username] username   
  set [HTTP::password] password    
  set auth_id  1
   Break out the POST data for username and password values
 for {set i 0} {$i < [llength $namevals]} {incr i} {
    set params [split [lindex $namevals $i] "="]
    if { [lindex $params 0] equals "username" } {
      set auth_username [lindex $params 1]
    }
    if { [lindex $params 0] equals "password" } {
      set auth_password [lindex $params 1]
    }
  }
  AUTH::username_credential $auth_id $username
  AUTH::password_credential $auth_id $password
  AUTH::authenticate $auth_id
  HTTP::collect



if { [HTTP::username] eq "" or [HTTP::password] eq "" } {
     Grab username and password from authorization header and compare
    if { $username || $password } { 
        HTTP::respond 200 content  "No username and password in Authorization header or Auth header missing." 
        } 
 Next look in the datagroup called LocalUsers for the user. The value is a hex D5password.Compare the value in the datagroup to the value of HTTP::password to determine if this is valid.
        set password [class lookup "$username" test_local_user] 
        if { $password eq "" } {
            if { $auth_id ==1 } { HTTP::respond 200 content  "Auth failed for user [HTTP::username] \ and the value in the datagroup was [class lookup [HTTP::username] LocalUsers] "} 
        } else {
           Convert password to MD5 hash in hex
            binary scan [ md5 [$password]] H* hexhash 
            if { $password } { log local0. "password MD5 = $hexhash" } 
            if { $password eq $hexhash } { 
                pool test_pool
                if { $auth_id } { HTTP::respond 200 content "Auth succeeded for user [HTTP::username] and the value in the datagroup was [class lookup [HTTP::username] LocalUsers] "}
                 Exit this event for this iRule to prevent sending a 401 below
                return 
            } 
        } 
    }
HTTP::respond 401 content "Error:Authentication Failure" WWW-Authenticate "Basic realm=\"local.loc\""
}