Web Page Authentication

Hi All,

I am trying to implement authentication in my web page created in my node.

Created below get API based in node to work only if user has logged-in in node-red or opening from the link which is availatble on config page of my node.

RED.httpAdmin.get('/mynode/web/', RED.auth.needsPermission('mynode.CMD.write'), function(req, res) {
    res.render('somefile.html');
});

URl in config

<a href="/mynode/web/" target="_blank"></a>

But I am getting Unauthorized message after opening even though user has logged-in in node-red.

Can anyone tell me how to achieve this from node-red default authentication?

Hi @Devbrat

the authentication mechanism uses a custom http header to provide the authentication token. There is code in the editor that ensures that token is attached to any request sent back to the runtime.

But that means it only works for requests sent by the editor. You cannot use this to protect other pages - as the browser won't know to include the authentication token when opening the page.

I'm currently looking at moving the editor to use a more traditional cookie-based method of providing the auth token due to an issue that was recently raised and that would also help you here. I don't know if that'll happen in the 1.2 timeframe or not.