Solved: How could I get boolean request using Basic Authen...

vermagovind92 · 05-28-2019 08:59 AM

Hi All,

My use case is if I'm sending my request as :

uri?username=govind&password=verma

It should return response as : "True" And Similarly In query parameter, If my username and password is other than "govind verma" , It should give reponse as "False"

Could someone please help me?

Any Advice how could I acheive this requirement?

Thanks and Regards

Govind Verma

@Anil Sagar @ Google, @Dino-at-Google,@Brendan, @deboraelkin,@Siddharth Barahalikar,@Priyadarshi Ajitav Jena,@Robert Johnson,@Nisha Mallesh,@Anil Sagar,@sudheendras,@Mukundha Madhavan,@Jeremy Whitlock,@Nagashree B,

sidd-harth

Basic authentication policy does not enforce basic authentication on a request to an API proxy. Instead, you use it to Base64 encode/decode credentials.

Instead of sending username and password as queryparams, send then in Authorization header as base64encoded string.

Use below policy the username & password will be available as flow variables, use the flow variables as condition and set a Assign message policy on response side to send repsonse as True or False.

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<BasicAuthentication async="false" continueOnError="false" enabled="true" name="Basic-Authentication-1">
    <DisplayName>Basic Authentication-1</DisplayName>
    <Operation>Decode</Operation>
    <IgnoreUnresolvedVariables>false</IgnoreUnresolvedVariables>
    <User ref="username"/>
    <Password ref="password"/>
    <Source>request.header.Authorization</Source>
</BasicAuthentication>

View solution in original post

nagashree_b

@Govind Verma

By the way its very unsecure to expose username and password as query parameters

Your query is not clear. You mentioned - "boolean request", Do you mean response? Will you be routing to a backend or you just want to send the true or false response in Apigee layer.

What is the use of basic authentication policy if your condition is based on username and password values in the query parameter?

If you want to do it in Apigee, use a combination of assign message policies and condition flows.

<Response>  <Step>  <Name>Assign-Message-True</Name>  <Condition>request.queryparam.username = "govind" and request.queryparam.password = "verma"</Condition>  </Step>  <Step>  <Name>Assign-Message-False</Name><Condition>request.queryparam.username != "govind" or request.queryparam.password != "verma"</Condition>
  </Step>  </Response>

<?xml version="1.0" encoding="UTF-8" standalone="yes"?><AssignMessage async="false" continueOnError="false" enabled="true" name="Assign-Message-True">
<DisplayName>Assign-Message-True</DisplayName><Set>  <Payload contentType="text/plain">true</Payload></Set>  <IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables>  <AssignTo type="response" transport="http" createNew="false"/></AssignMessage>

View solution in original post

sidd-harth

Basic authentication policy does not enforce basic authentication on a request to an API proxy. Instead, you use it to Base64 encode/decode credentials.

Instead of sending username and password as queryparams, send then in Authorization header as base64encoded string.

Use below policy the username & password will be available as flow variables, use the flow variables as condition and set a Assign message policy on response side to send repsonse as True or False.

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<BasicAuthentication async="false" continueOnError="false" enabled="true" name="Basic-Authentication-1">
    <DisplayName>Basic Authentication-1</DisplayName>
    <Operation>Decode</Operation>
    <IgnoreUnresolvedVariables>false</IgnoreUnresolvedVariables>
    <User ref="username"/>
    <Password ref="password"/>
    <Source>request.header.Authorization</Source>
</BasicAuthentication>

vermagovind92

@Siddharth Barahalikar

Thanks for quick response...

nagashree_b

@Govind Verma

By the way its very unsecure to expose username and password as query parameters

Your query is not clear. You mentioned - "boolean request", Do you mean response? Will you be routing to a backend or you just want to send the true or false response in Apigee layer.

What is the use of basic authentication policy if your condition is based on username and password values in the query parameter?

If you want to do it in Apigee, use a combination of assign message policies and condition flows.

<Response>  <Step>  <Name>Assign-Message-True</Name>  <Condition>request.queryparam.username = "govind" and request.queryparam.password = "verma"</Condition>  </Step>  <Step>  <Name>Assign-Message-False</Name><Condition>request.queryparam.username != "govind" or request.queryparam.password != "verma"</Condition>
  </Step>  </Response>

<?xml version="1.0" encoding="UTF-8" standalone="yes"?><AssignMessage async="false" continueOnError="false" enabled="true" name="Assign-Message-True">
<DisplayName>Assign-Message-True</DisplayName><Set>  <Payload contentType="text/plain">true</Payload></Set>  <IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables>  <AssignTo type="response" transport="http" createNew="false"/></AssignMessage>

vermagovind92

@Nagashree B

Thanks for reply..

How could I get boolean request using Basic Authentication Policy.