Hi
I need to have some none “technical” staff have access to certain parts of webfig.
Made a quick webpage as a “control panel” for several RBs, with link to webfig for each.
Like this: http://username:password@10.1.60.2/webfig/#IP:DHCP_Server.Leases
But still i just get the login page for webfig.
Any way to make this autologin work?
And any way to only show certain parts, like DHCP server leases, without showing the entire menu?
Regards
At the moment admin without password login automatically to webfig.
Configure appropriate skin for admin user (and do not forget to grant it read permissions).
Similar problem. Related question, I have a limited user without any password, can I create some URL that specifies the user name it to login in instead?
E.g. http://RouterOS.example.com/webfig/#Tools:Ping?login=testonly
Basically I’d like to have a URL link to a webfig pages that doesn’t redirect to login. Tried using a web server in between to do some login, but even that didn’t work. Since the login uses a webpage, we couldn’t figure out a clean way to fetch a webfig page from a web server to workaround this. I understand basic auth doesn’t work. And I take it X.509 client don’t work to access webfig as that solve my problem too?
Any ideas?
Did someone find a way to auto-login or to pass user+pass to open webfig?
I’m not sure there is one without using a container with a HTTP proxy and custom code to mimic the webfig login.
The 2013 suggestion to use “admin” with no password (and in the read group) understandably no longer works.
I guess some headless browser can be used to proxify requests which can properly process login page with its js that encrypts password for payload in POST /jsporxy. Webfig doesn’t accept basic auth so credentials can’t be used in URL.
if I’m not mistaken:
When inspecting in browser I see only username set in cookie and other site storages are empty (cache, local storage, session storage...):
I didn’t go into detail, but the point is that the data is encrypted,
is not possible to log in with a simple click on a link, whether or not it contains a username and password…
Yes, I wrote that previously, basic auth is not accepted (URL schema auth), but proxifing trough some headless browser maybe it will be possible to achieve that. Also it is obvious that session is not persisted in browser storage because when you open new tab or window it always asks for password.
The underlying issue is that webfig is essentially a JS that generates html dynamically that uses window.sessionStore to store/retrieve the user/password in the browser’s session. And why auth is cleared in a new tab, as @optio suggests. And is not some simple “one click” as already @rextended states. And it’s more complex than a simple proxy than I originally suggest — stuff need to happen with in the web browser to set auth (e.g. I thought it used cookie that be manageable in proxy, so such luck).
But there is some code in webfig to deal with it, but the sessionStore has to be set first:
function autoLogin() {
const user = window.sessionStorage.getItem("name");
if (user) {
doAuth(user, window.sessionStorage.getItem("password"));
window.sessionStorage.clear();
} else if (window.name) {
const [method, loginData] = window.name.split(/=(.*)/s);
window.name = "";
if (["login", "autologin"].includes(method) && loginData) {
const [user, pwd] = loginData.split(/\|(.*)/s);
doAuth(user, pwd);
}
} else logout();
}
I ended up just using REST and my own status page to avoid needing this. But being able to re-use webfig’s “status page” (and Dude map too) without need the browser auth would be a nice-to-have.
??? Where?
"is not possible to log in with a simple click on a link, whether or not it contains a username and password..."
Everyone's point is it ain't easy.
Ok, written like this, it seemed that I was convinced that is just a simple click…
Better:
And is not some simple “one click” as already @rextended states
There are some frameworks which can be used, like Puppeteer for NodeJS, but requires custom HTTP service development that wraps requests for Webfig and interceps login, there is no generic solution for this afaik