Dream Factory Secure Authentication

[Deon]

Hi

I can currently connect to Dream Factory and connect to my remote DB through guest user. I need to have a more secure connection.

I have setup Generic Security Context with Username and Password. In my List Service I have specified this Security Context.

I get an error to say that there is no session token.

I have also tried to put the username and password directly into the Header of my List service but get the same error.

How would I pass my Dream Factory Username/Password to Dream Factory to allow me access?

Again access through Guest User works perfect and I can also access Dream Factory via Firefox RESTClient by adding authentication to the header and disable guest access in DF.

I thought it may be syntax and I have used both username/password (lower case) and Username/Password. Neither works.

In addtion, I am allowing any (*) host to access DF. Is there some way I can only allow access from Appery Host? Through Proxy maybe?

Thank you

[Jeffrey J. Stables]

DreamFactory doesn't require username and password in a header. To instantiate a session, you POST pre{"email":"email_value", "password":"password_value"}/pre and receive back a session_id, which you then pass as HTTP header preX-DreamFactory-Session-Token/pre

Documentation here.

You may allow specific servers access in your DreamFactory CORS configuration by IP address or hostname. Documentation here.

[Deon]

Thanks Jeffrey

So it is email and not username? That is possibly where I went wrong.

Yes. I understand the CORS. I need IP details from Appery. However from a mobile phone, I would assume that I am connecting directly to your rest service and do not pass through appery at all, which means I have to keep it open for any IP Address.
Please correct me if I am wrong.

Thank you

[Alena Prykhodko]

Hello Deon,

Here are Appery.io proxy IP addresses

54.225.115.94

54.197.245.210

54.83.195.81

54.83.195.77

54.221.255.233

54.221.204.31

[Deon]

Thanks Alena. Not what I am looking for, see comment to Jeffrey above.

[Deon]

Hi Jeffrey. I dont want to limit by IP or Host name. Must be username/password based but sending the the credentials from appery does not seem to work with appery's generic security context service

[Alena Prykhodko]

Hello Deon,

Could you please specify what information do you require?

[Deon]

I want to query info from a table in a MySQL database using Dreamfactory.
It works perfectly as Guest. I created a query service and want to pass the username and password. According to Jeffery all I need to do is post {"email":"email_value", "password":"password_value"} and the session token will be handed. I tried using the Appery security context with email and password but it does not work. I also added the username and password to the request but this did not work either.

[Serhii Kulibaba]

Hello Deon, We are very sorry, but this is something outside the [scope] (http://devcenter.appery.io/support-po...) of our support. You have to use Dreamfactory by yourself

[Deon]

I disagree. It is appery.io that is the problem. I am using standard REST security settings and it is not working.