How securely connect to stream without showing the login dialog?

[Abedron]

Axis cameras do not support Basic authorization and Digest authorization still invoke login dialog.
Connecting to stream with name and password in URL works without login dialog, but it's not secure.

Is this even possible, or are there any technical details to suppress the login dialog during authorization?

[steabert]

Basic authentication over HTTPS isn't necessarily insecure, it's mostly a no-go when using HTTP. So if you use HTTPS it's an option, but that will expose the password (or token) to the user (but I guess that's the case anyway if you are going to bake in authentication client-side).
Digest authentication will not allow you to suppress a login dialog as the browser takes over the login flow and won't allow you to interfere with it from JavaScript.

[rostacik]

hi @steabert, thx again for response.

yes you are right, sending them via HTTPS would be a viable way but the problem what we encountered is that we somehow are not able to switch the cameras to accept Basic auth. they all the time try Digest.

also we found this link https://faq.axis.com/s/article/does-axis-device-manager-support-basic-authentication?language=en_US and not sure if our customers are using AXIS Device Manager but looking at these steps :

• The device is not in AXIS Device Manager list before it is configured to use basic authentication.
• HTTPS is disabled on the device through the web interface (only HTTP should be enabled) before it is added to the AXIS Device Manager list.
• Basic authentication is the only option (no digest authentication) before the device is added to AXIS Device Manager list.

we hope this doesn't imply the Basic auth only works via HTTP.

I also found this discussion - https://stackoverflow.com/questions/86105/how-can-i-suppress-the-browsers-authentication-dialog and it seems that ... the server drops the www-authenticate header in its response. The side effect is that the default authentication popup does not appear. but this would need we are in control (somehow) what the camera does in it's webserver and IDK if that is possible. is there something like that in the configuration UI? I was not able to find such a thing.

so it all boils down to simple "problem" - how to make camera happy with Basic auth via https + have wss stream we asked here #1022 (sorry we split our problem to 2 separate questions but ultimately that is what we need in the end).

[steabert]

It should be totally possible to use basic auth with HTTPS, if you cannot get that to work it's better to ask support with the specific details of how the camera is setup and/or integrated.