Authentication

This guide provides the list of supported authentication types and describes how to handle various authentication requests.

Proxy, Basic, Digest, NTLM

To handle Proxy, Basic, Digest or NTLM authentication use the onAuthenticate delegate. In this delegate, you can provide the required username and password, display the default Chromium auth dialog, or just cancel the auth request.

The following example demonstrates how to provide the required credentials:

browser->onAuthenticate = [](const AuthenticateArgs& args,
                             AuthenticateAction action) {
  action.authenticate("<username>", "<password>");
};

To cancel an authentication request use this code:

browser->onAuthenticate = [](const AuthenticateArgs& args,
                             AuthenticateAction action) {
  action.cancel();
};

To show the default Chromium authentication dialog use this code:

browser->onAuthenticate = [](const AuthenticateArgs& args,
                             AuthenticateAction action) {
  action.prompt();
};

The dialog will look like this:

Authenticate dialog

Integrated Windows Authentication and Kerberos

The Server Whitelist allows you to use the Integrated Windows Authentication (IWA) and Kerberos for the listed domains.

With IWA, Chromium can authenticate a user to a web server or proxy without prompting them for username and password. It uses the cached credentials which are established when the user initially logs in to the machine. IWA is supported for Negotiate and NTLM challenges only.

HTTP server authorization whitelist specifies which servers should be whitelisted for IWA. By default, IWA is enabled only when there is an authentication challenge from a proxy or from a server which is in this permitted list. If this list is not set, Chromium tries to detect if a server is on the Intranet and responds to IWA requests only for Intranet servers. If the server is detected as Internet, then IWA requests from this server are ignored.

HTTP network delegate whitelist specifies the servers that Chromium may delegate to. If this list is not set, Chromium does not delegate user credentials even if the server is detected as intranet.

The integrated authentication is disabled for the Incognito mode since Chromium 81. In this case, browser->onAuthenticate delegated will be invoked.

SuisseID, U2F

Molybden supports authentication through SuisseID and U2F devices. You do not need to do anything to enable them. These devices will be recognized automatically when you load a web page that requires this type of authentication.

WebAuthn API

Molybden supports the WebAuthn API. When a website requests to create new credentials, either for registering a new account or associating a new asymmetric key pair credential with an existing account, Chromium will show the dialog with available authentication mechanisms.

Authentication cache

To clear the authentication cache associated with a specific Profile use this code:

profile->httpAuthCache()->clear();

Previous
Network
Next
Spell Checker

Top