Webduino, the web server library for Arduino, now supports HTTP Basic access authentication. You can download a .zip file of the latest version from GitHub. (Note: The download link does not point to a specific version, but always to the very latest version of Webduino including features and/or bugs that were added/fixed after I wrote this post. Here’s the front page of the GitHub repository.)
Authentication means that you can now protect the web-enabled functions of your Arduino with a username and password.
There is at least one other version of Webduino supporting authentication, written by Claudio Baldazzi. It’s in this post on the original Google Project site of Webduino, with an example here. When I started working on improvements of the Webduino, plus new features for my own use, I considered using Claudio’s version but decided against it for the following reason:
With the Claudio’s version all pages of the Arduino would be protected by the same username and password. However I wanted a way to distinguish different user levels. E.g. Person A should be allowed to see on the web whether the lights are on or off, but only Person B is allowed to flick the switch.
Here’s how I did it.
The WebServer class now has two new methods: httpUnauthorized() sends error 401 back to the client, which in the case of a regular web browser causes the user to see a prompt for username and password. checkCredentials() checks whether a username and password have been sent with the request and whether they are valid, i.e. they have certain values. In a Webduino command function you should first run checkCredentials() and depending on the return value either run your “protected” code, like turning on the lights, or fire httpUnauthorized(). See the methods’ subpages of the API documentation for example code.