Solved

Is it possible for a gateway app to tell the HTTP to pass authentication to it?

Posted on 1997-07-02
3
204 Views
Last Modified: 2013-12-25
I can return a 401 error, and get the browser to bring up the authentication window, but I can't get the server to call the gateway afterward.  I would like to have the HTTP server allow access to my gateway, and pass the authentication header onto the gateway app. Then my app would perform the user db look up in its own db.  I heard that you could change the scheme from Basic to something unknown and the server would pass it along, but I haven't been able to make that happen with IIS.  Is this possible?
0
Comment
Question by:mismith
  • 2
3 Comments
 
LVL 2

Accepted Solution

by:
Philippe earned 100 total points
ID: 1828682

mismith,

there is no problem in passing authentication info to a cgi script. Consider following script. If doesn't get authentication info it will output an 401 error. This will get the browser to prompt the user for a password. In next invocation the browser will provide authentication info in the HTTP_AUTHORIZATION environment variable. Your program can then happily parse this and find out if it chooses to serve the user or not.

The script is in shell script and works with CERN httpd. Your milage may vary.

Note that you need to tell the server not to parse the headers when you generate the 401 yourself (I guess you knew that, since you already got this far). For CERN httpd you do this by setting the first three letters of the name of the script to nph (for non-parse-header).

  hope this helps,

     Philippe

#/bin/sh

if [ -n "$HTTP_AUTHORIZATION" ]
then

cat <<EOF
HTTP/1.0 200 OK
Content-type: text/html

<HTML>
<BODY>
<h2>Thank you for submitting following authorization info: </h2>
$HTTP_AUTHORIZATION
</body>
</html>
EOF

else

cat <<EOF
HTTP/1.0 401 Unauthorized
WWW-Authenticate: Basic http://www.your_host/your_directory
 
EOF

fi


0
 
LVL 2

Expert Comment

by:Philippe
ID: 1828683

mismith,

Just a small correction. Although my script works, there is no need to put any URL on the WWW-Authenticate line. The standard usage of that extra info is to specify a realm for which the password will be valid. You could thus change

WWW-Authenticate: Basic http://www.your_host/your_directory

to

WWW-Authenticate: Basic realm="wonderland"

 cheers,

   Philippe

0
 

Author Comment

by:mismith
ID: 1828684
Thanks very much for the reply, but I must not have explained myself well.

The problem I have is not in sending the 401 to the browser but getting the response back after the browser returns the user name and password.  The server sends the 401 through, but then never passes the results back onto my gateway app after the user logs in. I never did set anything to a non-parsed-header, could this be my problem? Could you explain more about the NPH? I couldn't find HTTP_AUTHORIZATION  on IIS?

I don't have a directory or file I want to protect, I just want the gateway app to ask the browser for a username and password, and then use that data to do a look up on my own database. I don't want to use the HTTP servers user-db, because frankly IIS and NT have limited scalability and flexibility and I need a db for some specific tasks.

Your comment indicates it worked for you, I am wondering if it's an IIS problem.
Thanks again for your help.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I hope you'll find this tutorial useful and interesting. So let's try to extend Tcl with a new package.  For anyone more deeply interested please check out the book "Practical Programming in Tcl and Tk". It's really one of the best written books abo…
This article is meant to give a basic understanding of how to use R Sweave as a way to merge LaTeX and R code seamlessly into one presentable document.
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
The viewer will learn the basics of jQuery, including how to invoke it on a web page. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery.: (CODE)

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now