Solved

Is it possible for a gateway app to tell the HTTP to pass authentication to it?

Posted on 1997-07-02
3
203 Views
Last Modified: 2013-12-25
I can return a 401 error, and get the browser to bring up the authentication window, but I can't get the server to call the gateway afterward.  I would like to have the HTTP server allow access to my gateway, and pass the authentication header onto the gateway app. Then my app would perform the user db look up in its own db.  I heard that you could change the scheme from Basic to something unknown and the server would pass it along, but I haven't been able to make that happen with IIS.  Is this possible?
0
Comment
Question by:mismith
  • 2
3 Comments
 
LVL 2

Accepted Solution

by:
Philippe earned 100 total points
ID: 1828682

mismith,

there is no problem in passing authentication info to a cgi script. Consider following script. If doesn't get authentication info it will output an 401 error. This will get the browser to prompt the user for a password. In next invocation the browser will provide authentication info in the HTTP_AUTHORIZATION environment variable. Your program can then happily parse this and find out if it chooses to serve the user or not.

The script is in shell script and works with CERN httpd. Your milage may vary.

Note that you need to tell the server not to parse the headers when you generate the 401 yourself (I guess you knew that, since you already got this far). For CERN httpd you do this by setting the first three letters of the name of the script to nph (for non-parse-header).

  hope this helps,

     Philippe

#/bin/sh

if [ -n "$HTTP_AUTHORIZATION" ]
then

cat <<EOF
HTTP/1.0 200 OK
Content-type: text/html

<HTML>
<BODY>
<h2>Thank you for submitting following authorization info: </h2>
$HTTP_AUTHORIZATION
</body>
</html>
EOF

else

cat <<EOF
HTTP/1.0 401 Unauthorized
WWW-Authenticate: Basic http://www.your_host/your_directory
 
EOF

fi


0
 
LVL 2

Expert Comment

by:Philippe
ID: 1828683

mismith,

Just a small correction. Although my script works, there is no need to put any URL on the WWW-Authenticate line. The standard usage of that extra info is to specify a realm for which the password will be valid. You could thus change

WWW-Authenticate: Basic http://www.your_host/your_directory

to

WWW-Authenticate: Basic realm="wonderland"

 cheers,

   Philippe

0
 

Author Comment

by:mismith
ID: 1828684
Thanks very much for the reply, but I must not have explained myself well.

The problem I have is not in sending the 401 to the browser but getting the response back after the browser returns the user name and password.  The server sends the 401 through, but then never passes the results back onto my gateway app after the user logs in. I never did set anything to a non-parsed-header, could this be my problem? Could you explain more about the NPH? I couldn't find HTTP_AUTHORIZATION  on IIS?

I don't have a directory or file I want to protect, I just want the gateway app to ask the browser for a username and password, and then use that data to do a look up on my own database. I don't want to use the HTTP servers user-db, because frankly IIS and NT have limited scalability and flexibility and I need a db for some specific tasks.

Your comment indicates it worked for you, I am wondering if it's an IIS problem.
Thanks again for your help.
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Introduction:   Welcome to my first article ever. To begin with, the reason I write this article.  I participated in a question on Experts Exchange about the start command in Windows and there were some discussion about the usage. The discussio…
This tutorial will discuss the log-in process using WhizBase. In this article I assume you already know HTML. I will write the code using WhizBase Server Pages, so you need to know some basics in WBSP (you might look at some of my other articles abo…
Learn the basics of lists in Python. Lists, as their name suggests, are a means for ordering and storing values. : Lists are declared using brackets; for example: t = [1, 2, 3]: Lists may contain a mix of data types; for example: t = ['string', 1, T…
The viewer will learn how to dynamically set the form action using jQuery.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now