mismith
asked on
Is it possible for a gateway app to tell the HTTP to pass authentication to it?
I can return a 401 error, and get the browser to bring up the authentication window, but I can't get the server to call the gateway afterward. I would like to have the HTTP server allow access to my gateway, and pass the authentication header onto the gateway app. Then my app would perform the user db look up in its own db. I heard that you could change the scheme from Basic to something unknown and the server would pass it along, but I haven't been able to make that happen with IIS. Is this possible?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks very much for the reply, but I must not have explained myself well.
The problem I have is not in sending the 401 to the browser but getting the response back after the browser returns the user name and password. The server sends the 401 through, but then never passes the results back onto my gateway app after the user logs in. I never did set anything to a non-parsed-header, could this be my problem? Could you explain more about the NPH? I couldn't find HTTP_AUTHORIZATION on IIS?
I don't have a directory or file I want to protect, I just want the gateway app to ask the browser for a username and password, and then use that data to do a look up on my own database. I don't want to use the HTTP servers user-db, because frankly IIS and NT have limited scalability and flexibility and I need a db for some specific tasks.
Your comment indicates it worked for you, I am wondering if it's an IIS problem.
Thanks again for your help.
The problem I have is not in sending the 401 to the browser but getting the response back after the browser returns the user name and password. The server sends the 401 through, but then never passes the results back onto my gateway app after the user logs in. I never did set anything to a non-parsed-header, could this be my problem? Could you explain more about the NPH? I couldn't find HTTP_AUTHORIZATION on IIS?
I don't have a directory or file I want to protect, I just want the gateway app to ask the browser for a username and password, and then use that data to do a look up on my own database. I don't want to use the HTTP servers user-db, because frankly IIS and NT have limited scalability and flexibility and I need a db for some specific tasks.
Your comment indicates it worked for you, I am wondering if it's an IIS problem.
Thanks again for your help.
mismith,
Just a small correction. Although my script works, there is no need to put any URL on the WWW-Authenticate line. The standard usage of that extra info is to specify a realm for which the password will be valid. You could thus change
WWW-Authenticate: Basic http://www.your_host/your_directory
to
WWW-Authenticate: Basic realm="wonderland"
cheers,
Philippe