Solved

Is it possible for a gateway app to tell the HTTP to pass authentication to it?

Posted on 1997-07-02
3
211 Views
Last Modified: 2013-12-25
I can return a 401 error, and get the browser to bring up the authentication window, but I can't get the server to call the gateway afterward.  I would like to have the HTTP server allow access to my gateway, and pass the authentication header onto the gateway app. Then my app would perform the user db look up in its own db.  I heard that you could change the scheme from Basic to something unknown and the server would pass it along, but I haven't been able to make that happen with IIS.  Is this possible?
0
Comment
Question by:mismith
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 2

Accepted Solution

by:
Philippe earned 100 total points
ID: 1828682

mismith,

there is no problem in passing authentication info to a cgi script. Consider following script. If doesn't get authentication info it will output an 401 error. This will get the browser to prompt the user for a password. In next invocation the browser will provide authentication info in the HTTP_AUTHORIZATION environment variable. Your program can then happily parse this and find out if it chooses to serve the user or not.

The script is in shell script and works with CERN httpd. Your milage may vary.

Note that you need to tell the server not to parse the headers when you generate the 401 yourself (I guess you knew that, since you already got this far). For CERN httpd you do this by setting the first three letters of the name of the script to nph (for non-parse-header).

  hope this helps,

     Philippe

#/bin/sh

if [ -n "$HTTP_AUTHORIZATION" ]
then

cat <<EOF
HTTP/1.0 200 OK
Content-type: text/html

<HTML>
<BODY>
<h2>Thank you for submitting following authorization info: </h2>
$HTTP_AUTHORIZATION
</body>
</html>
EOF

else

cat <<EOF
HTTP/1.0 401 Unauthorized
WWW-Authenticate: Basic http://www.your_host/your_directory
 
EOF

fi


0
 
LVL 2

Expert Comment

by:Philippe
ID: 1828683

mismith,

Just a small correction. Although my script works, there is no need to put any URL on the WWW-Authenticate line. The standard usage of that extra info is to specify a realm for which the password will be valid. You could thus change

WWW-Authenticate: Basic http://www.your_host/your_directory

to

WWW-Authenticate: Basic realm="wonderland"

 cheers,

   Philippe

0
 

Author Comment

by:mismith
ID: 1828684
Thanks very much for the reply, but I must not have explained myself well.

The problem I have is not in sending the 401 to the browser but getting the response back after the browser returns the user name and password.  The server sends the 401 through, but then never passes the results back onto my gateway app after the user logs in. I never did set anything to a non-parsed-header, could this be my problem? Could you explain more about the NPH? I couldn't find HTTP_AUTHORIZATION  on IIS?

I don't have a directory or file I want to protect, I just want the gateway app to ask the browser for a username and password, and then use that data to do a look up on my own database. I don't want to use the HTTP servers user-db, because frankly IIS and NT have limited scalability and flexibility and I need a db for some specific tasks.

Your comment indicates it worked for you, I am wondering if it's an IIS problem.
Thanks again for your help.
0

Featured Post

Forrester Webinar: xMatters Delivers 261% ROI

Guest speaker Dean Davison, Forrester Principal Consultant, explains how a Fortune 500 communication company using xMatters found these results: Achieved a 261% ROI, Experienced $753,280 in net present value benefits over 3 years and Reduced MTTR by 91% for tier 1 incidents.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction:   Welcome to my first article ever. To begin with, the reason I write this article.  I participated in a question on Experts Exchange about the start command in Windows and there were some discussion about the usage. The discussio…
In this tutorial I will show you how to provide a dynamic RTF document on your website generated with data from your database. For this tutorial you will need Microsoft Word or WordPad, WhizBase and Microsoft Access. In this tutorial I will show …
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
In this fourth video of the Xpdf series, we discuss and demonstrate the PDFinfo utility, which retrieves the contents of a PDF's Info Dictionary, as well as some other information, including the page count. We show how to isolate the page count in a…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question