Solved

Re-Authorization

Posted on 1997-10-19
9
212 Views
Last Modified: 2013-12-25
I'm using NCSA web server and diretory authorization in use
of htpasswd. Problem is that Once the user logged-in, He can
 not change the user id except exiting netscape.
Here is the Question.
How can the user re-logon or chane(Re-displaying log-on  dialog) user id whenever he wants?
0
Comment
Question by:molla051997
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
  • +1
9 Comments
 
LVL 4

Expert Comment

by:johnt082197
ID: 1855301
I dunno the answer, but you'll note the problem is the same with experts exchange :)
0
 
LVL 1

Expert Comment

by:gabsi
ID: 1855302
User will have to re-enter his password only if he has to access a file that is not allowed to his first login.

0
 
LVL 3

Expert Comment

by:gwalters
ID: 1855303
I did it once.  Basically implemented a "logout" CGI.  When the user clicked on it, the next click caused a re-authentication, even though they were accessing the same directory they had been the whole "session".

I'll give you details if and when you reject the current answer.
0
Resolve Critical IT Incidents Fast

If your data, services or processes become compromised, your organization can suffer damage in just minutes and how fast you communicate during a major IT incident is everything. Learn how to immediately identify incidents & best practices to resolve them quickly and effectively.

 
LVL 1

Expert Comment

by:gabsi
ID: 1855304
I will be really interrested by the solution of gwalters.
Authentification has no thing to deal with CGI's or other server side installed programs.
The mechanism is the following:
When the server recieve a request for a protected URL, it asks the client for identification.
If the client has it gives what it knows.
If that does not satisfy the server requierement (or if the client has none), the client asks the user for identification (or RE-).

SO I dont see how a logout CGI will change the client side informations.

0
 
LVL 3

Expert Comment

by:gwalters
ID: 1855305
If you're so interested in my answer, why didn't you submit this as a COMMENT?  Now it's locked again!

0
 
LVL 1

Expert Comment

by:gabsi
ID: 1855306
Sorry gwalter, it is a mistake, sincerly.
0
 

Author Comment

by:molla051997
ID: 1855307
gwalerts!! give me deatailed answer
0
 
LVL 3

Accepted Solution

by:
gwalters earned 50 total points
ID: 1855308
OK, it's a kludge, but it worked for me:

The logout CGI did the following:

1) Send something to the browser telling the user they logged out (i.e. "Content-type: text/html\n\nLogout successful").
2) Fork a new process.  Old process dies (telling NCSA the cgi is done), new process should close stdin and stdout for the same reason.  I may have done these close() statements before the fork; I can't remember (can't find the sourcecode).
3) New process creates a new .htpasswd file with the user's entry changed or absent, then sleeps for a certain period of time.
4) New process creates a new .htpasswd file with the user's entry restored.

As long as user requests a protected document between steps 3 and 4 (adjust the sleep time as appropriate), the browser will detect the failure on the username/password that, until now, worked.  This will cause a new prompt.

Notes:
1) It's not really a logout, of course (since there was never a "login").  The user must request a document between steps 3 and 4 to get the prompt.  If they wait until after step 4, the browser will use the old authentication info.  You may be able to do a javascript or http-refresh trick to force the browser to request a protected document after logging out.
2) If this is to be used by a lot of people, you better use some kind of file locking.  Your first instinct may be to create a backup .htaccess in step 3, then just copy it in step 4.  This won't work, however, if more than one person is "logged out" at a given time.

Sorry I can't find my source code.  I'm still looking.


0
 

Author Comment

by:molla051997
ID: 1855309
gwalters, If you succeed in finding source code, Notify me.
0

Featured Post

Report: Liquid Web beats Amazon, Rackspace & More

A study by performance analyst firm Cloud Spectator finds that Liquid Web beats rivals Amazon, Rackspace and DigitalOcean when it comes to website and cloud application performance.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
how can i make amazon approved mobile url 4 55
Why "Mobile First"? 5 63
ASP.NET data base connection 35 95
Set a parameter in a properties file and use in html table. 14 59
Learn by example how to specify CSS selectors for Selenium WebDriver test automation software.
There’s a good reason for why it’s called a homepage – it closely resembles that of a physical house and the only real difference is that it’s online. Your website’s homepage is where people come to visit you. It’s the family room of your website wh…
This video teaches users how to migrate an existing Wordpress website to a new domain.
The viewer will get a basic understanding of what section 508 compliance can entail, learn about skip navigation links, alt text, transcripts, and font size controls.

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question