peterbrown
asked on
Why does .htaccess ask for a second password box with Windows Media Player pages?
Hi,
I've run into a peculiar problem. After setting up .htaccess in a directory, and then pointing my browser to it, I get asked for a username and password. All well and good.
Then, with an index.html page in front of me, this happens:
- if I click on a link to a page in the same dir, with straight html in the sub page, I don't get asked for a password again. Again, all well and good.
- However --- if I click on a link to a page in the same dir that has some Windows Media Player code in it, it pops up a second username/password htaccess box. The second box is slightly different, and has what looks like a media graphic icon on it. After plugging in the username/password again, the media file plays.
So -- why does it demand the login a second time, and how can we edit the apache httpd.conf file, or the .htaccess file to eliminate the second login?
Thanks!
Peter F. Brown (the html/media code snippet is pasted below)
.............
<!-- <OBJECT classid=CLSID:22d6f312-b0f
height=120 id=MediaPlayer type=application/x-oleobje
width=160
standby="Loading Windows Media Player components..."> -->
<OBJECT ID="MediaPlayer" WIDTH=160 HEIGHT=120
CLASSID="CLSID:22D6f312-B0
STANDBY="Loading Windows Media Player components..."
TYPE="application/x-oleobj
<!-- ----------- 2 of 4 change below file name ------------- -->
<PARAM NAME="FileName" VALUE="es_q2.asx">
<PARAM NAME="AutoStart" VALUE="1">
<PARAM NAME="ShowControls" VALUE="0">
<PARAM NAME="ShowStatusBar" VALUE="0">
<PARAM NAME="ShowDisplay" VALUE="0">
<!-- ----------- 3 of 4 change below file name ------------- -->
<embed type="application/x-mplaye
src="es_q2.asx"
width=160 height=120
autostart=1
showcontrols=0
showstatusbar=0
showdisplay=0>
</embed>
</OBJECT>
--------------------------
I've run into a peculiar problem. After setting up .htaccess in a directory, and then pointing my browser to it, I get asked for a username and password. All well and good.
Then, with an index.html page in front of me, this happens:
- if I click on a link to a page in the same dir, with straight html in the sub page, I don't get asked for a password again. Again, all well and good.
- However --- if I click on a link to a page in the same dir that has some Windows Media Player code in it, it pops up a second username/password htaccess box. The second box is slightly different, and has what looks like a media graphic icon on it. After plugging in the username/password again, the media file plays.
So -- why does it demand the login a second time, and how can we edit the apache httpd.conf file, or the .htaccess file to eliminate the second login?
Thanks!
Peter F. Brown (the html/media code snippet is pasted below)
.............
<!-- <OBJECT classid=CLSID:22d6f312-b0f
height=120 id=MediaPlayer type=application/x-oleobje
width=160
standby="Loading Windows Media Player components..."> -->
<OBJECT ID="MediaPlayer" WIDTH=160 HEIGHT=120
CLASSID="CLSID:22D6f312-B0
STANDBY="Loading Windows Media Player components..."
TYPE="application/x-oleobj
<!-- ----------- 2 of 4 change below file name ------------- -->
<PARAM NAME="FileName" VALUE="es_q2.asx">
<PARAM NAME="AutoStart" VALUE="1">
<PARAM NAME="ShowControls" VALUE="0">
<PARAM NAME="ShowStatusBar" VALUE="0">
<PARAM NAME="ShowDisplay" VALUE="0">
<!-- ----------- 3 of 4 change below file name ------------- -->
<embed type="application/x-mplaye
src="es_q2.asx"
width=160 height=120
autostart=1
showcontrols=0
showstatusbar=0
showdisplay=0>
</embed>
</OBJECT>
--------------------------
ASKER
Hi Samri,
Thanks... however, I've resolved all those issues, and have already referenced the urls you mention, including the item on CanonicalName = off (which resolved the immediate second box -- however, we still have the box pop up when an html file with media is clicked on).
There aren't any <Files> directives in the httpd.conf file that are referring to media files. Perhaps there should be -- in a positive sense.
It would seem that the httpd.conf file is the culprit, but I haven't seen anything that refers to media files in relation to htaccess.
Still looking for a solution....
Thanks,
Peter
Thanks... however, I've resolved all those issues, and have already referenced the urls you mention, including the item on CanonicalName = off (which resolved the immediate second box -- however, we still have the box pop up when an html file with media is clicked on).
There aren't any <Files> directives in the httpd.conf file that are referring to media files. Perhaps there should be -- in a positive sense.
It would seem that the httpd.conf file is the culprit, but I haven't seen anything that refers to media files in relation to htaccess.
Still looking for a solution....
Thanks,
Peter
Peter,
Could you try to isolate the problem. If possible, try to disable authentication on the folder, ie. rename .htaccess to something else (maybe htaccess-saved)., and try to emulate the steps. You might need to close all browser, and reopen (since the credential are cached for that session).
All I am trying get is, whether the password box will still pops apprear or not.
If it is still, I would suspect that there much be some ACL defined somewhere (maybe the Files, Location, LocationMatch, etc). Check or any .htaccess files which might be lying around somewhere withing those sub-folders.
By the way, whem you mention the 2nd password box, did you use the same username/password combination to go thru?
cheers
Could you try to isolate the problem. If possible, try to disable authentication on the folder, ie. rename .htaccess to something else (maybe htaccess-saved)., and try to emulate the steps. You might need to close all browser, and reopen (since the credential are cached for that session).
All I am trying get is, whether the password box will still pops apprear or not.
If it is still, I would suspect that there much be some ACL defined somewhere (maybe the Files, Location, LocationMatch, etc). Check or any .htaccess files which might be lying around somewhere withing those sub-folders.
By the way, whem you mention the 2nd password box, did you use the same username/password combination to go thru?
cheers
ASKER
Dear Samri,
Yes, we've disabled it (the password box doesn't pop up) and checked sub-folders. And yes, the user/pass combo is the same. We've also checked the 3 .conf files in the httpd.conf directory and haven't found anything strange.
A consultant friend suggested that Windows Media Player checks the .htaccess files by itself, without registering that the browser has already approved the directory.
Still looking for a solution :-)
Peter
Yes, we've disabled it (the password box doesn't pop up) and checked sub-folders. And yes, the user/pass combo is the same. We've also checked the 3 .conf files in the httpd.conf directory and haven't found anything strange.
A consultant friend suggested that Windows Media Player checks the .htaccess files by itself, without registering that the browser has already approved the directory.
Still looking for a solution :-)
Peter
Peter,
>>A consultant friend suggested that Windows Media Player checks the .htaccess files by itself, without registering that the browser has already approved the directory.
It's kinda strange.
Anyway, if the .htaccess is totally disable how did the WMP could perform user authentication.
Another thing to try is checking you .htaccess for "Satisfy" directive, and try to use "Satisfy any". This would be as good as "no" authentication since any client from "Allow from aa.bb.cc.dd" or have valid username/password would be allowed access. But this is for testing only.
Within your HTML code of Javascript (or any code at all) does it call/load an external code from a different dir (or the same directory) buy by different URL ref (remember http://www.domain.com/code.js, and http://domain.com/code.js is different, and will cause re-Authentication) - Just checking.
Other than that I am pretty much stucked myself.
>>A consultant friend suggested that Windows Media Player checks the .htaccess files by itself, without registering that the browser has already approved the directory.
It's kinda strange.
Anyway, if the .htaccess is totally disable how did the WMP could perform user authentication.
Another thing to try is checking you .htaccess for "Satisfy" directive, and try to use "Satisfy any". This would be as good as "no" authentication since any client from "Allow from aa.bb.cc.dd" or have valid username/password would be allowed access. But this is for testing only.
Within your HTML code of Javascript (or any code at all) does it call/load an external code from a different dir (or the same directory) buy by different URL ref (remember http://www.domain.com/code.js, and http://domain.com/code.js is different, and will cause re-Authentication) - Just checking.
Other than that I am pretty much stucked myself.
ASKER
Dear Samri,
Thanks for trying :-)
Still looking ... anyone else have an idea?
Cheers,
Peter
Thanks for trying :-)
Still looking ... anyone else have an idea?
Cheers,
Peter
Your consultant friend is right!
I have the same thing on my box..
I logon to the webserver through a browser and click an mp3.
Mediaplayer then pops up a user/pass box as well.
When associating mp3 with winamp the file isn't even run/served and winamp doesn't start.
I have no solution but i thoght i'd let you know.
I have the same thing on my box..
I logon to the webserver through a browser and click an mp3.
Mediaplayer then pops up a user/pass box as well.
When associating mp3 with winamp the file isn't even run/served and winamp doesn't start.
I have no solution but i thoght i'd let you know.
No comment has been added lately, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area with the following recommendation for this question:
PAQ/Refund
Please leave any comments here within the next seven days.
PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!
periwinkle
EE Cleanup Volunteer
I will leave a recommendation in the Cleanup topic area with the following recommendation for this question:
PAQ/Refund
Please leave any comments here within the next seven days.
PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!
periwinkle
EE Cleanup Volunteer
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
One of the reason why that is happening is due to different host is used in the URL for accessing the page. For example if you are originally visited the page by http://www.somewhere.com/something.html, you get the first passwd box, and you will be fine is you move around the site www.somewhere.com, but if the link for the media is somehow changed to http://somewhere.com/media.avi (for example), or http://1.2.3.4/media.avi, you will (definitely) be prompted for another password box.
Check Apache FAQ,
http://httpd.apache.org/docs/misc/FAQ.html
Might be directly related to your problem.
http://httpd.apache.org/docs/misc/FAQ.html#prompted-twice
BAsed on you explanation, the password box has a different "caption" to it. Most likely, there is a portion of your apache configuration that control access to media files. Check your apache configuration (/usr/local/apache/conf/ht
Another place to look for is the .htaccess files itself. Remember that the AUthentication, and Authorization can be confiured in httpd.conf, or the .htaccess file for each directories.
More information:
http://httpd.apache.org/docs-2.0/howto/auth.html
What is your OS/Apache version btw?
If on Unix, you might need root access to tweak your httpd.conf. If your acl is configured at .htaccess files, then any user that has read-write access to the dirs (and the .htaccess file) should be able to modify the file.
cheers.