Unable to get Remote User environment variable

Hello,

I have having trouble getting the authenticated user. I have tried getting the REMOTE_USER environment variable (using 'getenv("REMOTE_USER")' ) but retrieved nothing.

I have even printed out the 'export' result when the page is loading, and it produces the following:

export AUTH_ACL='' export AUTH_TYPE='Basic' export DOCUMENT_ROOT='/var/www/tc' export GATEWAY_INTERFACE='CGI/1.1' export HTTP_ACCEPT='text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' export HTTP_ACCEPT_CHARSET='ISO-8859-1,utf-8;q=0.7,*;q=0.7' export HTTP_ACCEPT_ENCODING='gzip,deflate' export HTTP_ACCEPT_LANGUAGE='en-us,en;q=0.5' export HTTP_AUTHORIZATION='Basic YWRtaW46YWRtaW4=' export HTTP_CONNECTION='keep-alive' export HTTP_HOST='192.168.1.87' export HTTP_IF_MODIFIED_SINCE='Sun, 04 Jan 1970 16:47:55 UTC' export HTTP_IF_NONE_MATCH='"6694-12aec-4d43c"' export HTTP_KEEP_ALIVE='115' export HTTP_REFERER='http://192.168.1.87/cn/index.cgi' export HTTP_USER_AGENT='Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 ( .NET CLR 3.5.30729)' export PATH='/usr/bin:/bin:/usr/sbin:/sbin:/usr/sbin' export PATH_INFO='' export PWD='/var/www/tc/jsw/cgi-bin' export REMOTE_ADDR='192.168.1.112' export REMOTE_HOST='192.168.1.112' export REMOTE_PORT='2689' export REQUEST_METHOD='GET' export REQUEST_TRANSPORT='http' export REQUEST_URI='/cn/tc1.cgi' export SCRIPT_FILENAME='/var/www/tc/jsw/cgi-bin/tc1.cgi' export SCRIPT_NAME='/cn/tc1.cgi' export SERVER_ADDR='' export SERVER_NAME='127.0.0.1:80' export SERVER_PORT='80' export SERVER_PROTOCOL='http' export SERVER_SOFTWARE='Embedthis-Appweb/3.2.2'

I am wondering if anyone else is having this issue?

Thank you.
sctccommAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Dave BaldwinFixer of ProblemsCommented:
This page http://appwebserver.org/products/appweb/doc.2/api/gen/appweb/esp_8js.html#e36ca11f67ad2c2373e908a34c74b8a5 says that it is rarely supplied.  Using Firefox (as you are), it is blank on IIS and Apache doesn't list it at all.
0
Dave BaldwinFixer of ProblemsCommented:
I also tried IE8, Chrome, Safari, and Opera and it's blank on IIS for all of them.
0
sctccommAuthor Commented:
Then my question is, how can user permission checking be done (based on username)?
0
10 Tips to Protect Your Business from Ransomware

Did you know that ransomware is the most widespread, destructive malware in the world today? It accounts for 39% of all security breaches, with ransomware gangsters projected to make $11.5B in profits from online extortion by 2019.

Dave BaldwinFixer of ProblemsCommented:
You have to create your own login system.  Every web site that I know of has to do that if they need to control access.  Consider that your login here on EE is different than your login elsewhere.
0
Dave BaldwinFixer of ProblemsCommented:
Also, "REMOTE_USER" like anything else in the HTTP headers can be spoofed.  If you need access control, you would not be able to count on "REMOTE_USER" being legitimate.
0
sctccommAuthor Commented:
Currently, we are using basic and digest authentication.  We have a space requirement which we do not have enough memory to maintain session information.  Thus using form-based authentication is not within the scope of this project.
0
Dave BaldwinFixer of ProblemsCommented:
What do you mean by "we are using basic and digest authentication."?  Like this? http://appwebserver.org/products/appweb/doc/guide/appweb/users/authorization.html

I logged in with Firefox to a page that I have using "Basic auth" and looked at the headers.  There isn't any username list in the request headers in any part of that transaction.  If you want a 'username', you may have to set a cookie after the user is logged in.
0
sctccommAuthor Commented:
I believe the username and password can be seen in "credentials" in the HTTP header
0
Dave BaldwinFixer of ProblemsCommented:
There is an "Authorization:" field in the request header http://en.wikipedia.org/wiki/Digest_access_authentication.  It is not listed in the server or request variables on any web server that I can find.  IIS, Apache, and AppWeb http://appwebserver.org/products/appweb/doc.2/api/gen/appweb/esp_8js.html#e36ca11f67ad2c2373e908a34c74b8a5 do not make it available to the pages/users on the server.  The only way I can see it is to use Fiddler2 to look at my network traffic.

0
sctccommAuthor Commented:
If I were to take the cookie route, how would I be able to get the username?
0
Dave BaldwinFixer of ProblemsCommented:
Good question.  I forgot that they don't login to your page but just to the webserver with Basic or Digest Auth.  I don't know at this point.
0
sctccommAuthor Commented:
I find it a little strange that they provide Authentication, but don't make the login information readily available for further processing by users.
0
Dave BaldwinFixer of ProblemsCommented:
Maybe but that appears to be standard procedure on all the web servers I've mentioned.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
sctccommAuthor Commented:
Well, thank you for you help.
0
sctccommAuthor Commented:
No actual solution presented.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Scripting Languages

From novice to tech pro — start learning today.