Unable to get Remote User environment variable

Hello,

I have having trouble getting the authenticated user. I have tried getting the REMOTE_USER environment variable (using 'getenv("REMOTE_USER")' ) but retrieved nothing.

I have even printed out the 'export' result when the page is loading, and it produces the following:

export AUTH_ACL='' export AUTH_TYPE='Basic' export DOCUMENT_ROOT='/var/www/tc' export GATEWAY_INTERFACE='CGI/1.1' export HTTP_ACCEPT='text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' export HTTP_ACCEPT_CHARSET='ISO-8859-1,utf-8;q=0.7,*;q=0.7' export HTTP_ACCEPT_ENCODING='gzip,deflate' export HTTP_ACCEPT_LANGUAGE='en-us,en;q=0.5' export HTTP_AUTHORIZATION='Basic YWRtaW46YWRtaW4=' export HTTP_CONNECTION='keep-alive' export HTTP_HOST='192.168.1.87' export HTTP_IF_MODIFIED_SINCE='Sun, 04 Jan 1970 16:47:55 UTC' export HTTP_IF_NONE_MATCH='"6694-12aec-4d43c"' export HTTP_KEEP_ALIVE='115' export HTTP_REFERER='http://192.168.1.87/cn/index.cgi' export HTTP_USER_AGENT='Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 ( .NET CLR 3.5.30729)' export PATH='/usr/bin:/bin:/usr/sbin:/sbin:/usr/sbin' export PATH_INFO='' export PWD='/var/www/tc/jsw/cgi-bin' export REMOTE_ADDR='192.168.1.112' export REMOTE_HOST='192.168.1.112' export REMOTE_PORT='2689' export REQUEST_METHOD='GET' export REQUEST_TRANSPORT='http' export REQUEST_URI='/cn/tc1.cgi' export SCRIPT_FILENAME='/var/www/tc/jsw/cgi-bin/tc1.cgi' export SCRIPT_NAME='/cn/tc1.cgi' export SERVER_ADDR='' export SERVER_NAME='127.0.0.1:80' export SERVER_PORT='80' export SERVER_PROTOCOL='http' export SERVER_SOFTWARE='Embedthis-Appweb/3.2.2'

I am wondering if anyone else is having this issue?

Thank you.
sctccommAsked:
Who is Participating?
 
Dave BaldwinFixer of ProblemsCommented:
Maybe but that appears to be standard procedure on all the web servers I've mentioned.
0
 
Dave BaldwinFixer of ProblemsCommented:
This page http://appwebserver.org/products/appweb/doc.2/api/gen/appweb/esp_8js.html#e36ca11f67ad2c2373e908a34c74b8a5 says that it is rarely supplied.  Using Firefox (as you are), it is blank on IIS and Apache doesn't list it at all.
0
 
Dave BaldwinFixer of ProblemsCommented:
I also tried IE8, Chrome, Safari, and Opera and it's blank on IIS for all of them.
0
Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

 
sctccommAuthor Commented:
Then my question is, how can user permission checking be done (based on username)?
0
 
Dave BaldwinFixer of ProblemsCommented:
You have to create your own login system.  Every web site that I know of has to do that if they need to control access.  Consider that your login here on EE is different than your login elsewhere.
0
 
Dave BaldwinFixer of ProblemsCommented:
Also, "REMOTE_USER" like anything else in the HTTP headers can be spoofed.  If you need access control, you would not be able to count on "REMOTE_USER" being legitimate.
0
 
sctccommAuthor Commented:
Currently, we are using basic and digest authentication.  We have a space requirement which we do not have enough memory to maintain session information.  Thus using form-based authentication is not within the scope of this project.
0
 
Dave BaldwinFixer of ProblemsCommented:
What do you mean by "we are using basic and digest authentication."?  Like this? http://appwebserver.org/products/appweb/doc/guide/appweb/users/authorization.html

I logged in with Firefox to a page that I have using "Basic auth" and looked at the headers.  There isn't any username list in the request headers in any part of that transaction.  If you want a 'username', you may have to set a cookie after the user is logged in.
0
 
sctccommAuthor Commented:
I believe the username and password can be seen in "credentials" in the HTTP header
0
 
Dave BaldwinFixer of ProblemsCommented:
There is an "Authorization:" field in the request header http://en.wikipedia.org/wiki/Digest_access_authentication.  It is not listed in the server or request variables on any web server that I can find.  IIS, Apache, and AppWeb http://appwebserver.org/products/appweb/doc.2/api/gen/appweb/esp_8js.html#e36ca11f67ad2c2373e908a34c74b8a5 do not make it available to the pages/users on the server.  The only way I can see it is to use Fiddler2 to look at my network traffic.

0
 
sctccommAuthor Commented:
If I were to take the cookie route, how would I be able to get the username?
0
 
Dave BaldwinFixer of ProblemsCommented:
Good question.  I forgot that they don't login to your page but just to the webserver with Basic or Digest Auth.  I don't know at this point.
0
 
sctccommAuthor Commented:
I find it a little strange that they provide Authentication, but don't make the login information readily available for further processing by users.
0
 
sctccommAuthor Commented:
Well, thank you for you help.
0
 
sctccommAuthor Commented:
No actual solution presented.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.