htaccess insight 1

[thendal]

Hi all!

First pardon me for my limited knowledge with htaccess.

I have a site protected by htaccess. when users enters the site it prompts for its username passowrd its authenticate and stores auth in browser session enable users to access all other pages in that protected directory.

When user logged in through say portal app. As i can have thier username password is there a way i can programmatically set browser cache ie) the user is an authorized user to access htaccess protected page so the user doesn't have to enter the username/password again.

Or in other words can i programmtically set users browser cache to access a htaccess protected page.

As i don't know how exactly htaccess work and how it sets in cache in the browser session i don;t know how to make it work.

Any insight will be helpfull.

Thank you.

Cheers,
T

 

[siberian]

Its not a cache, its a header that is sent on each subsequent request after you authenticate.

Yes you can insert this static header into your app. It looks like this :

Authorization: Basic Y2xhbXM6Y2hvd2Rlcg==

That gibberish on the end is the encoded authentication information returned after you login.

The best way to find this header value is to create a username/password for the portal. Login as that user to the webapp and have a script that prints out the headers you sent. You can grab it right from that list.

Some examples and deeper analysis/workflow can be seen here:

http://zowie.metnet.navy.mil/~spawar/JMV-TNG/Met-Cast-HTTP.html#auth-auth

 

[thendal]

Thanks Siberian, Thats what exactly i am looking for...

But the problem i am having now is set up the basic auth in the header i tried some thing like this....

please excuse me if its dumb idea....

#!/usr/bin/perl
use CGI;
use HTTP::Headers;
$op=new CGI;
$h = HTTP::Headers->new;
$h->authorization_basic('username', 'password');
print $op->redirect('[URL unfurl="true"]http://www.some-domain.com/htaccessprotected/frames.html');[/URL]

it didn't work ...any advice will be greatly appericated.

 

[siberian]

You probably can not do this with a redirect.

This is a because a redirect signals to the browser 'now load this other page' and the browser disconnects from your system and loads the new page.

Since the browser in this case did not generate the Basic credentials it will not forward them on subsequent requests.

Your only way to really handle this is to proxy the connection for the user. Then you can send the credentials back and forth.

 

[thendal]

Thanks Siberian, I tried without redirecting something like this ...

#!/usr/bin/perl
use CGI;
use HTTP::Headers;
$h = HTTP::Headers->new;
$h->authorization_basic('username', 'password'); 
$op=new CGI;
print $op->header;
print "This is Test";

it didn't work .

also how to proxy a connection for a user in perl...i never did this before any resources will help me...

Thank you.

 

[siberian]

Your creating an HTTP::Headers object but you never send it so it just sits there.

At this point I do not think you will be able to do what you want to do. Every request needs to contain the authorization headers and unless your browser sets them it will not send them.

 

[thendal]

Thats true. Is there any alternative?

How i can send headers to the browser.

all i know of is set the content-type for a page...

use CGI;
$op=new CGI;
print $op->header;

....

 

[siberian]

You can send headers to the browser but sending it the login header object is useless, that is something the browser sends to the server.

The browser will not accept credentials as input and then spit them back out. The browser generates the headers.

If you had a proxy app you could have the browser connect normally to the proxy app, the app then makes the re-request with the added Basic: header and then relays the content back to the browser.

But remember, its the BROWSER that sets the credentials, not the server..

 

[thendal]

Thanks Siberian. I will try it out.

 

[maverick]

I use a cgi called AccessManager
and ever since
I have had no problems and it works great !

hth

--------------------------------------
"Hacker by Heart"
saenzcorp@hotpop.com

 

[siberian]

That will work if the browser is connecting to your site.

But my understanding here is that tehndal wants his site (

http://www.site1.com)

to set the authentication for the browser when it visits site 2 (

http://www.site2.com).

I don't think access manager will do that.

 

[thendal]

I have solved the issue by installing mod_auth_cookie module.

http://www.raburton.lunarpages.com/apache/mod_auth_cookie/

Maverik can you provide some url for accessManager i would like to take a look into it.

Cheers,
T

 

[maverick]

Sorry,

http://www.indexsoft.com/passmanagerpro/index.px

I have been on vacation...

hth

+--------------------------+
| "Hacker by Heart" |
| Yahoo! : saenzcorp |
+--------------------------+

 

[newbie35]

I too wish to redirect with authentication. Currently I can send a page from a protected directory to a browser but I wish to have the browser reposition its path inside the protected directory. To just display:

$text=file("[URL unfurl="true"]http://user:password@domain.com/protected.page.html);[/URL]
foreach ($text as $line)
 {
  print $line;
 }

This just displays but does not reposition browser path. Has anyone solved this problem? Thanks.