RE: retrieving user/password from auth

Axel Amthor (axel.amthor@interprise.de)
Sun, 13 Sep 1998 13:58:19 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Peter F. Brown: "RE: retrieving user/password from auth"
Previous message: Walter Ian Kaye: "Re: Referer header in lwp-rget"
In reply to: Peter F. Brown: "retrieving user/password from auth"
Next in thread: Marc Langheinrich: "Re: retrieving user/password from auth"

Hi,

The problem in #2 is, how browsers handle basic authentication.
i.e., the server normally *always* sends an "unauthorized" Code (401) back
to the client
when the client tries to access a restricted file. The browser then sends
back
the former stored userid/password pair he once asked for. There is no way,
to
force the browser to drop this stored userid/password pair for the entire
site
by sending an http-response. To log off from a site with basic
authentication needs
the user to terminate the complete browser session and to start over. This
is maximum
uncomfortable.
For this, i usually do a cookie based authentication. And this is the
solution for
Problem #1 as well. As you have to evaluate userid/passwort in your cgi and
give a "secret"
(the cookie), you can store this in any temporary place. You then have
several possibilities
for
* automtaically expire the cookie (cookie lifetime): The user has to
re-identify after x hours/minutes
* Force the cookie to come invalid: Log off by the user
etc.

This really is more comfortable, as you can provide a html Form for Login
and Logoff. There are
several basic routines available on the net, you do not have to code this on
your own.

hope this helps...

> -----Original Message-----
> From: libwww-perl-request@ics.uci.edu
> [mailto:libwww-perl-request@ics.uci.edu]On Behalf Of Peter F. Brown
> Sent: Samstag, 12. September 1998 19:05
> To: libwww-perl@ics.uci.edu
> Subject: retrieving user/password from auth
>
>
> Dear Folks,
>
>    Although I've been using Perl now for almost two years,
> and am doing pretty well, I am completely stumped about the
> www-authentication routines. I need to do two things with a Perl
> script accessed via the web:
>
>    1. Retrieve the username / password pair after the user has
>       gone through the .htaccess authorization process
>
>    2. Log out the user by resetting the authorization so the browser
>       no longer contains the "authorized" code, and reprompts the user
>       to enter the authorization
>
>    I've tried doing #2 with an nph-script like this, but it didn't work:
>    (the script contained only these two lines, and was named
>     "nph-logoff.cgi")
>
> 	print "HTTP/1.0 401 Unauthorized -- authentication failed\r\n";
> 	print "WWW-Authenticate: Basic realm="Test Authentication";
>
>    I tried #1, with code like this, but I think that my lack of clarity
> about objects, etc, has waylaid me:
>
> 	use LWP::UserAgent;
> 	use HTTP::Headers;
> 	$h = new HTTP::Headers;
> 	print $h->as_string;
> 	%auth = $h->authorization_basic;
> 	foreach $i (sort keys %auth)
>       	{
>         	print "$i is $auth{$i}<br>";
>         	}
>
>     I've scoured the docs in the LWP distribution, but I'm really stuck.
> Could anyone give me a clue?


Axel Amthor     Interprise Network Computing GmbH
                Witneystr. 1, 82008 Unterhaching
                mailto:axel.amthor@interprise.de
                http://www.interprise.de
                Fone: +49 (0) 89 / 61 55 95 - 30
                Fax:  +49 (0) 89 / 61 55 95 - 29

Next message: Peter F. Brown: "RE: retrieving user/password from auth"
Previous message: Walter Ian Kaye: "Re: Referer header in lwp-rget"
In reply to: Peter F. Brown: "retrieving user/password from auth"
Next in thread: Marc Langheinrich: "Re: retrieving user/password from auth"