httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dave Beach" <drbe...@rogers.com>
Subject RE: [users@httpd] R: [users@httpd] Authentication realms
Date Tue, 03 Jan 2006 16:27:30 GMT
Thanks for the message. That certainly sounds plausible to me.
 
I've temporarily worked around the problem by placing a .htaccess file in
the directories with *.wmv files, and putting "Satisfy Any" and "Allow from
all" statements in them. Pretty much defeats the purpose of the access
control, but at least I can be reasonably assured that users were
authenticated in a superior directory anyway.
 
There must be an answer to this somewhere, if I only knew where to look. If
your message does indeed describe the reason why this is happening, I'm
curious why MS wouldn't allow for authentication credentials to be passed
from the originating browser session to the new session - particularly as
it's a case of IE firing up Windows Media Player.

  _____  

From: Chris Ayoub [mailto:chris.ayoub@indpoint.com] 
Sent: January 3, 2006 10:11 AM
To: users@httpd.apache.org
Subject: Re: [users@httpd] R: [users@httpd] Authentication realms


I'm kind of jumping into the middle of this thread since I have just
subscribed recently, but I believe that if an external media player is
launched by clicking on the file, then that application will start a
different session with the server and cause re-authentication since it is
technically a new client... not sure if that helps at all, but I've seen
this before so I thought I would throw it in.

Dave Beach wrote: 

Interesting. Right-clicking and saving the file from the browser works. A

left-click to open it directly doesn't. Hmm.



-----Original Message-----

From: Sebastian Gil [mailto:sgil@ceisasp.com]

Sent: January 3, 2006 9:41 AM

To: users@httpd.apache.org

Subject: [users@httpd] R: [users@httpd] Authentication realms



Is this happening when you download the file or when you try to open it

directly from the browser? Maybe it's a problem with the media player plugin





-----Messaggio originale-----

Da: Dave Beach [mailto:drbeach@rogers.com]

Inviato: martedì 3 gennaio 2006 15.34

A: users@httpd.apache.org

Oggetto: RE: [users@httpd] Authentication realms



Thanks for the reply. I've been through the FAQ again, and don't see where

URL space is relevant (although I'm sure that's a deficiency in my

understanding).



Consider www.foo.com (hypothetically - I've just realized that's actually a

real site), and that /usr/local/apache2/htdocs is set as AuthName "bar" in

httpd.conf. Everything behaves perfectly as expected, except a link to

/usr/local/apache2/htdocs/foobar/foobar.wmv causes a re-prompt for

authentication credentials. In the client popup, the user is advised that a

password is required for www.foo.com. The link that causes this is from

/usr/local/apache2/htdocs/index.htm, and merely points to

"foobar/foobar.wmv". For every other link and file on the server,

authentication seems to be working exactly the way I would have expected.

For example, a link that points to "foobar/picture.jpg" does not cause an

authentication re-prompt.



I realize I'm repeating myself here, but I'm trying to illustrate that I'm

not sure how this is a URL space issue. I've re-looked at the FAQ again, and

made two changes - I set UseCanonicalName to off in httpd.conf, and I added

an .htaccess file in /usr/local/apache2/htdocs/foobar that simply repeats

"AuthName "bar"".



Still no joy.



I appreciate your patience; perhaps a slightly more detailed pointer would

nudge me in the right direction.







-----Original Message-----

From: Nick Kew [mailto:nick@webthing.com]

Sent: January 3, 2006 2:24 AM

To: users@httpd.apache.org

Subject: Re: [users@httpd] Authentication realms



On Monday 02 January 2006 22:57, Dave Beach wrote:

  

Hi list!



I'm having a small problem. I have basic authentication set up (httpd

v2.2.0), and it works as I would expect - except that when a user

requests a Windows Media file (wmv) from a subordinate page, the

client browser prompts again for the user's credentials.

    



That's the browser doing the prompting.  Which means the *browser* sees the

wmv file as not being within the already-authenticated area.



You need to sort out your URL space.  The internal organisation of Apache

(thngs like directories) is not relevant (except indirectly, when it affects

URL space).



There's a FAQ entry that might be relevant to you.



--

Nick Kew



---------------------------------------------------------------------

The official User-To-User support forum of the Apache HTTP Server Project.

See  <http://httpd.apache.org/userslist.html>
<URL:http://httpd.apache.org/userslist.html> for more info.

To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org

   "   from the digest: users-digest-unsubscribe@httpd.apache.org

For additional commands, e-mail: users-help@httpd.apache.org





---------------------------------------------------------------------

The official User-To-User support forum of the Apache HTTP Server Project.

See  <http://httpd.apache.org/userslist.html>
<URL:http://httpd.apache.org/userslist.html> for more info.

To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org

   "   from the digest: users-digest-unsubscribe@httpd.apache.org

For additional commands, e-mail: users-help@httpd.apache.org







---------------------------------------------------------------------

The official User-To-User support forum of the Apache HTTP Server Project.

See  <http://httpd.apache.org/userslist.html>
<URL:http://httpd.apache.org/userslist.html> for more info.

To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org

   "   from the digest: users-digest-unsubscribe@httpd.apache.org

For additional commands, e-mail: users-help@httpd.apache.org





---------------------------------------------------------------------

The official User-To-User support forum of the Apache HTTP Server Project.

See  <http://httpd.apache.org/userslist.html>
<URL:http://httpd.apache.org/userslist.html> for more info.

To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org

   "   from the digest: users-digest-unsubscribe@httpd.apache.org

For additional commands, e-mail: users-help@httpd.apache.org









  

--------------------------------------------------------------------- The
official User-To-User support forum of the Apache HTTP Server Project. See
for more info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org "
from the digest: users-digest-unsubscribe@httpd.apache.org For additional
commands, e-mail: users-help@httpd.apache.org 

Mime
View raw message