perl-asp mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Chamas <jos...@chamas.com>
Subject IE 401 Basic Auth Cache Buster ...
Date Tue, 26 Jun 2001 17:36:21 GMT
Philip Mak wrote:
> 
> How do you implement your own authentication in Apache::ASP, anyway? I
> can't seem to get it to work.
> 
> I did this:
> 
> $Response->{Status} = 401;
> $Response->AddHeader('WWW-Authenticate', 'basic realm="MyRealm"');
> 

I never personally used 401 auth because of IE's caching,
but I think I have some code to finally deal with this...
a new era begins :)  

This method (code below) entirely controls the basic auth process, 
& doesn't let Apache do any of it, including the 401 error message, 
so we can conrol the basic realm completely. It really works for IE!

The code is a very tweaked version of what was in 
dev/*.auth and dev/auth/global.asa in the ASP distribution.
I had to not use $Response->{Status} = 401, because my 
WinNT Apache would crash with this set without other 
Apache Auth directives configured.

--Josh

# .htaccess
<Files ~ (\.auth)>
	SetHandler perl-script
	PerlHandler Apache::ASP
	PerlSetVar Debug  2
	PerlSetVar Global auth
	# session restarts every 6 seconds for testing purposes
	PerlSetVar SessionTimeout .1
	PerlSetVar StateDir /tmp/asp_auth_test
</Files>

# auth/global.asa
use MIME::Base64;
use vars qw(%PASS);
%PASS = ('TEST' => 'TEST');

sub Session_OnStart {
    $Response->AppendToLog("starting session");
    $Session->{AuthID} = substr($Session->SessionID, 0, 8).rand();
}

sub Script_OnStart {
    my $auth = Apache->header_in('Authorization');
    my($user, $pass);
    if ($auth && ($auth =~ /^Basic (.*)$/i)) {
	($user,$pass) = split(/:/, decode_base64($1), 2);
	$Response->Debug("got user $user, pass $pass for basic auth"); 
    }

    if ($Session->{AuthInit} && $user && ($PASS{$user} eq $pass)) {
	$ENV{REMOTE_USER} = $user;
	$Request->ServerVariables->{REMOTE_USER} = $user;    
    } else {
	$Session->{AuthInit} = 1;
	$Response->Debug("forcing authenticate");
	$Response->AddHeader('WWW-Authenticate', 'basic realm="MyRealm-'.$Session->{AuthID}.'"');
	Apache->cgi_header_out('Status', 401);
	$Response->Write("<h2>Failed 401 Authorization</h2>");
	$Response->End;
    }
}

# authen.auth ASP script
<html><body>
Congrats!, you got in!<p>
<% 
my $env = $Request->ServerVariables();
for(sort keys %$env) {
	print "<b>$_</b>: $env->{$_}<br>\n";
}
%>
</body></html>

---------------------------------------------------------------------
To unsubscribe, e-mail: asp-unsubscribe@perl.apache.org
For additional commands, e-mail: asp-help@perl.apache.org


Mime
View raw message