realbasic-nug
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Web Server Authentication? How?

from Adam Shirey [Bookmark Link]
To: "REALbasic NUG" <realbasic-nug at lists dot realsoftware dot com>
Subject: Re: Web Server Authentication? How?
From: "Adam Shirey" <adam dot shirey at gmail dot com>
Date: Thu, 17 May 2007 09:14:29 -0500
Delivered-to: listarchive at realsoftware dot com
Delivered-to: realbasic-nug at lists dot realsoftware dot com
References: <004901c79814$74091a70$800101df at stevemacpro> 
This is actually something I hope to add to Inline HTTP (shameless
plug: 
www.rblibrary.com/rblibrary/index.php?main_page=product_info&products_id=75)
soon.

The way I understand it is that the server, when it knows it needs to
authenticate, sends along with its header the WWW-Authenticate value
with a type and a realm name. For example, WWW-Authenticate: Basic
realm="Clients". There is also a "Digest" authentication type that is
more secure.

Such a transaction is still essentially atomic in nature; viz., the
client connects to the server and requests a page, and the server
responds with a message. However, since authentication is required,
the server's message has no body, and the header includes the
WWW-Authenticate name/value pair.

The response header from the client (for basic authentication) is of
the format "Authorization: Basic base64encoding" where base64encoding
is the result of EncodeBase64( username + ":" + password ).

For example, if your username is "stephen" and password is
"secretp at ss", you would encode "stephen:secretp at ss", giving you
"c3RlcGhlbjpzZWNyZXRwQHNz". Therefore, the header is:

Authorization: Basic c3RlcGhlbjpzZWNyZXRwQHNz

I still need to work out the issue of sending the proper info to the
client (web browser) to induce it to prompt for the username/password.
Once I get that taken care of, I'll be sure to let you know.



Regards,
-Adam




On 5/16/07, Stephen Koger <steve dot koger at m-a-c-s dot com> wrote:
> I am wanting to write a very simple webserver,  that requires
> authenticatioin to access a users pages.  That is the part that I am stuck
> on.  I don't seem to be able to send a header back to the browser to get it
> to display an authentication box.  I want to tackle that before moving on to
> receiving back their response.
>
>
>
> I captured the below header sent from a server that I have to login to.
> Tried to send this to a browser as response to a request for a page.  Got no
> response.
>
>
>
> HTTP/1.1 401 Authorization Required
>
> Date: Wed, 16 May 2007 23:01:54 GMT
>
> Server: Apache/1.3.33 (Darwin) mod_ssl/2.8.24 OpenSSL/0.9.7l PHP/4.4.4
>
> WWW-Authenticate: Basic realm="Clients"
>
> Connection: close
>
> Content-Type: text/html; charset=iso-8859-1
>
>
>
>
>
> Can any of you Web Gurus give me a hint to get me started?
>
>
>
> Stephen
>
>
>
>
>
>
>
> _______________________________________________
> Unsubscribe or switch delivery mode:
> <http://www.realsoftware.com/support/listmanager/>
>
> Search the archives:
> <http://support.realsoftware.com/listarchives/lists.html>
>


-- 
-Adam
dingostick.com
_______________________________________________
Unsubscribe or switch delivery mode:
<http://www.realsoftware.com/support/listmanager/>

Search the archives:
<http://support.realsoftware.com/listarchives/lists.html>
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Custom format, Eric Richards
Next by Date:  Re: For/next and array ubounds: optimising performance, James Sentman
Previous by Thread:  Web Server Authentication? How?, Stephen Koger
Next by Thread:  Plugin madness: plugin not recognized and built app shows runtime error, Peter K. Stys
Indexes:  [Date] [Thread] [Top] [All Lists]