Unable to get LWP Basic Authentication to Work

sierrathedog04 has asked for the wisdom of the Perl Monks concerning the following question:

How do I know if a site is prompting me with basic authentication? I am attempting to use LWP to do basic authentication and for some reason it is not working. Running the the following script:

use HTTP::Request::Common qw(POST);
use LWP::UserAgent;
use strict;

my $ua = LWP::UserAgent->new();
my $req = POST 'http://home.sff.net/login.asp', [ username => 'jonatha
+nmark', RecordID => 4142];
print "The netloc is" , $req->url->netloc, ". ";
$ua->credentials($req->url->netloc, "home.sff.net", 'jonathanmark', 'n
+ottherealpassword');
my$content = $ua->request($req)->as_string;
print "Content is $content";
[download]

produces the following output:

The netloc is: home.sff.net. Content is HTTP/1.0 401 (Unauthorized) Ac
+cess Denied
Cache-Control: private
Date: Fri, 01 Mar 2002 01:46:04 GMT
Via: 1.1 Dyn-EH-NetCache (NetCache NetApp/5.1R2)
Server: Greyware Web Server
WWW-Authenticate: Basic realm="home.sff.net"
Content-Length: 24
Content-Type: text/html
Client-Date: Fri, 01 Mar 2002 01:48:51 GMT
Client-Peer: 208.14.208.55:80

Error: Access is Denied.
[download]

If anyone has any idea I would really appreciate it.

Comment on Unable to get LWP Basic Authentication to Work Select or Download Code

Replies are listed 'Best First'.
Re: Unable to get LWP Basic Authentication to Work by Zaxo (Archbishop) on Mar 01, 2002 at 05:34 UTC
Adapted from lwpcook and HTTP::Request::Common: `use HTTP::Request::Common qw(POST); use LWP::UserAgent; use strict; my $ua = LWP::UserAgent->new; my $req = POST 'http://home.sff.net/login.asp', Content_Type => form-data, Content => [ username=>'jonathanmark', RecordID=>'4142' ]; $req->authorization_basic('jonathanmark', 'nottherealpassword'); my $content = $ua->request($req)->as_string; print "Content is $content";` [download] This has some changes to the HTTP::Request constructor's arguments, and addition of the `&HTTP::Request::authorization_basic` call. Warning: untested. After Compline, Zaxo	[reply] [d/l]
Re: Re: Unable to get LWP Basic Authentication to Work by sierrathedog04 (Hermit) on Mar 01, 2002 at 15:45 UTC
Thanks. Your changes seemed to fix the immediate problem. I now get Content is HTTP/1.0 302 (Found) Object moved Cache-Control: private Date: Fri, 01 Mar 2002 15:37:36 GMT Via: 1.1 Dyn-EH-NetCache (NetCache NetApp/5.1R2) Location: /index.asp Server: Greyware Web Server Content-Length: 131 Content-Type: text/html Client-Date: Fri, 01 Mar 2002 15:40:21 GMT Client-Peer: 208.14.208.55:80 Set-Cookie: ASPSESSIONIDGGQQGGAJ=KOMOONBBOOGGPDKDEEPCAAOI; path=/ Title: Object moved <head><title>Object moved</title></head> <body><h1>Object Moved</h1>This object may be found <a HREF="/index.as +p">here</a>.</body> [download] There is a good chance that with some tinkering I might be able to get this thing to work. One oddity is that the object moved message does not appear when I go to login.asp interactively and enter a password. However, what I have now is a big improvement. I guess one lesson is to use `req->authorization_basic('jonathanmark', 'nottherealpassword');` [download] instead of the credentials method. Addendum: Finally got it to work. The trick turned out to be setting the referrer property so that the script seems to be coming from the page on which the form exists. use HTTP::Request::Common qw(POST); use LWP::UserAgent; use HTTP::Cookies; use strict; my $ua = LWP::UserAgent->new; $ua->cookie_jar(HTTP::Cookies->new(file => "lwpcookies.txt", autosave => 1)); for (my $i = 3543; $i < 4140; $i++) { # log in to authentication page. my $req = HTTP::Request->new(GET => 'http://www.sff.net/member/guestbo +okconfigurator.asp?jonathanmark'); $req->authorization_basic('jonathanmark', 'nottherealpassword'); my $content = $ua->request($req)->as_string; print "Login to configurator $i\n"; my $req = HTTP::Request->new(GET => 'http://www.sff.net/member/guestbo +ok.asp?jonathanmark'); $req->referer("http://www.sff.net/guestbookconfigurator.asp?jonathanma +rk"); $req->authorization_basic('jonathanmark', 'nottherealpassword'); my $content = $ua->request($req)->as_string; print "retrieved guestbook $i\n"; #delete an entry my $req = POST 'http://www.sff.net/guestbook.asp', Content => [ GuestbookName=>'jonathanmark', RecordID=>"$i", Button=>'Delete this Entry' ]; $req->referer("http://www.sff.net/guestbook.asp?jonathanmark"); $req->authorization_basic('jonathanmark', 'nottherealpassword'); my $content = $ua->request($req)->as_string; print "deleted $i\n"; } [download]	[reply] [d/l] [select]
Re: Re: Re: Unable to get LWP Basic Authentication to Work by rjray (Chaplain) on Mar 01, 2002 at 22:05 UTC
You don't see the "Object Moved" message from your browser because there is also a redirect header in that response, and the browser follows that. Have a closer look at how the LWP::UserAgent handleds request chains, especially in terms of examining what you get back as a response. The response object you were originally getting, for example, would tell you that you needed to provide authentication credentials, and also told you the "realm" for which it was expecting you to authenticate. Browsers manage this hand-shaking behind the scenes for you. Generally, I would have expected LWP::UserAgent to have followed the redirect to the new location, but it may be that with the POST data it consciously doesn't do so (I don't know for certain on this point). Still, you can use the `Location:` header to determine the new URL, and send the same content-body to the new location. If you created an actual HTTP::Request object to pass to the useragent object (as opposed to creating a throw-away instance within the parameter list to `$US->request()`), you can re-assign the request's URL using the `->uri($new_uri)` method as detailed in the manual page. --rjray	[reply]