qadwjoh has asked for the wisdom of the Perl Monks concerning the following question:

Is there any way you can force a browser to send REMOTE_USER? I've got a script in which I want to use it, but I don't want it to fail because REMOTE_USER hasn't been sent.

A

Replies are listed 'Best First'.
Re: Forcing REMOTE_USER
by Tomte (Priest) on Mar 09, 2004 at 12:04 UTC

    From the CGI/1.1 Specification:

    REMOTE_USER

    If the server supports user authentication, and the script is protected, this is the username they have authenticated as.

    Basically that means, that if your web-server enforces authentication to access the script in question, a browser who doesn't send accepted credentials will be denied access; if credentials are sent, it's up to the web-server to set the environment (of your script while executed) according to the specifications, which most servers will do...

    Nevertheless it's up to you to code your scripts in a way, that they behave correctly under any possible circumstances; checking an env-var isn't that complicated after all :-)

    regards,
    tomte

    Hlade's Law:

    If you have a difficult task, give it to a lazy person --
    they will find an easier way to do it.

[reply]
      I'm having a problem with IIS then.

      My script uses REMOTE_USER but checks to see if it exists beforehand. If it doesn't the script prints an error message. I've been running this script all day now, and sometimes REMOTE_USER is set, and other times it isn't.

      I'm using IIS with Integrated Windows Authentication and anonymous access with a specified user ID.

      Any ideas what's going wrong?

      A
[reply]
        I'm still not sure what you want to do.
        If you don't need authentication, disable checking for the variable. And if you have another auth mechanism apart form .htaccess then use it, maybe you don't need remote_user either? And anyway, do you _have_to_ use IIS? usually microsoft servers are more expensive than open source, and what advantage does IIS give you over apache?
[reply]
Re: Forcing REMOTE_USER
by Abigail-II (Bishop) on Mar 09, 2004 at 11:59 UTC
    Is there any way you can force a browser
    No. "Force" isn't something that's appropriate on the web. "The other side", that is, the browser and the user, do as they damn well please. If they don't want to send a piece of information, then it ain't going to happen.
    I've got a script in which I want to use it, but I don't want it to fail because REMOTE_USER hasn't been sent.
    Then code around it.

    Abigail

[reply]
Re: Forcing REMOTE_USER
by neniro (Priest) on Mar 09, 2004 at 11:55 UTC
    REMOTE_USER is always set if Apache forces an authentication, or am I wrong?
[reply]
      You are right. play a little with the .htaccess: 
      AuthUserFile /home/domain/.htpasswd
AuthGroupFile /dev/null
AuthName "The Domain restricted Area"
AuthType Basic

<Limit GET POST>
require valid-user
</Limit>

      [download]
[reply]
[d/l]
      Should have mentioned : I'm using IIS, with Integrated Windows authentication set.
[reply]

Back to Seekers of Perl Wisdom