Basic HTTP Authentication

garyk83 has asked for the wisdom of the Perl Monks concerning the following question:

Hi Monks, I am working on a script that requires a HTTP htaccess style prompt to authenticate a user, and if the username and password do not match to then check them using LDAP. Currently the script uses a form and LDAP so that part is working fine, It is just a matter of adding the password prompt.

I have attempted the suggestion on this post Re: htaccess through perl without apache. I now get a password prompt but found that REMOTE_USER and REMOTE_PASSWD were not present in $ENV. Is someone able to help me find a way to get the username and password that is entered at the prompt.

Any help is much appreciated.
Thanks,
Gary

Comment on Basic HTTP Authentication

Replies are listed 'Best First'.
Re: Basic HTTP Authentication by tachyon-II (Chaplain) on Nov 26, 2007 at 02:17 UTC
This is a server issue. Your code, via the server, sends the 401 Authentication Required Header. The browser responds to this with the prompt and it sends this data to the server.....all good so far. Now If you can't see it either the browser is not sending it (highly unlikely), the server is not making it available or you are looking in the wrong place. As a sanity check I would dump the contents of %ENV just to see if the data is there. `print '<pre>',map{"$_ => $ENV{$_}\n"}keys %ENV, '</pre>';` [download]	[reply] [d/l]
Re^2: Basic HTTP Authentication by garyk83 (Initiate) on Nov 26, 2007 at 03:37 UTC
Hi tachyon-II, I tried printing out all the results in $ENV and there was no REMOTE_USER or REMOTE_PASSWD in the printed results, I tested in Internet Explorer as well as Mozilla Firefox. Could there be something that needs enabling in apache to allow for the REMOTE_USER and REMOTE_PASSWD variables to be shown? Thanks, Gary	[reply]
Re^3: Basic HTTP Authentication by merlyn (Sage) on Nov 26, 2007 at 03:48 UTC
Could there be something that needs enabling in apache to allow for the REMOTE_USER and REMOTE_PASSWD variables to be shown? Yes, it's my understanding that you have to use the basic auth Apache stuff. No level of triggering it from a user program will work, as noted in that 4-year-old thread you referenced as well. It doesn't do any good to trigger an "auth required" status from a CGI script. For Apache 2, the relevant module is mod_auth_basic, and numerous tutorials exist about how to configure it. -- Randal L. Schwartz, Perl hacker	[reply]
Re^3: Basic HTTP Authentication by Gangabass (Vicar) on Nov 26, 2007 at 04:26 UTC
You can try to log your session with LiveHTTPHeaders. I think this can help you to find the problem.	[reply]
Re^4: Basic HTTP Authentication by localfilmmaker (Novice) on Nov 26, 2007 at 05:23 UTC
Re: Basic HTTP Authentication by jhourcle (Prior) on Nov 26, 2007 at 15:12 UTC
If you're trying to do basic HTTP authentication against an LDAP server, I'd recommend mod_auth_ldap, rather than trying to roll your own.	[reply]
Re: Basic HTTP Authentication by Anonymous Monk on Nov 26, 2007 at 07:30 UTC
Try adding NPH header. Refer to apache document for troubleshoot.	[reply]