mak has asked for the wisdom of the Perl Monks concerning the following question:

Hi,

I am trying to use credentials method of UserAgent. Can someone please take a look at the small code belowe and tell me what I am doing wrong? Also, what are $netloc and $realm in
$ua->credentials($netloc, $realm, $uname, $pass)

Thanks in advance,
Mak 
# Create a user agent object
  use LWP::UserAgent;
  $ua = new LWP::UserAgent;
  $ua->agent("AgentName/0.1 " . $ua->agent);

  # Create a request
  my $req = new HTTP::Request POST=> 'http://www.genesisreports.com/ge
+nesis/user/mypage.asp';

  # Pass request to the user agent and get a response back
  $ua->credentials('http://www.genesisreports.com/genesis/user/mypage.
+asp', 'admin', 'username', 'password');
  
  my $res = $ua->request($req);
  print $req->as_string();
  # Check the outcome of the response
  if ($res->is_success) {
      print $res->content;
  } else {
      print "Bad luck this time\n";
  }

[download]

Replies are listed 'Best First'.
Re: Using credentials method of UserAgent
by traveler (Parson) on May 19, 2001 at 01:17 UTC
    Short answer:
    realm shows up in the auth dialog box the user sees telling him/her to what he/she is authenticating (e.g. $realm="mail at genesisreports.com"; in the case of (at least) 'basic' auth
    One often uses:
     
my $netloc = new URI::URL($url)->netloc();

    [download]
    to find the netloc. It is the "Authority" part of the URI which is the host and port.

    Longer Answer:
    From RFC 2617:"<quote> The realm directive (case-insensitive) is required for all authentication schemes that issue a challenge. The realm value (case-sensitive), in combination with the canonical root URL (the absoluteURI for the server whose abs_path is empty; see section 5.1.2 of [2]) of the server being accessed, defines the protection space. These realms allow the protected resources on a server to be partitioned into a set of protection spaces, each with its own authentication scheme and/or authorization database. The realm value is a string, generally assigned by the origin server, which may have additional semantics specific to the authentication scheme. Note that there may be multiple challenges with the same auth-scheme but different realms.</quote>"

    Then later in the RFC: "For Basic, the framework above is utilized as follows:

           challenge   = "Basic" realm
      credentials = "Basic" basic-credentials

    [download]
    Upon receipt of an unauthorized request for a URI within the protection space, the origin server MAY respond with a challenge like the following:       WWW-Authenticate: Basic realm="WallyWorld" where "WallyWorld" is the string assigned by the server to identify the protection space of the Request-URI."

    --traveler

[reply]
[d/l]
[select]
      That's right. You can try getting the realm from the command line with this:
      lwp-request -e http://some.url
      Just hit return if it asks for a password, then look for the WWW-Authenticate header.
[reply]
[d/l]
        Yes. BTW, lwp-request seems to be a very useful tool for seeing exactly what is going on.
[reply]
[d/l]
Re: Using credentials method of UserAgent
by princepawn (Parson) on May 19, 2001 at 00:35 UTC
    merlyn is an LWP expert, but appears not be around. I am not so good with it, but since no-one is piping up here is what I have to say:
  • i think your $realm should be 'basic' unless you are doing 'admin' realm auth.
  • $netloc is the page you are requesting which requires authentication before allowing you to access it.
  • You might join the LWP mailing list for more help
  • You might try to get Clinton Wong's "Web Client Programming with Perl" I understand the full text is online at O'Reilly.
[reply]
[d/l]
[select]
      Thanks for your comments. Can you tell me where I can find LWP mailing list?

      Mak
[reply]

Back to Seekers of Perl Wisdom