Re: Authorization HTTP header isn't coming through

Replies are listed 'Best First'.
Re^2: Authorization HTTP header isn't coming through - why? by isync (Hermit) on Aug 23, 2010 at 17:15 UTC
Which means for me, I need to separate authentication into its own piece of code and call it from Apache as an AuthHandler, right. Thanks!	[reply]
Re^3: Authorization HTTP header isn't coming through - why? by ikegami (Patriarch) on Aug 23, 2010 at 19:14 UTC
Or you could use form-based authentication.	[reply]
Re^4: Authorization HTTP header isn't coming through - why? by isync (Hermit) on Aug 23, 2010 at 19:18 UTC
That would solve the data-sharing problems (see below) but isn't feasible in a scenario which relies on standards like Basic/Digest HTTP auth. For example, you can't teach a WebDAV client to process a login-scheme I define.	[reply]
Re^2: Authorization HTTP header isn't coming through - why? by isync (Hermit) on Aug 23, 2010 at 19:16 UTC
I just realized: that also means my script is never able to get a grip on the username which is part of the wrapping authentication, right? Unleass I find a way to share (session) data among processes/scripts. How am I supposed to offer user-customized service then, if my script never gets access to HTTP Basic or Digest auth values??	[reply]
Re^3: Authorization HTTP header isn't coming through - why? by ikegami (Patriarch) on Aug 23, 2010 at 20:10 UTC
It's available as $cgi->remote_user (which it gets from $ENV{REMOTE_USER}).	[reply]
Re^4: Authorization HTTP header isn't coming through - why? by isync (Hermit) on Aug 23, 2010 at 20:50 UTC
slap on the forehead... of course! I've overseen this.. So I could summarize the lesson learned as: the actual authentication ('Authorization' header) isn't accessible for the script, but once a user is logged in/authenticated, the 'Remote-User' header is set and this is part of the script's %ENV and thus accessible.	[reply]