views:

653

answers:

2

I'm trying to access a protected file. Server is using digest authentication - which I can see from the printed out response. Here is the sample code:

use LWP;
use strict;

my $url = 'http://somesite.com/aa/bb/cc.html';
my $username = 'scott';
my $password = 'tiger';

my $browser = LWP::UserAgent->new('Mozilla');
$browser->credentials("http://somesite.com:80","realm-name",$username=>$password);
my $response=$browser->get($url);

print $response->content;

Name of the realm I got it from the popup window I get when I try to access that resource from the browser. Same username and password are working extremely fine in the browser and I'm able to see the content but when I run the above script it always says 401 Authorization required.

How does LWP work?

Do I need to ask LWP to send MD5 hash (digest) of the username and password or is it like internally it checks which authentication to use and sends the corresponding (basic/digest) way of sending credentials. My questions are

  1. How can I set LWP so that it sends digest of username and password?
  2. What if the server is using windows NTLM authentication protocol? How should I go about in such a situation?

any quick help is highly appreciated !

+5  A: 

Consider the following excerpt from the LWP::UserAgent module's documentation:

$ua->credentials( $netloc, $realm )
$ua->credentials( $netloc, $realm, $uname, $pass )

Get/set the user name and password to be used for a realm.

The $netloc is a string of the form "<host>:<port>". The username and password will only be passed to this server. Example:

$ua->credentials("www.example.com:80", "Some Realm", "foo", "secret");

Change

$browser->credentials("http://somesite.com:80","realm-name",$username=&gt;$password);

to

$browser->credentials("somesite.com:80","realm-name",$username=>$password);
Greg Bacon
Thanks....gbacon... Removing "http://" in credentials host solved the problem. Thank you so much. Anyway we are saying port no 80 so we need not say http I guess
ram
You're welcome!
Greg Bacon
+1  A: 

When you have these sorts of issues, use an HTTP sniffer to watch the transaction so you can see the headers your program is sending. In this case, you're probably not sending the credentials at all since the HTTP status is 401 instead of 403. That usually means you've made a mistake with the credentials, as gbacon notes in his answer.

brian d foy