http-authentication

HTTP Authentication Headers for IIS windows authentication

Hi All, I have a web site hosted on IIS with windows authentication. I am trying to access it in one of my iPhone web application. Presently i am using this code, but it is not working. NSString *authString = [[[NSString stringWithFormat:@"%@:%@", @"myusername", @"mypassword"]dataUsingEncoding:NSUTF8StringEncoding] base64Encoding]; a...

Apache .htaccess password protect with relative path

I want to create a .htaccess file in my DocumentRoot, so that the directory is password protected. But the password file, I want to specify by using the relative path of DocumentRoot. So, if I am checking out the code in another system, it just works as it is. The password file will be part of my source control. How can I access the ...

How do I keep Firefox from prompting for username/password with HTTP Basic Auth with JQuery AJAX?

I'm writing some browser side dynamic functionality and using HTTP Basic Auth to protect some resources. The user experience is very important and is highly customized. Here's a simple test JQuery method that eventually will test if a user has supplied the right credentials in a form: $(document).ready(function() { $("#submit").cl...

Can I coerce Apache into not including a WWW-Authenticate header for failed HTTP Basic Auth?

I'm using HTTP Basic Authentication with AJAX requests. Firefox 3 is a whiner and always displays a dialog box for failed credentials -- even though I don't want one. This question summarizes some of the browser and JS issues; you'll notice it's unresolved on the client side. Luckily, I have at least some freedom to change the serve...

Basic HTTP Authentication on iPhone

Hello, I'm trying to get a small twitter client running and I ran into a problem when testing API calls that require authentication. My password has special characters in it, so when I try to use the following code it doesn't work. NSString *post = [NSString stringWithFormat:@"status=%@", [status stringByAddingPercentEscapesUsingEncod...

digest authentication from silverlight and against a custom store using IIS 6

The server side of the requirement is digest authentication against a custom credential store (ala a membership provider) and on the client side a silverlight application making calls to a RESTful api. i'm looking for pointers. Out of the box it looks like Digest only works against AD. From the client side, I'm use to getting the brow...

Destroying $_SERVER session?

Okay so I'm not using any session variables, rather my code looks like this: if (!isset($_SERVER['PHP_AUTH_USER'])) { header('WWW-Authenticate: Basic realm="Enter your Twitter username and password:"'); header('HTTP/1.0 401 Unauthorized'); echo 'Please enter your Twitter username and password to view your followers.'; ex...

How to download web resource using Digest authentication

What set of Windows API calls will allow downloading a web resource (specifically an XML document) when the site is protected using Digest authentication without having to enter a username and password? I can use MSXML's “open” function on the IXMLHTTPRequest interface, but it requires a username and password to be supplied even thoug...

Supressing browser's authentication dialog.

I apologize that there is a similar question already but I'd like to ask it more broadly. Is there any way at all to determine on the client side of a web application if requesting a resource will return a 401 status code and cause the browser to display an ugly authentication dialog? Or, is there any way at all to load an mp3 audio r...

NTLM authentication for a web server side application

My Windows based application written in C++ ( basically an HTTP/1.1 proxy server) listens for requests from various users. Presently it is able to send a 407 Basic Challenge, and process the response from the Headers. I know I must modify the challenge headers, so that the client browsers make an NTLM based response for the purpose of au...

How to get Google cookies having the user and the password?

The tool I'm developing would do a thing similar to when you join Facebook and they ask your GMail username and password and with it they can grab all your contacts. But my tool doesn't use a browser, therefore it is difficult to get the proper headers. I assume that the Google application (Orkut) checks only my Cookies and Identity(ip,...

pywikipedia bot with https and http authentication

I'm having trouble getting my bot to login to a MediaWiki install on the intranet. I believe it is due to the http authentication protecting the wiki. Facts: The wiki root is: https://local.example.com/mywiki/ When visiting the wiki with a web browser, a popup comes up asking for enterprise credentials (I assume this is basic access ...

Is HTTP Authentication possible with PHP on IIS FastCGI?

I've just migrated from PHP 5.2.3 using php5isapi.dll to PHP 5.3.0 using FastCGI and php-cgi.exe. On this site I have hooks for windows/ntlm/http authentication doing something like this: if(empty($_SERVER["REMOTE_USER"])) { header("HTTP/1.1 401 Unauthorized"); exit; } $winuser = $_Server["REMOTE_USER"]; //parse $winuser to make sur...

HTTP authentication in app engine dev server

I want to setup the app engine dev server, so that it's available to other people for a preview. What I'd really like to do before that is enable http authentication for any url served from that site. I don't want anyone to access the service without passing that stage. I could of course build my own http authentication into the app I'm...

Perl: Get .htaccess status on the current folder

I have developed sort of a Server Explorer as a module for our web application, and it actually works great. I am doing some refinements to it and there is one problem I don't really know how to tackle. The Explorer is mainly used to choose pictures from a specified folder and subfolders. As some schools are concerned with distribution...

NSURLConnection using basic auth fails on Tiger, succeeds on Panther and Leopard

I have a program running on Panther, Tiger, and Leopard systems and using the following method for NSURLConnection authentication ("encodedUserPass" is the auth string with the word Basic followed by the base64-encoded user:pass) [theRequest addValue:encodedUserPass forHTTPHeaderField:@"Authorization"]; NSURLConnection *theConnection=[[...

What is base64 clear text username and password?

Recently I came across this word in a basic authentication article. What it meant by base64 clear text usrname and password on the network? Thanks ...

HTTP Basic Auth, reading password file and performance

hi, I'm curious to know what are the performance impacts of using HTTP Basic Auth on a webserver like Apache or lighttpd or nginx. I imagine the bottleneck is the actual reading of the file by the server to authenticate a user. It also seems to me that the cost of reading the file to authenticate a user is proportional to the number of ...

how to use a private yum repo on amazon-s3 to provision amazon-ec2 instances?

My fantasy is to be able to spin up a standard AMI, load a tiny script and end up with a properly configured server instance. Part of this is that I would like to have a PRIVATE yum repo in S3 that would contain some proprietary code. It seems that S3 wants you to either be public or use AMZN's own special flavor of authentication. Is...

HTTP authenticate a file download ... how to? [SOLVED]

In my website I've a php script that launches a file download without showing the full path of the file, the code look like this: $path = '../examples/test.zip'; $type = "application/zip"; header("Expires: 0"); header("Pragma: no-cache"); header('Cache-Control: no-store, no-cache, must-revalidate'); header('Cache-Control: pre-check=0, ...