RoR: Store HTTP_AUTHORIZATION in session to access .htaccess protected folder

Question

Hi everyone,

In my Ruby on Rails application, I am trying to protect part of the public folder using apache .htaccess feature to prevent access from files to non-authentified people. So I have place a .htpasswd file to protect this folder and set up apache accordingly and this work... prompting me for login/password to access the files.

I use the restful authentication plugin to authentify users to their credential. My idea was to do:

1. authentify the user
2. if the user is authentified, set the HTTP_AUTHORIZATION variable and store it so that I can access the protected folder's files without the browser prompting me for login/password

What I did, in the application controller:

helper_method :set_http_auth 

def set_http_auth  
  request.env['HTTP_AUTHORIZATION'] = AutionController::HttpAuthentication::Basic.encode_credentials("myLogin","myPassword")  
end

Then call the before_filter in the controller to set the value.

It seems like it's doing the job, I get HTTP_AUTHORIZATION set into my request.env array but unfortunately the browser still prompts me for login/passwd if i try to get file from the protected folder (such as image).

If anybody has an idea, I'm all ears :) Thanks!

Answer 1

I found a solution that could be suitable: Here but it would require major changes in my application.

So instead, I chose to protect the folder using apache cookie detection and then check if the cookie was existing when trying to access the file (the cookie getting set upon user's authentication).

Email me is you want details...