Mailing Lists: Apple Mailing Lists
Image of Mac OS face in stamp
 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

WO and Apache Basic HTTP authentication

Morning all.

I have written about this before, but I'll recap.

Our website uses basic http authentication, driven by mod_mysql and a mysql database to provide authentication into the various private sections of our web site. I have been working on including that http authentication into my WebObjects applications for those that need to be included. However, I realized today and remembered with help from Francis's reply earlier this year that things will not work as hoped:

Finally, if you need to provide an easy way for your user to browse back and forth from the static protected area to the WebObjects application without having to authenticate twice, I'm afraid I'm not sure it's possible. Maybe you can to create special trick to pass the proper header...

Should a user log in and browse to my WO application they would have to re-authenticate. Which is what will happen when a user goes from /Private/SomeStuff.html -> /cgi-bin/WebObjects/MyApplication.

Has anyone worked with this sort of deployment environment? Is it possible to fool the browser/Apache via mod_rewrite that a particular application is in /Private/MyApplication, so that the authorization header would be passed within the request to my application? Or perhaps, since the pages are coded in .php, would it be possible, as Francis suggests, to add a header that would pass the info? Perhaps passing the authorization directly in the URL? It would be ugly, but my session-based applications already have the session ID in every URL as it is.

Thank you in advance.
Ben

--

Benjamin Adair

Central Office Database Programmer/Analyst
Cancer & Leukemia Group B
Phone: 773-702-6731
Fax: 312-345-0117
Email: email@hidden
Web: http://www.calgb.org/
 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/webobjects-dev/email@hidden

This email sent to email@hidden


Visit the Apple Store online or at retail locations.
1-800-MY-APPLE

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2007 Apple Inc. All rights reserved.