• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
WO and Apache Basic HTTP authentication
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

WO and Apache Basic HTTP authentication

  • Subject: WO and Apache Basic HTTP authentication
  • From: Benjamin Adair <email@hidden>
  • Date: Tue, 21 Sep 2004 09:54:51 -0500
Morning all.

I have written about this before, but I'll recap.

Our website uses basic http authentication, driven by mod_mysql and a mysql database to provide authentication into the various private sections of our web site. I have been working on including that http authentication into my WebObjects applications for those that need to be included. However, I realized today and remembered with help from Francis's reply earlier this year that things will not work as hoped:

Finally, if you need to provide an easy way for your user to browse back and forth from the static protected area to the WebObjects application without having to authenticate twice, I'm afraid I'm not sure it's possible. Maybe you can to create special trick to pass the proper header...

Should a user log in and browse to my WO application they would have to re-authenticate. Which is what will happen when a user goes from /Private/SomeStuff.html -> /cgi-bin/WebObjects/MyApplication.

Has anyone worked with this sort of deployment environment? Is it possible to fool the browser/Apache via mod_rewrite that a particular application is in /Private/MyApplication, so that the authorization header would be passed within the request to my application? Or perhaps, since the pages are coded in .php, would it be possible, as Francis suggests, to add a header that would pass the info? Perhaps passing the authorization directly in the URL? It would be ugly, but my session-based applications already have the session ID in every URL as it is.

Thank you in advance.
Ben

--

Benjamin Adair

Central Office Database Programmer/Analyst
Cancer & Leukemia Group B
Phone: 773-702-6731
Fax: 312-345-0117
Email: email@hidden
Web: http://www.calgb.org/
 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
  • Follow-Ups:
    • Re: WO and Apache Basic HTTP authentication
      • From: Anjo Krank <email@hidden>
  • Prev by Date: Re: converting object to another class
  • Next by Date: Re: WO and Apache Basic HTTP authentication
  • Previous by thread: Re: converting object to another class
  • Next by thread: Re: WO and Apache Basic HTTP authentication
  • Index(es):
    • Date
    • Thread