Hello,
I am trying to handle basic authentication using mod_perl 2.0.9 and Apache 2.4.18.
I am getting the first request to my resource. The user is requesting the URL without any username or password. My program should refuse the access to this resource and force the web browser to offer a dialogue box with realm, username and password. Here is what I tried:
$o_Req->auth_name('Login');
$o_Req->auth_type('Basic');
$o_Req->note_basic_auth_failure();
return Apache2::Const::HTTP_UNAUTHORIZED;
In fact the browser gets the 401 message, but does not open any dialog box. When debugging with curl I can see the "HTTP/1.1 401 Unauthorized†header, but I cannot see any trace of the authentication type “Basic†or name “Loginâ€. So I try to send them manually:
$o_Req->note_basic_auth_failure();
$o_Req->headers_out->set('WWW-Authenticate' => "Basic");
$o_Req->headers_out->set('Realm' => "Login");
return Apache2::Const::HTTP_UNAUTHORIZED;
but I still cannot see the authentication type or name. I tried with a different return code “AUTH_REQUIREDâ€, but there was no difference in behaviour. Where is the difference between HTTP_UNAUTHORIZED and AUTH_REQUIRED?
I assume the browser does not open the dialog box for requesting the username and password, because he did not receive the realm name and authentication type. So how I can send these?
BTW, the same Programm runs fine using mod_perl 2.0.6 and Apache 2.2.x.
Thank you
Matthias Schmitt
Greetings from Luxembourg
I am trying to handle basic authentication using mod_perl 2.0.9 and Apache 2.4.18.
I am getting the first request to my resource. The user is requesting the URL without any username or password. My program should refuse the access to this resource and force the web browser to offer a dialogue box with realm, username and password. Here is what I tried:
$o_Req->auth_name('Login');
$o_Req->auth_type('Basic');
$o_Req->note_basic_auth_failure();
return Apache2::Const::HTTP_UNAUTHORIZED;
In fact the browser gets the 401 message, but does not open any dialog box. When debugging with curl I can see the "HTTP/1.1 401 Unauthorized†header, but I cannot see any trace of the authentication type “Basic†or name “Loginâ€. So I try to send them manually:
$o_Req->note_basic_auth_failure();
$o_Req->headers_out->set('WWW-Authenticate' => "Basic");
$o_Req->headers_out->set('Realm' => "Login");
return Apache2::Const::HTTP_UNAUTHORIZED;
but I still cannot see the authentication type or name. I tried with a different return code “AUTH_REQUIREDâ€, but there was no difference in behaviour. Where is the difference between HTTP_UNAUTHORIZED and AUTH_REQUIRED?
I assume the browser does not open the dialog box for requesting the username and password, because he did not receive the realm name and authentication type. So how I can send these?
BTW, the same Programm runs fine using mod_perl 2.0.6 and Apache 2.2.x.
Thank you
Matthias Schmitt
Greetings from Luxembourg