Hi all, I have an app that originally only supported form-based authentication, and showed pared-down content to unauthenticated users. I then layered on HTTP Basic authentication using authenticate_with_http_basic, which worked fine for scripts like LWP/ wget/curl. However, some web browsers refuse to submit credentials in the URL (eg. http://username:password-hcDgGtZH8xNBDgjK7y7TUQ@public.gmane.org) since they never get a challenge (401) response, since authentication is purely optional. This is a bigger problem than one might expect, since there''s a desktop client in development that requires the ability to login with HTTP Basic URL auth. They way I hacked around it was to create an action that looks like this: app/controllers/sessions_controller.rb def challenge authenticate_or_request_with_http_basic APP_NAME do |login, password| @user = User.authenticate(login, password) end if @user self.current_user = @user render_ok end end so browser clients (including the problematic desktop client) can GET http://user:pass-hcDgGtZH8xNBDgjK7y7TUQ@public.gmane.org/sessions/challenge to do explicit HTTP basic auth. Is there a better way to do this? Thanks, Ian --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---