Hi all,
I have an app that originally only supported form-based
authentication, and showed pared-down content to unauthenticated
users. I then layered on HTTP Basic authentication using
authenticate_with_http_basic, which worked fine for scripts like LWP/
wget/curl.
However, some web browsers refuse to submit credentials in the URL
(eg. http://username:password-hcDgGtZH8xNBDgjK7y7TUQ@public.gmane.org) since
they never get a
challenge (401) response, since authentication is purely optional.
This is a bigger problem than one might expect, since there''s a
desktop client in development that requires the ability to login with
HTTP Basic URL auth.
They way I hacked around it was to create an action that looks like
this:
app/controllers/sessions_controller.rb
def challenge
authenticate_or_request_with_http_basic APP_NAME do |login,
password|
@user = User.authenticate(login, password)
end
if @user
self.current_user = @user
render_ok
end
end
so browser clients (including the problematic desktop client) can GET
http://user:pass-hcDgGtZH8xNBDgjK7y7TUQ@public.gmane.org/sessions/challenge to
do explicit HTTP
basic auth.
Is there a better way to do this?
Thanks,
Ian
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---
