HTTP Authentication in Perl using CGI qw/:standard/ ?

Dev Shed Forums Sponsor:

September 7th, 2006, 11:01 AM

neobuddah

cosmos curator

Join Date: Mar 2002

Location: Leeds, UK

Posts: 678

Time spent in forums: 1 Day 14 h 17 m 49 sec
Reputation Power: 13

HTTP Authentication in Perl using CGI qw/:standard/ ?

Hi guys

I'm trying to do basic HTTP authentication in perl. I'm used to PHP, and can't seem to find a way of getting access to the "Authorization: basic asdasdasd" header using the CGI qw/:standard/ library.

What do I need to do to read that header?

__________________
R.T.F.M - Its the only way to fly...

"No matter what you do, or how good it is, someone will always ask for more features. Or to change the colour of something, then change their minds."

Personal:
experience// 8 Years Web Development
technologies// Standards-compliant, valid, & accessible (x)HTML/CSS, XML/XSL/XPath/XQuery/XUpdate, (OOP) PHP/(My)SQL, eXist/Xindice/XMLDBs
packages// Photoshop, Illustrator, Flash/Fireworks/Director
environment// FC2, MySQL, Lighttpd, PHP5, Mojavi/Agavi
site// //refactored.net/ (Coming soon...)
quote// Programming is the eternal competition between programmers who try to make apps more and more idiot proof and the universe that makes dumber idiots. So far, the universe is winning...

September 8th, 2006, 03:31 AM

keath

!~ /m$/

Join Date: May 2004

Location: Reno, NV

Posts: 4,084

Time spent in forums: 2 Weeks 4 Days 6 h 43 m 12 sec
Reputation Power: 1809

You should not be able to get that information using CGI if you are using Apache. When I googled for confirmation of that, I came across a link that showed that the Microsoft IIS server sets up AUTH_USER and AUTH_PASSWORD as environmental variables accessible to CGI.

I have no idea how old that information is. It could be that IIS has changed by now, or maybe that's the way they want it to work. It's not the way Apache works though.

Using basic authentication restricts access using the webserver itself. You tell Apache to not let users access the content without the proper password. Apache handles it, and that information is not shared with a CGI script.

If you need to control basic authentication, you would need to use mod_perl to intercept within Apache.

Or you could use another form of authentication.

November 13th, 2006, 10:45 AM

neobuddah

cosmos curator

Join Date: Mar 2002

Location: Leeds, UK

Posts: 678

Time spent in forums: 1 Day 14 h 17 m 49 sec
Reputation Power: 13

Thats interesting, because I can do this fine using PHP.

What I need to do is have perl force a 'WWW-Authenticate: Basic realm="Secure Site"' and a 'HTTP/1.0 401 Unauthorized' header, to challenge the user with the default log-in box. Then, I need to take the username/password pair submitted and check that against my database.

The first part I can do, without a problem. However, the CGI module doesn't seem to give any way to access either the authentication parameters or the actual "Authorization: basic asdasdasd" http header directly (the http() method doesn't seem to work).

Seems silly I can't do something so simple. Am I missing something?

November 15th, 2006, 05:57 PM

perlcircus

Contributing User

Join Date: May 2001

Location: United Kingdom

Posts: 36

Time spent in forums: 15 h 1 m 25 sec
Reputation Power: 29

Actually you can do it but only in mod_perl, as opposed to a CGI. Even in PHP you can't do it whilst running a script as a CGI, only with the version that is loaded into the server itself, so that much is consistent.

The examples you can find on the web of using mod_perl for authentication will make you want to switch to PHP in a hurry -- they aren't trivial.

For what it's worth try Chapter 6 of Writing Apache Modules with Perl and C.

regards,
Michael

HTTP Authentication in Perl using CGI qw/:standard/ ?

Developer Shed Advertisers and Affiliates