#1
  1. cosmos curator
    Devshed Novice (500 - 999 posts)

    Join Date
    Mar 2002
    Location
    Leeds, UK
    Posts
    678
    Rep Power
    14

    HTTP Authentication in Perl using CGI qw/:standard/ ?


    Hi guys

    I'm trying to do basic HTTP authentication in perl. I'm used to PHP, and can't seem to find a way of getting access to the "Authorization: basic asdasdasd" header using the CGI qw/:standard/ library.

    What do I need to do to read that header?
    R.T.F.M - Its the only way to fly...

    "No matter what you do, or how good it is, someone will always ask for more features. Or to change the colour of something, then change their minds."

    Personal:
    experience// 8 Years Web Development
    technologies// Standards-compliant, valid, & accessible (x)HTML/CSS, XML/XSL/XPath/XQuery/XUpdate, (OOP) PHP/(My)SQL, eXist/Xindice/XMLDBs
    packages// Photoshop, Illustrator, Flash/Fireworks/Director
    environment// FC2, MySQL, Lighttpd, PHP5, Mojavi/Agavi
    site// //refactored.net/ (Coming soon...)
    quote// Programming is the eternal competition between programmers who try to make apps more and more idiot proof and the universe that makes dumber idiots. So far, the universe is winning...
  2. #2
  3. !~ /m$/
    Devshed Specialist (4000 - 4499 posts)

    Join Date
    May 2004
    Location
    Reno, NV
    Posts
    4,257
    Rep Power
    1810
    You should not be able to get that information using CGI if you are using Apache. When I googled for confirmation of that, I came across a link that showed that the Microsoft IIS server sets up AUTH_USER and AUTH_PASSWORD as environmental variables accessible to CGI.

    I have no idea how old that information is. It could be that IIS has changed by now, or maybe that's the way they want it to work. It's not the way Apache works though.

    Using basic authentication restricts access using the webserver itself. You tell Apache to not let users access the content without the proper password. Apache handles it, and that information is not shared with a CGI script.

    If you need to control basic authentication, you would need to use mod_perl to intercept within Apache.

    Or you could use another form of authentication.
  4. #3
  5. cosmos curator
    Devshed Novice (500 - 999 posts)

    Join Date
    Mar 2002
    Location
    Leeds, UK
    Posts
    678
    Rep Power
    14
    Thats interesting, because I can do this fine using PHP.

    What I need to do is have perl force a 'WWW-Authenticate: Basic realm="Secure Site"' and a 'HTTP/1.0 401 Unauthorized' header, to challenge the user with the default log-in box. Then, I need to take the username/password pair submitted and check that against my database.

    The first part I can do, without a problem. However, the CGI module doesn't seem to give any way to access either the authentication parameters or the actual "Authorization: basic asdasdasd" http header directly (the http() method doesn't seem to work).

    Seems silly I can't do something so simple. Am I missing something?
    R.T.F.M - Its the only way to fly...

    "No matter what you do, or how good it is, someone will always ask for more features. Or to change the colour of something, then change their minds."

    Personal:
    experience// 8 Years Web Development
    technologies// Standards-compliant, valid, & accessible (x)HTML/CSS, XML/XSL/XPath/XQuery/XUpdate, (OOP) PHP/(My)SQL, eXist/Xindice/XMLDBs
    packages// Photoshop, Illustrator, Flash/Fireworks/Director
    environment// FC2, MySQL, Lighttpd, PHP5, Mojavi/Agavi
    site// //refactored.net/ (Coming soon...)
    quote// Programming is the eternal competition between programmers who try to make apps more and more idiot proof and the universe that makes dumber idiots. So far, the universe is winning...
  6. #4
  7. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    May 2001
    Location
    United Kingdom
    Posts
    36
    Rep Power
    30
    Actually you can do it but only in mod_perl, as opposed to a CGI. Even in PHP you can't do it whilst running a script as a CGI, only with the version that is loaded into the server itself, so that much is consistent.

    The examples you can find on the web of using mod_perl for authentication will make you want to switch to PHP in a hurry -- they aren't trivial.

    For what it's worth try Chapter 6 of Writing Apache Modules with Perl and C.

    regards,
    Michael

IMN logo majestic logo threadwatch logo seochat tools logo