Hello,
I am trying to handle basic authentication using mod_perl 2.0.9 and Apache
2.4.18.
I am getting the first request to my resource. The user is requesting the URL
without any username or password. My program should refuse the access to this
resource and force the web browser to offer a dialogue box with realm, username
and password. Here is what I tried:
$o_Req->auth_name('Login');
$o_Req->auth_type('Basic');
$o_Req->note_basic_auth_failure();
return Apache2::Const::HTTP_UNAUTHORIZED;
In fact the browser gets the 401 message, but does not open any dialog box.
When debugging with curl I can see the "HTTP/1.1 401 Unauthorized” header, but
I cannot see any trace of the authentication type “Basic” or name “Login”. So I
try to send them manually:
$o_Req->note_basic_auth_failure();
$o_Req->headers_out->set('WWW-Authenticate' => "Basic");
$o_Req->headers_out->set('Realm' => "Login");
return Apache2::Const::HTTP_UNAUTHORIZED;
but I still cannot see the authentication type or name. I tried with a
different return code “AUTH_REQUIRED”, but there was no difference in
behaviour. Where is the difference between HTTP_UNAUTHORIZED and AUTH_REQUIRED?
I assume the browser does not open the dialog box for requesting the username
and password, because he did not receive the realm name and authentication
type. So how I can send these?
BTW, the same Programm runs fine using mod_perl 2.0.6 and Apache 2.2.x.
Thank you
Matthias Schmitt
Greetings from Luxembourg
