Hello,

I am trying to handle basic authentication using mod_perl 2.0.9 and Apache 
2.4.18. 

I am getting the first request to my resource. The user is requesting the URL 
without any username or password. My program should refuse the access to this 
resource and force the web browser to offer a dialogue box with realm, username 
and password. Here is what I tried:

$o_Req->auth_name('Login');
$o_Req->auth_type('Basic');
$o_Req->note_basic_auth_failure();
return Apache2::Const::HTTP_UNAUTHORIZED;

In fact the browser gets the 401 message, but does not open any dialog box. 
When debugging with curl I can see the "HTTP/1.1 401 Unauthorized” header, but 
I cannot see any trace of the authentication type “Basic” or name “Login”. So I 
try to send them manually:

$o_Req->note_basic_auth_failure();
$o_Req->headers_out->set('WWW-Authenticate' => "Basic");
$o_Req->headers_out->set('Realm' => "Login");
return Apache2::Const::HTTP_UNAUTHORIZED;

but I still cannot see the authentication type or name. I tried with a 
different return code “AUTH_REQUIRED”, but there was no difference in 
behaviour. Where is the difference between HTTP_UNAUTHORIZED and AUTH_REQUIRED?

I assume the browser does not open the dialog box for requesting the username 
and password, because he did not receive the realm name and authentication 
type. So how I can send these?

BTW, the same Programm runs fine using mod_perl 2.0.6 and Apache 2.2.x.

Thank you

Matthias Schmitt
Greetings from Luxembourg





Reply via email to