You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Andrew Schulman <an...@alumni.utexas.net> on 2014/01/01 13:23:24 UTC
[users@httpd] Re: Multiple authencation prompts
> Hello,
>
> I am using apache to host iOS related applications. I have integrated
> apache with our internal LDAP. When I try to access on a desktop it
> prompts for password only once. Where as in apple devices its
> prompting multiple times (I use plist). If the app consists of 4
> files, it prompts for password for 4 times.Can you please recommend a
> better way to handle this?
When you require HTTP authentication, the user's app or browser has to
send the username and password with each new request. So if your page
uses 4 files, the browser has to send the username and password 4 times.
Most browsers hide this from the user by cacheing HTTP authentication
credentials (username and password), and presenting them again with each
new request. So the user authenticates just once, and the browser takes
care of it after that.
It seems that your Apple devices aren't doing that. Cacheing HTTP auth
credentials is a basic browser feature, so if they're not doing it, it
seems like a bug.
You don't have many choices. You can remove the authentication
requirement; ignore the problem if it's limited to just a few buggy
apps; or change to an application-based method of authentication, using
forms and cookies (assuming those buggy apps handle cookies correctly).
Sorry.
Andrew
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Re: Multiple authencation prompts
Posted by Nadupalli Ramesh <na...@gmail.com>.
Can you please tell me, which directive's to use for excluding the images?
Sent from my iPhone
On Jan 2, 2014, at 11:52 PM, Andrew Schulman <an...@alumni.utexas.net> wrote:
>>> Hello,
>>>
>>> I am using apache to host iOS related applications. I have integrated
>>> apache with our internal LDAP. When I try to access on a desktop it
>>> prompts for password only once. Where as in apple devices its
>>> prompting multiple times (I use plist). If the app consists of 4
>>> files, it prompts for password for 4 times.Can you please recommend a
>>> better way to handle this?
>>
>> You don't have many choices. You can remove the authentication
>> requirement; ignore the problem if it's limited to just a few buggy
>> apps; or change to an application-based method of authentication, using
>> forms and cookies (assuming those buggy apps handle cookies correctly).
>> Sorry.
>
> I thought of another option, maybe better. You could configure your web server
> not to require authentication for image, style, and Javascript files. So the
> main page content, say in an HTML file, would be protected, but the images,
> styles, and Javascript would be free to anyone who wanted them. But the iOS app
> users would only get asked to log in once.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
[users@httpd] Re: Multiple authencation prompts
Posted by Andrew Schulman <an...@alumni.utexas.net>.
> > Hello,
> >
> > I am using apache to host iOS related applications. I have integrated
> > apache with our internal LDAP. When I try to access on a desktop it
> > prompts for password only once. Where as in apple devices its
> > prompting multiple times (I use plist). If the app consists of 4
> > files, it prompts for password for 4 times.Can you please recommend a
> > better way to handle this?
>
> You don't have many choices. You can remove the authentication
> requirement; ignore the problem if it's limited to just a few buggy
> apps; or change to an application-based method of authentication, using
> forms and cookies (assuming those buggy apps handle cookies correctly).
> Sorry.
I thought of another option, maybe better. You could configure your web server
not to require authentication for image, style, and Javascript files. So the
main page content, say in an HTML file, would be protected, but the images,
styles, and Javascript would be free to anyone who wanted them. But the iOS app
users would only get asked to log in once.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Re: Multiple authencation prompts
Posted by Ramesh Nadupalli <na...@gmail.com>.
Thanks Andrew for the info. Will check with our team.
On Wed, Jan 1, 2014 at 5:53 PM, Andrew Schulman
<an...@alumni.utexas.net> wrote:
>> Hello,
>>
>> I am using apache to host iOS related applications. I have integrated
>> apache with our internal LDAP. When I try to access on a desktop it
>> prompts for password only once. Where as in apple devices its
>> prompting multiple times (I use plist). If the app consists of 4
>> files, it prompts for password for 4 times.Can you please recommend a
>> better way to handle this?
>
> When you require HTTP authentication, the user's app or browser has to
> send the username and password with each new request. So if your page
> uses 4 files, the browser has to send the username and password 4 times.
>
> Most browsers hide this from the user by cacheing HTTP authentication
> credentials (username and password), and presenting them again with each
> new request. So the user authenticates just once, and the browser takes
> care of it after that.
>
> It seems that your Apple devices aren't doing that. Cacheing HTTP auth
> credentials is a basic browser feature, so if they're not doing it, it
> seems like a bug.
>
> You don't have many choices. You can remove the authentication
> requirement; ignore the problem if it's limited to just a few buggy
> apps; or change to an application-based method of authentication, using
> forms and cookies (assuming those buggy apps handle cookies correctly).
> Sorry.
>
> Andrew
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org