How do I have a PerlAuthenHandler not popup the login box?

[Jason Fong <Jf...@ucla.edu>]

I'm making a login system that uses a web form instead of the browser's
popup box to input the username/password.  My problem is that when I use
my authentication script as a PerlAuthenHandler in the .htaccess, it
insists on having the browser show the popup username/password box.  I
tried making a simple handler function that just returns OK, but I still
get the login box.

My guess is that using the PerlAuthenHandler automatically sends a
AUTH_REQUIRED to the browser so that the login box appears.

I found a solution to this by changing the PerlAuthenHandler to a
PerlAccessHandler.  Is this the correct way to avoid the login box?  Or
is there a way for a PerlAuthenHandler to not popup a login box?

Re: How do I have a PerlAuthenHandler not popup the login box?

[Thomas Klausner <do...@zsi.at>]

Hi!

On Thu, Jul 17, 2003 at 06:07:48PM -0700, Jason Fong wrote:
> I'm making a login system that uses a web form instead of the browser's
> popup box to input the username/password.  My problem is that when I use
> my authentication script as a PerlAuthenHandler in the .htaccess, it
> insists on having the browser show the popup username/password box.  I
> tried making a simple handler function that just returns OK, but I still
> get the login box.

This the way BASIC Authentication works. To solve your problem (cleanly),
you'll need to use your own custom authentication mechanism. This is not
as hard as it sound.

Take a look at Apache::AuthCookie for an example (quite likely it is exactly
what you are looking for....)

Or read chapter 13.7 "Writing your own authentication mechanism" in the
mod_perl Cookbook.


	 
-- 
#!/usr/bin/perl                               http://domm.zsi.at
for(ref bless{},just'another'perl'hacker){s-:+-$"-g&&print$_.$/}

Re: How do I have a PerlAuthenHandler not popup the login box?

[Keith Keller <kk...@wombat.san-francisco.ca.us>]

On Thu, Jul 17, 2003 at 06:07:48PM -0700, Jason Fong wrote:
> I'm making a login system that uses a web form instead of the browser's
> popup box to input the username/password.  My problem is that when I use
> my authentication script as a PerlAuthenHandler in the .htaccess, it
> insists on having the browser show the popup username/password box.

Well, that's not really a problem--it's how a PerlAuthenHandler, or
any Apache-based authentication handler, is supposed to work.  If you're
using a web form to authenticate users, you don't need Apache or
mod_perl to also authenticate.

> My guess is that using the PerlAuthenHandler automatically sends a
> AUTH_REQUIRED to the browser so that the login box appears.

The whole point of PerlAuthenHandler is to ask the client to send
a specific HTTP request to the server, which the client usually
does by prompting the user.  So your guess is a pretty good one.

> I found a solution to this by changing the PerlAuthenHandler to a
> PerlAccessHandler.  Is this the correct way to avoid the login box?  Or
> is there a way for a PerlAuthenHandler to not popup a login box?

Depending on what you're trying to do, the correct way to avoid the
login box is to omit the PerlAuthenHandler and the PerlAccessHandler,
but without any specifics on what you're trying to do all anyone can
do is guess.

--keith

-- 
kkeller@speakeasy.net
alt.os.linux.slackware FAQ:  http://wombat.san-francisco.ca.us/cgi-bin/fom