You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Sebastian Gil <sg...@ceisasp.com> on 2006/01/03 15:41:13 UTC

[users@httpd] R: [users@httpd] Authentication realms

Is this happening when you download the file or when you try to open it
directly from the browser? Maybe it's a problem with the media player plugin


-----Messaggio originale-----
Da: Dave Beach [mailto:drbeach@rogers.com] 
Inviato: martedì 3 gennaio 2006 15.34
A: users@httpd.apache.org
Oggetto: RE: [users@httpd] Authentication realms

Thanks for the reply. I've been through the FAQ again, and don't see where
URL space is relevant (although I'm sure that's a deficiency in my
understanding).

Consider www.foo.com (hypothetically - I've just realized that's actually a
real site), and that /usr/local/apache2/htdocs is set as AuthName "bar" in
httpd.conf. Everything behaves perfectly as expected, except a link to
/usr/local/apache2/htdocs/foobar/foobar.wmv causes a re-prompt for
authentication credentials. In the client popup, the user is advised that a
password is required for www.foo.com. The link that causes this is from
/usr/local/apache2/htdocs/index.htm, and merely points to
"foobar/foobar.wmv". For every other link and file on the server,
authentication seems to be working exactly the way I would have expected.
For example, a link that points to "foobar/picture.jpg" does not cause an
authentication re-prompt.

I realize I'm repeating myself here, but I'm trying to illustrate that I'm
not sure how this is a URL space issue. I've re-looked at the FAQ again, and
made two changes - I set UseCanonicalName to off in httpd.conf, and I added
an .htaccess file in /usr/local/apache2/htdocs/foobar that simply repeats
"AuthName "bar"".

Still no joy.

I appreciate your patience; perhaps a slightly more detailed pointer would
nudge me in the right direction.



-----Original Message-----
From: Nick Kew [mailto:nick@webthing.com] 
Sent: January 3, 2006 2:24 AM
To: users@httpd.apache.org
Subject: Re: [users@httpd] Authentication realms

On Monday 02 January 2006 22:57, Dave Beach wrote:
> Hi list!
>
> I'm having a small problem. I have basic authentication set up (httpd 
> v2.2.0), and it works as I would expect - except that when a user 
> requests a Windows Media file (wmv) from a subordinate page, the 
> client browser prompts again for the user's credentials.

That's the browser doing the prompting.  Which means the *browser* sees the
wmv file as not being within the already-authenticated area.

You need to sort out your URL space.  The internal organisation of Apache
(thngs like directories) is not relevant (except indirectly, when it affects
URL space).

There's a FAQ entry that might be relevant to you.

--
Nick Kew

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

RE: [users@httpd] R: [users@httpd] Authentication realms

Posted by Dave Beach <dr...@rogers.com>.
Interesting. Right-clicking and saving the file from the browser works. A
left-click to open it directly doesn't. Hmm. 

-----Original Message-----
From: Sebastian Gil [mailto:sgil@ceisasp.com] 
Sent: January 3, 2006 9:41 AM
To: users@httpd.apache.org
Subject: [users@httpd] R: [users@httpd] Authentication realms

Is this happening when you download the file or when you try to open it
directly from the browser? Maybe it's a problem with the media player plugin


-----Messaggio originale-----
Da: Dave Beach [mailto:drbeach@rogers.com]
Inviato: martedì 3 gennaio 2006 15.34
A: users@httpd.apache.org
Oggetto: RE: [users@httpd] Authentication realms

Thanks for the reply. I've been through the FAQ again, and don't see where
URL space is relevant (although I'm sure that's a deficiency in my
understanding).

Consider www.foo.com (hypothetically - I've just realized that's actually a
real site), and that /usr/local/apache2/htdocs is set as AuthName "bar" in
httpd.conf. Everything behaves perfectly as expected, except a link to
/usr/local/apache2/htdocs/foobar/foobar.wmv causes a re-prompt for
authentication credentials. In the client popup, the user is advised that a
password is required for www.foo.com. The link that causes this is from
/usr/local/apache2/htdocs/index.htm, and merely points to
"foobar/foobar.wmv". For every other link and file on the server,
authentication seems to be working exactly the way I would have expected.
For example, a link that points to "foobar/picture.jpg" does not cause an
authentication re-prompt.

I realize I'm repeating myself here, but I'm trying to illustrate that I'm
not sure how this is a URL space issue. I've re-looked at the FAQ again, and
made two changes - I set UseCanonicalName to off in httpd.conf, and I added
an .htaccess file in /usr/local/apache2/htdocs/foobar that simply repeats
"AuthName "bar"".

Still no joy.

I appreciate your patience; perhaps a slightly more detailed pointer would
nudge me in the right direction.



-----Original Message-----
From: Nick Kew [mailto:nick@webthing.com]
Sent: January 3, 2006 2:24 AM
To: users@httpd.apache.org
Subject: Re: [users@httpd] Authentication realms

On Monday 02 January 2006 22:57, Dave Beach wrote:
> Hi list!
>
> I'm having a small problem. I have basic authentication set up (httpd 
> v2.2.0), and it works as I would expect - except that when a user 
> requests a Windows Media file (wmv) from a subordinate page, the 
> client browser prompts again for the user's credentials.

That's the browser doing the prompting.  Which means the *browser* sees the
wmv file as not being within the already-authenticated area.

You need to sort out your URL space.  The internal organisation of Apache
(thngs like directories) is not relevant (except indirectly, when it affects
URL space).

There's a FAQ entry that might be relevant to you.

--
Nick Kew

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org