You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Dave Beach <dr...@rogers.com> on 2006/01/02 23:57:57 UTC

[users@httpd] Authentication realms

Hi list!

I'm having a small problem. I have basic authentication set up (httpd
v2.2.0), and it works as I would expect - except that when a user requests a
Windows Media file (wmv) from a subordinate page, the client browser prompts
again for the user's credentials. When correctly re-entered, the wmv file is
served up and plays in the browser. If not entered, or incorrectly entered,
the file is not served up and the client browser (IE 6) issues an
authentication error.

I would have expected no such secondary authentication prompt, as the file
is found in a directory subordinate to the one established for the
authentication realm in the httpd.conf file.

I'm not sure if this is a client browser issue, a Windows Media Player
issue, or an apache issue. I'm hoping this question has been asked and
answered before, but a fairly extensive google search has not seemed to
reveal anything relevant, and the FAQ doesn't seem to address this issue.

What am I missing? Are there relevant parts of my httpd.conf file that might
be useful to post?

Thanks in advance for any pointers or assistance.

RE: [users@httpd] R: [users@httpd] Authentication realms

Posted by Dave Beach <dr...@rogers.com>.
Interesting. Right-clicking and saving the file from the browser works. A
left-click to open it directly doesn't. Hmm. 

-----Original Message-----
From: Sebastian Gil [mailto:sgil@ceisasp.com] 
Sent: January 3, 2006 9:41 AM
To: users@httpd.apache.org
Subject: [users@httpd] R: [users@httpd] Authentication realms

Is this happening when you download the file or when you try to open it
directly from the browser? Maybe it's a problem with the media player plugin


-----Messaggio originale-----
Da: Dave Beach [mailto:drbeach@rogers.com]
Inviato: martedì 3 gennaio 2006 15.34
A: users@httpd.apache.org
Oggetto: RE: [users@httpd] Authentication realms

Thanks for the reply. I've been through the FAQ again, and don't see where
URL space is relevant (although I'm sure that's a deficiency in my
understanding).

Consider www.foo.com (hypothetically - I've just realized that's actually a
real site), and that /usr/local/apache2/htdocs is set as AuthName "bar" in
httpd.conf. Everything behaves perfectly as expected, except a link to
/usr/local/apache2/htdocs/foobar/foobar.wmv causes a re-prompt for
authentication credentials. In the client popup, the user is advised that a
password is required for www.foo.com. The link that causes this is from
/usr/local/apache2/htdocs/index.htm, and merely points to
"foobar/foobar.wmv". For every other link and file on the server,
authentication seems to be working exactly the way I would have expected.
For example, a link that points to "foobar/picture.jpg" does not cause an
authentication re-prompt.

I realize I'm repeating myself here, but I'm trying to illustrate that I'm
not sure how this is a URL space issue. I've re-looked at the FAQ again, and
made two changes - I set UseCanonicalName to off in httpd.conf, and I added
an .htaccess file in /usr/local/apache2/htdocs/foobar that simply repeats
"AuthName "bar"".

Still no joy.

I appreciate your patience; perhaps a slightly more detailed pointer would
nudge me in the right direction.



-----Original Message-----
From: Nick Kew [mailto:nick@webthing.com]
Sent: January 3, 2006 2:24 AM
To: users@httpd.apache.org
Subject: Re: [users@httpd] Authentication realms

On Monday 02 January 2006 22:57, Dave Beach wrote:
> Hi list!
>
> I'm having a small problem. I have basic authentication set up (httpd 
> v2.2.0), and it works as I would expect - except that when a user 
> requests a Windows Media file (wmv) from a subordinate page, the 
> client browser prompts again for the user's credentials.

That's the browser doing the prompting.  Which means the *browser* sees the
wmv file as not being within the already-authenticated area.

You need to sort out your URL space.  The internal organisation of Apache
(thngs like directories) is not relevant (except indirectly, when it affects
URL space).

There's a FAQ entry that might be relevant to you.

--
Nick Kew

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

[users@httpd] R: [users@httpd] Authentication realms

Posted by Sebastian Gil <sg...@ceisasp.com>.
Is this happening when you download the file or when you try to open it
directly from the browser? Maybe it's a problem with the media player plugin


-----Messaggio originale-----
Da: Dave Beach [mailto:drbeach@rogers.com] 
Inviato: martedì 3 gennaio 2006 15.34
A: users@httpd.apache.org
Oggetto: RE: [users@httpd] Authentication realms

Thanks for the reply. I've been through the FAQ again, and don't see where
URL space is relevant (although I'm sure that's a deficiency in my
understanding).

Consider www.foo.com (hypothetically - I've just realized that's actually a
real site), and that /usr/local/apache2/htdocs is set as AuthName "bar" in
httpd.conf. Everything behaves perfectly as expected, except a link to
/usr/local/apache2/htdocs/foobar/foobar.wmv causes a re-prompt for
authentication credentials. In the client popup, the user is advised that a
password is required for www.foo.com. The link that causes this is from
/usr/local/apache2/htdocs/index.htm, and merely points to
"foobar/foobar.wmv". For every other link and file on the server,
authentication seems to be working exactly the way I would have expected.
For example, a link that points to "foobar/picture.jpg" does not cause an
authentication re-prompt.

I realize I'm repeating myself here, but I'm trying to illustrate that I'm
not sure how this is a URL space issue. I've re-looked at the FAQ again, and
made two changes - I set UseCanonicalName to off in httpd.conf, and I added
an .htaccess file in /usr/local/apache2/htdocs/foobar that simply repeats
"AuthName "bar"".

Still no joy.

I appreciate your patience; perhaps a slightly more detailed pointer would
nudge me in the right direction.



-----Original Message-----
From: Nick Kew [mailto:nick@webthing.com] 
Sent: January 3, 2006 2:24 AM
To: users@httpd.apache.org
Subject: Re: [users@httpd] Authentication realms

On Monday 02 January 2006 22:57, Dave Beach wrote:
> Hi list!
>
> I'm having a small problem. I have basic authentication set up (httpd 
> v2.2.0), and it works as I would expect - except that when a user 
> requests a Windows Media file (wmv) from a subordinate page, the 
> client browser prompts again for the user's credentials.

That's the browser doing the prompting.  Which means the *browser* sees the
wmv file as not being within the already-authenticated area.

You need to sort out your URL space.  The internal organisation of Apache
(thngs like directories) is not relevant (except indirectly, when it affects
URL space).

There's a FAQ entry that might be relevant to you.

--
Nick Kew

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

RE: [users@httpd] Authentication realms

Posted by Dave Beach <dr...@rogers.com>.
Thanks for the reply. I've been through the FAQ again, and don't see where
URL space is relevant (although I'm sure that's a deficiency in my
understanding).

Consider www.foo.com (hypothetically - I've just realized that's actually a
real site), and that /usr/local/apache2/htdocs is set as AuthName "bar" in
httpd.conf. Everything behaves perfectly as expected, except a link to
/usr/local/apache2/htdocs/foobar/foobar.wmv causes a re-prompt for
authentication credentials. In the client popup, the user is advised that a
password is required for www.foo.com. The link that causes this is from
/usr/local/apache2/htdocs/index.htm, and merely points to
"foobar/foobar.wmv". For every other link and file on the server,
authentication seems to be working exactly the way I would have expected.
For example, a link that points to "foobar/picture.jpg" does not cause an
authentication re-prompt.

I realize I'm repeating myself here, but I'm trying to illustrate that I'm
not sure how this is a URL space issue. I've re-looked at the FAQ again, and
made two changes - I set UseCanonicalName to off in httpd.conf, and I added
an .htaccess file in /usr/local/apache2/htdocs/foobar that simply repeats
"AuthName "bar"".

Still no joy.

I appreciate your patience; perhaps a slightly more detailed pointer would
nudge me in the right direction.



-----Original Message-----
From: Nick Kew [mailto:nick@webthing.com] 
Sent: January 3, 2006 2:24 AM
To: users@httpd.apache.org
Subject: Re: [users@httpd] Authentication realms

On Monday 02 January 2006 22:57, Dave Beach wrote:
> Hi list!
>
> I'm having a small problem. I have basic authentication set up (httpd 
> v2.2.0), and it works as I would expect - except that when a user 
> requests a Windows Media file (wmv) from a subordinate page, the 
> client browser prompts again for the user's credentials.

That's the browser doing the prompting.  Which means the *browser* sees the
wmv file as not being within the already-authenticated area.

You need to sort out your URL space.  The internal organisation of Apache
(thngs like directories) is not relevant (except indirectly, when it affects
URL space).

There's a FAQ entry that might be relevant to you.

--
Nick Kew

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Authentication realms

Posted by Nick Kew <ni...@webthing.com>.
On Monday 02 January 2006 22:57, Dave Beach wrote:
> Hi list!
>
> I'm having a small problem. I have basic authentication set up (httpd
> v2.2.0), and it works as I would expect - except that when a user requests
> a Windows Media file (wmv) from a subordinate page, the client browser
> prompts again for the user's credentials.

That's the browser doing the prompting.  Which means the *browser*
sees the wmv file as not being within the already-authenticated area.

You need to sort out your URL space.  The internal organisation of
Apache (thngs like directories) is not relevant (except indirectly,
when it affects URL space).

There's a FAQ entry that might be relevant to you.

-- 
Nick Kew

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org