basic-authentication

When passing username and password encoded in URL, eg: https://Aladdin:OpenSesame@www.example.com/index.html Is the client in fact sending this in Authorization header? What kind of processing is needed on server side for this kind of URL encoding? Is the client in fact sending this in Authorization header? It depends on what the client is. If the client is a browser, the answer is no. Here is the experiment result: In Chrome, no authorization header is sent. In Firefox, no authorization header is sent. Firefox will also prompt a confirm dialog, as proactively sending authenticate information

I have a spring boot application running with spring security using basic auth. When proper basic auth credentials are supplied, everything is good, but for incorrect auth credentials, spring comes up with a HttpRequestMethodNotSupportedException: Request method 'POST' not supported exception. According to the logs, the authentication failure has been identified by spring, but that's not what comes out. 2015-08-12 09:33:10.922 INFO 16988 --- [nio-8080-exec-4] o.s.b.a.audit.listener.AuditListener : AuditEvent [timestamp=Wed Aug 12 09:33:10 AEST 2015, principal=anonymousUser, type=AUTHORIZATION

I have an apache in frontend that redirect a request via a rewrite rule. I have to put a basic authentication before redirect a request, so I put this in the config file: <VirtualHost *:443> ServerAdmin xxxxxx DocumentRoot /var/www/html/ ServerName xxxxxxx RewriteEngine on ErrorLog logs/error.log CustomLog logs/access_log common <Directory /var/www/html/> AuthType Basic AuthName "Restricted Files" AuthUserFile /etc/httpd/conf/tag.pwd Require valid-user RewriteRule ^/(.*) http://xxxxxx:xxx/$1 [P,L] </Directory> </VirtualHost> But doesn't work. Any suggestions? In general, Apache does the

is there a way to only use http_basic_authenticate_with :name => 'user', :password => 'secret' when the server is running on production mode? Yes, try: class ApplicationController < ActionController::Base before_filter :authenticate def authenticate if Rails.env.production? authenticate_or_request_with_http_basic do |username, password| username == "user" && password == "%$§$§" end end end end Just add this to your example http_basic_authenticate_with :name => 'user', :password => 'secret' if Rails.env.production? authenticate_or_request_with_http_basic do |username, password| username ==

i want to allow access to Anonymous.aspx page to all user, i have set Basic Authentication to Enabled , and Connect as to specific user . my problem is when trying to access http://MyIPAddress/MyAlias/Anonymous.aspx , authentication popup appears--ideally it shouldn't, and when i close popup, getting 401.2 Unauthorized error --it's obvious Error Summary HTTP Error 401.2 - Unauthorized You are not authorized to view this page due to invalid authentication headers. Error Code 0x80070005 below is snap of my web.config file. <configuration> <system.web> <authentication mode=“Windows“/> </system

I have a phonegap app w/ jQuery 1.9.1 Worked great as long as the username doesn't have '@' symbol in it (like in email addresses). It only fails on iOS. I suspect it's probably not urlencoding the @ sign or something. iPhone , it never hits any callbacks (done, fail or always), Wireshark shows request doesn't get to the server . Chrome Desktop : works fine. Android , works fine. $.ajax({ url: "https://" + this.hostname + "/alertusmw/services/rest/" + endPoint, type: method, dataType: 'json', contentType: 'application/com.alertus-v1.0+json', cache:false, username: this.username, password: this