http-authentication

问题 I have 2 pages: xyz.com/a and xyz.com/b . I can only access xyz.com/b if and only if I login to xyz.com/a first. If accessing xyz.com/b without going through the other, I simply get access denied (no redirect to login) via the browser. Once I login at xyz.com/a , I can access the other. My problem is doing this using the curl command. I can login successfully to xyz.com/a using curl, but then try xyx.com/b and I get access denied. I use the following: curl --user user:pass https://xyz.com/a

问题 My web application has a login page that submits authentication credentials via an AJAX call. If the user enters the correct username and password, everything is fine, but if not, the following happens: The web server determines that although the request included a well-formed Authorization header, the credentials in the header do not successfully authenticate. The web server returns a 401 status code and includes one or more WWW-Authenticate headers listing the supported authentication types

问题 I have a .NET client application that needs to communicate with a server using two distinct user credentials. Lets say that the application runs two threads. When start running, every thread sends the user & password to authenticate and the server in return stores a cookie on the http session. The subsequent calls send the authentication cookie and not the user credentials. We have two cookies for the same process. How does wininet "knows" to send the appropriate cookie for each thread? Does

问题 I'm doing HTTP basic authentication via .htaccess, and I need to logout; is this possible? Thanks. 回答1: Per the Wikipedia Basic access authentication page (in the Disadvantages section): there is no effective way for a server to "log out" the user without closing the browser. This is because the server doesn't keep track of who is logged in. Instead, the browser sends authentication credentials on every request to the server. 来源： https://stackoverflow.com/questions/7668875/how-to-logout-of

问题 In PHP I'm trying to create a basic HTTP authentication login (the one that pops up). Its my understanding this is done through a header, and this is my header: header("WWW-Authenticate: Basic realm='Secure Area'"); After that, I check to see if the input username or password is incorrect, and if it is I execute one function or another: if ($_SERVER["PHP_AUTH_USER"] != $username || $_SERVER["PHP_AUTH_PW"] != $password) { quit(); } else { main(); } However, when I test my code, and I enter the

问题 I have a Wordpress site, and I am using the API of a 3rd party searchprovider which uses Basic HTTP Authentication. When the user searches on my site, a JS submits the search request to the 3rd party search provider, which returns the results if authenticated, if not it asks for user authentication. Now, the customer does not want to have the authentication process, but all users who visit my page should be automatically authenticated for the 3rd party search provider (LDC search). I managed

问题 How do I authenticate via HTTP in Android? 回答1: I face very much dificuly to authenticate via HTTP in Android as in browser (web and Android native) it worked perfect and ask for credentials but this scene is not in code. so here is the code I used. URL url = new URL("YOUR URL HERE"); Authenticator.setDefault(new Authenticator(){ @Override protected PasswordAuthentication getPasswordAuthentication() { System.err.println("Feeding username and password for " + getRequestingScheme()); return

问题 I'm trying to authenticate an android client app to my server ruby on rails app which uses Devise gem. But I've tried http authentication, and post requests to authenticate, and the server just responds 200 for any given username/password. I've already set up the config.http_authenticatable = true and the :database_authenticable at the user model... I'll post my authenticate method so u guys can have a look on it... public static boolean authenticate(User user, String verb) throws IOException

问题 How do you determine if a REST webservice is using Basic, Kerberos, NTLM, or one of the many other authentication methods? 回答1: When you send an unauthenticated request the service has to respond with a "HTTP/1.1 401 Unauthorized" and the response contains a WWW-Authenticate header that specifies what authentication scheme is expected ( Basic , Digest ), the security realm and any other specific value (like Digets's nonce). So if the server responds with: HTTP/1.0 401 Unauthorized WWW

问题 Is there a way for a java web app to get information on the security certificates installed on one's machine via a http request and selectively grant access if a particular certifiicate is installed on the machine. Basically the requirement is, the web application should entertain request only from a company laptop else must deny access with appropriate error text. (These could be win laptops with certain certifcates installed on their machine or they can be from a certain set of static ips.)