SitePoint Sponsor

User Tag List

Results 1 to 12 of 12
  1. #1
    SitePoint Enthusiast
    Join Date
    Oct 2007
    Posts
    56
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    HTTP Authentication via Perl

    I'm trying to get a Perl script to authenticate and then redirect into the restricted directory without prompting the user for a password. The following code or method does not work and would appreciate any suggestions.

    I don't know if there's a problem with the "credentials" method or the way I'm trying to get to the restricted directory.

    I know this looks pointless, but it's just one part of something else.

    When it redirects, it still prompts the user for a login & password.

    Restricted Directory: http://www.mydomain.com/temp/
    Realm Name: Protected
    Username: test
    Password: test

    Code:

    Code:
    #!/usr/bin/perl
    
    #
    ====
    
    require 'cgi.pm';
    use CGI::Carp qw(fatalsToBrowser);
    require LWP::UserAgent;
    
    my $url = 'http://www.mydomain.com/temp/';
    
    use LWP 5.64;
      my $browser = LWP::UserAgent->new;
      $browser->credentials(
      'www.mydomain.com:80',
      'Protected',
      'test' => 'test'
    );
      print "Location: ".$url."\n\n";

  2. #2
    Guru in training bronze trophy SoulScratch's Avatar
    Join Date
    Apr 2006
    Location
    Maryland
    Posts
    1,838
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    How exactly are you restricting it in the first place? Apache? Do you have access to update this at all?
    Cross browser css bugs

    Dan Schulz you will be missed

  3. #3
    SitePoint Enthusiast
    Join Date
    Oct 2007
    Posts
    56
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yes, Apache.

    I have total access.

  4. #4
    Guru in training bronze trophy SoulScratch's Avatar
    Join Date
    Apr 2006
    Location
    Maryland
    Posts
    1,838
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Ok. I don't think it's possible to override the server default because initially that directory was set as protected.

    Why not just have an index page for that directory with a login, and cookies and possibly even an IP check so you don't have to login, but it wouldn't let anyone else go in?
    Cross browser css bugs

    Dan Schulz you will be missed

  5. #5
    SitePoint Enthusiast
    Join Date
    Oct 2007
    Posts
    56
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by SoulScratch View Post
    Ok. I don't think it's possible to override the server default because initially that directory was set as protected.

    Why not just have an index page for that directory with a login, and cookies and possibly even an IP check so you don't have to login, but it wouldn't let anyone else go in?
    What I have is a cgi/perl based system that lets a user self-register and then it sets a cookie. It's not a complete system... it's just a means to get the cookie set so some other system can read it and do the authentication.

    Now to secure the directory, I wanted to use HTTP Authentication with a generic login/password.

    My thinking was to write a perl script to just check the cookie and then use the generic apache login to get into the secure directory.

    I'm also trying to make this system properly fail when Javascript is disabled and also kick people out when they try to access a restricted page via a bookmark.

    At this point, I could not get the method above to work since the login is for the "virtual" browser within the perl environment. But I did get an Ajax based script to do the HTTP login, very transparently.

    My new thought is to now use a Javascript to check for the cookie and then do the HTTP login with Ajax in the browser. The only remaining issue is how to handle people coming in from a bookmarked link without the ugly HTTP Auth box popping up... and I don't think that's possible.

  6. #6
    SitePoint Wizard bronze trophy KevinR's Avatar
    Join Date
    Nov 2004
    Location
    Moon Base Alpha
    Posts
    1,053
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    This code can't work:

    #!/usr/bin/perl

    #
    ====

    require 'cgi.pm';
    use CGI::Carp qw(fatalsToBrowser);
    require LWP::UserAgent;

    my $url = 'http://www.mydomain.com/temp/';

    use LWP 5.64;
    my $browser = LWP::UserAgent->new;
    $browser->credentials(
    'www.mydomain.com:80',
    'Protected',
    'test' => 'test'
    );
    print "Location: ".$url."\n\n";

    All it will do is print the url in the Location at the end. The authentication part of the code is not doing anything useful. You have to keep working with your object, $browser, to get into the protected directory. Unfortunately I don't know how to do it myslef. Ask on www.perlmonks.com

  7. #7
    SitePoint Enthusiast
    Join Date
    Oct 2007
    Posts
    56
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by KevinR View Post
    This code can't work:

    #!/usr/bin/perl

    #
    ====

    require 'cgi.pm';
    use CGI::Carp qw(fatalsToBrowser);
    require LWP::UserAgent;

    my $url = 'http://www.mydomain.com/temp/';

    use LWP 5.64;
    my $browser = LWP::UserAgent->new;
    $browser->credentials(
    'www.mydomain.com:80',
    'Protected',
    'test' => 'test'
    );
    print "Location: ".$url."\n\n";

    All it will do is print the url in the Location at the end. The authentication part of the code is not doing anything useful. You have to keep working with your object, $browser, to get into the protected directory. Unfortunately I don't know how to do it myslef. Ask on www.perlmonks.com
    You are correct.. is does not authenticate the real browser, only the virtual browser which is no good to me. I can do with Ajax but not in perl.

    However, the last line is perfectly valid for auto-directing your browser to another page. I've used it in other perl scripts.

  8. #8
    SitePoint Wizard bronze trophy KevinR's Avatar
    Join Date
    Nov 2004
    Location
    Moon Base Alpha
    Posts
    1,053
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I know the last line is valid, but its not helping with anything in your script. You need to find a method that you can tell $browser to execute to get into the directory once you've gotten/set the credentials. Like I suggested, ask on www.perlmonks.com or wait here and see if someone is familiar enough with LWP::UserAgent to know how to do this.

  9. #9
    SitePoint Enthusiast
    Join Date
    Oct 2007
    Posts
    56
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by KevinR View Post
    I know the last line is valid, but its not helping with anything in your script. You need to find a method that you can tell $browser to execute to get into the directory once you've gotten/set the credentials. Like I suggested, ask on www.perlmonks.com or wait here and see if someone is familiar enough with LWP::UserAgent to know how to do this.
    Ahh.. ok, got it. Thank-you!

  10. #10
    SitePoint Enthusiast
    Join Date
    Oct 2007
    Posts
    56
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Earlier I found a way to retrieve the page from the secure area and display it in the browser. The main downside was that the URL was the path to the CGI script and not a true URL to the actual page.

    Upon reflection, that's not really a downside. That will prevent users from being able to bookmark the page (which is what I wanted). If they do and return later, the script can be written to automatically redirect them to the login page.

    Here's what's working regarding the perl auto-authorization and loading of the secure page...

    Code:
    #!/usr/bin/perl
    # ===========================
    
    use LWP::UserAgent;
    $ua = new LWP::UserAgent;
    my $req = HTTP::Headers->new;
    
    $req = HTTP::Request->new(GET => 'http://www.mydomain.com/temp/');
    $req->authorization_basic('test', 'test');
    print "Content-type: text/html\n\n";
    my $response = $ua->request($req);
    print $response->content;

  11. #11
    SitePoint Wizard bronze trophy KevinR's Avatar
    Join Date
    Nov 2004
    Location
    Moon Base Alpha
    Posts
    1,053
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You might want to look into WWW::Mechanize also

  12. #12
    SitePoint Enthusiast
    Join Date
    Oct 2007
    Posts
    56
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by KevinR View Post
    You might want to look into WWW::Mechanize also
    That's an excellent point.

    I saw that during my research and can't remember the issue I had with it, however it does look very similar to what I'm currently doing.

    Thanks for reminding me though... perhaps I'll need it if I get stuck with LWP.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •