74 lines
2.2 KiB
ReStructuredText
74 lines
2.2 KiB
ReStructuredText
![]() |
HTTP Basic Authentication
|
|||
|
=========================
|
|||
|
|
|||
|
|image0|
|
|||
|
|
|||
|
Presentation
|
|||
|
------------
|
|||
|
|
|||
|
|
|||
|
.. important::
|
|||
|
|
|||
|
For now, this feature is only supported by Apache
|
|||
|
handler.
|
|||
|
|
|||
|
Extract from the `Wikipedia
|
|||
|
article <http://en.wikipedia.org/wiki/Basic_access_authentication>`__:
|
|||
|
|
|||
|
In the context of an HTTP transaction, the basic access authentication
|
|||
|
is a method designed to allow a web browser, or other client program, to
|
|||
|
provide credentials – in the form of a user name and password – when
|
|||
|
making a request.
|
|||
|
|
|||
|
Before transmission, the username and password are encoded as a sequence
|
|||
|
of base-64 characters. For example, the user name Aladdin and password
|
|||
|
open sesame would be combined as Aladdin:open sesame – which is
|
|||
|
equivalent to QWxhZGRpbjpvcGVuIHNlc2FtZQ== when encoded in Base64.
|
|||
|
Little effort is required to translate the encoded string back into the
|
|||
|
user name and password, and many popular security tools will decode the
|
|||
|
strings "on the fly".
|
|||
|
|
|||
|
So HTTP Basic Authentication is managed trough an HTTP header
|
|||
|
(``Authorization``), that can be forged by LL::NG, with this
|
|||
|
precautions:
|
|||
|
|
|||
|
- Data should not contains accents or special characters, as HTTP
|
|||
|
protocol only allow ASCII values in header (but depending on the HTTP
|
|||
|
server, you can use ISO encoded values)
|
|||
|
- You need to forward the password, which can be the user main password
|
|||
|
(if :doc:`password is stored in session<../passwordstore>`, or any
|
|||
|
user attribute (if you keep secondary passwords in users database).
|
|||
|
|
|||
|
Configuration
|
|||
|
-------------
|
|||
|
|
|||
|
The Basic Authentication relies on a specific HTTP header, as described
|
|||
|
above. So you have just to declare this header for the virtual host in
|
|||
|
Manager.
|
|||
|
|
|||
|
For example, to forward login (``$uid``) and password (``$_password`` if
|
|||
|
:doc:`password is stored in session<../passwordstore>`):
|
|||
|
|
|||
|
::
|
|||
|
|
|||
|
Authorization => "Basic ".encode_base64("$uid:$_password", "")
|
|||
|
|
|||
|
LL::NG provides a special function named
|
|||
|
:doc:`basic<../extendedfunctions>` to build this header.
|
|||
|
|
|||
|
So the above example can also be written like this:
|
|||
|
|
|||
|
::
|
|||
|
|
|||
|
Authorization => basic($uid,$_password)
|
|||
|
|
|||
|
|
|||
|
.. tip::
|
|||
|
|
|||
|
The ``basic`` function will also force conversion from UTF-8
|
|||
|
to ISO-8859-1, which should be accepted by most of HTTP servers.
|
|||
|
|
|||
|
.. |image0| image:: /applications/http_logo.png
|
|||
|
:class: align-center
|
|||
|
|