Authorization Issues


  • Anonymous

    I was using this class with a certain program that contains a web server built by the same company. 

    No matter what, I could not get Snoopy to authenticate with this server (basic auth).  Every time it would return 401 unauthorized.  Eventually I read the http spec and noticed the header is supposed to be:

    Authorization: Basic (base64 encoded user:pass)

    Snoop uses Authorization: BASIC not Authorization: Basic.  As soon as I corrected this to mixed case it worked fine.

    Weird stuff.  Keep this in mind if you have auth problems.



    • Anonymous

      From the RFC:

      Franks, et al.              Standards Track                     [Page 5]

      RFC 2617                  HTTP Authentication                  June 1999

                             except not limited to 76 char/line>
            user-pass   = userid ":" password
            userid      = *<TEXT excluding ":">
            password    = *TEXT

         Userids might be case sensitive.

         If the user agent wishes to send the userid "Aladdin" and password
         "open sesame", it would use the following header field:

            Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==

         A client SHOULD assume that all paths at or deeper than the depth of
         the last symbolic element in the path field of the Request-URI also
         are within the protection space specified by the Basic realm value of
         the current challenge. A client MAY preemptively send the
         corresponding Authorization header with requests for resources in
         that space without receipt of another challenge from the server.
         Similarly, when a client sends a request to a proxy, it may reuse a
         userid and password in the Proxy-Authorization header field without
         receiving another challenge from the proxy server. See section 4 for
         security considerations associated with Basic authentication.

    • r2rien

      <quote> may reuse a
      userid and password in the Proxy-Authorization header field...

      well, to avoid a 407 error code
      - with a webserver behind a squid proxy (Squid/2.4.STABLE6) -
      I NEEDED to append this header field within the _httprequest() Function after line 793 as below:

      <appended code>
      $headers .= "Proxy-Authorization: Basic ".base64_encode($this->user.":".$this->pass)."\r\n";
      </appended code>

      hope it helps using this useful class with squid...