Finally received some attention from Adobe and got an answer on this. The problem with long HTTP Authentication headers is that, by default, the Base64Encoder class will inject newline characters every 72 characters. Obviously that causes a chunk of the base-64 encoded string to be interpreted as a new header attribute, which causes the error. … Read more
Custom error responses are really quite easy in Flask. Create a function whose only argument is the HTTP error status code, make it return a flask.Response instance, and decorate it with @app.errorhandler. @app.errorhandler(401) def custom_401(error): return Response(‘<Why access is denied string goes here…>’, 401, {‘WWW-Authenticate’:’Basic realm=”Login Required”‘}) You can then use abort(401) to your heart’s … Read more
Putting this information here for future readers’ benefit. 401 (Unauthorized) response header -> Request authentication header Here are several WWW-Authenticate response headers. (The full list is at IANA: HTTP Authentication Schemes.) WWW-Authenticate: Basic-> Authorization: Basic + token – Use for basic authentication WWW-Authenticate: NTLM-> Authorization: NTLM + token (2 challenges) WWW-Authenticate: Negotiate -> Authorization: Negotiate … Read more
For just supporting basic auth on some requests (and not mucking with the web server — which is how someone might interpret your question title), you will want to look here: http://www.djangosnippets.org/snippets/243/
AFNetworking 2.0 new architecture use serializers for creating requests and parsing responses. In order to set the authorization header, you should first initialize a request operation manager that replaces the AFHTTPClient, create a serializer and then call the dedicated method to set the header. For example you code would become: AFHTTPRequestOperationManager *manager = [[AFHTTPRequestOperationManager alloc] … Read more
You just need to encode special characters like that before passing them as part of the URL, so @ would need to be passed as %40, eg: https://user:password%40www.example.com (I typically use this – http://meyerweb.com/eric/tools/dencoder/ – for my en/decoding needs.)
There is a ‘sensible way’ to use HTTP Basic Auth in CGI-mode PHP: in the .htaccess use RewriteRule .* – [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] and in the PHP use list($_SERVER[‘PHP_AUTH_USER’], $_SERVER[‘PHP_AUTH_PW’]) = explode(‘:’, base64_decode(substr($_SERVER[‘HTTP_AUTHORIZATION’], 6)));
I think that you are after this $username = $_SERVER[‘PHP_AUTH_USER’]; $password = $_SERVER[‘PHP_AUTH_PW’];
I’ve found through debugging requests coming in from JMeter that the HTTP Authorization Manager module doesn’t encode the username and password correctly. It puts a newline character after the username. To run a JMeter test against a Basic Auth protected endpoint, include the HTTP Header Manager and add the Basic Auth header yourself: Manually Encoding … Read more
Here’s how I did it: from django.test import Client import base64 auth_headers = { ‘HTTP_AUTHORIZATION’: ‘Basic ‘ + base64.b64encode(‘username:password’), } c = Client() response = c.get(‘/my-protected-url/’, **auth_headers) Note: You will also need to create a user.