authentication being passed to php

nginx.mailinglist nginx.mailinglist at xinio.info
Thu Jul 23 15:29:01 MSD 2009 

Hmm
sorry for mix up i think i confused myself

whatever happened i now get the following entries in my php's $_SERVER


[HTTP_AUTHORIZATION] => Basic dGVzdDEyMzphYmM1Njc=
[PHP_AUTH_USER] => test123
[PHP_AUTH_PW] => abc567


which is exactly what i wanted, i can take the above values now and perfrom
authentication against the database

sorry for all the confusion
i dont think this was an issue at all in first place
just my tests were wrong

thanks for the prompt help



On Thu, Jul 23, 2009 at 12:13 PM, István <leccine at gmail.com> wrote:

> he is mixing up two different things
>
> http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html
>
> 14.8 Authorization
>
>       A user agent that wishes to authenticate itself with a server--
>       usually, but not necessarily, after receiving a 401 response--does
>       so by including an Authorization request-header field with the
>
>       request.  The Authorization field value consists of credentials
>       containing the authentication information of the user agent for
>       the realm of the resource being requested.
>
>           Authorization  = "Authorization" ":" credentials
>
>       HTTP access authentication is described in "HTTP Authentication:
>       Basic and Digest Access Authentication" [43] <http://www.w3.org/Protocols/rfc2616/rfc2616-sec17.html#bib43>. If a request is
>
>       authenticated and a realm specified, the same credentials SHOULD
>       be valid for all other requests within this realm (assuming that
>       the authentication scheme itself does not require otherwise, such
>
>       as credentials that vary according to a challenge value or using
>       synchronized clocks).
>
>       When a shared cache (see section 13.7) receives a request
>       containing an Authorization field, it MUST NOT return the
>       corresponding response as a reply to any other request, unless one
>       of the following specific exceptions holds:
>
>       1. If the response includes the "s-maxage" cache-control
>          directive, the cache MAY use that response in replying to a
>          subsequent request. But (if the specified maximum age has
>
>          passed) a proxy cache MUST first revalidate it with the origin
>          server, using the request-headers from the new request to allow
>          the origin server to authenticate the new request. (This is the
>
>          defined behavior for s-maxage.) If the response includes "s-
>          maxage=0", the proxy MUST always revalidate it before re-using
>          it.
>
>       2. If the response includes the "must-revalidate" cache-control
>          directive, the cache MAY use that response in replying to a
>          subsequent request. But if the response is stale, all caches
>
>          MUST first revalidate it with the origin server, using the
>          request-headers from the new request to allow the origin server
>          to authenticate the new request.
>
>       3. If the response includes the "public" cache-control directive,
>          it MAY be returned in reply to any subsequent request.
>
>
>
> 2009/7/23 Igor Sysoev <is at rambler-co.ru>
>
>> On Thu, Jul 23, 2009 at 11:22:19AM +0100, nginx.mailinglist wrote:
>>
>> > Thank you
>> > I see that works fine for that particular user:pass combo
>> >
>> > but (sorry to be a pain)
>> >
>> > that means i have to encode the user:pass combination into the config
>> file
>> >
>> > what happens if there are thousands of user:pass combinations?
>> >
>> > how can this info be dynamically passed to the php backend for
>> > authentication to occur there (by looking up in a database for example)?
>> >
>> > i cant be updating the config file everytime a new user is added that
>> can be
>> > crazy especially if there are thousands or more users
>> >
>> > Regards
>> >
>> > edit: i google and found this old email conversation on nginx
>> mailinglist
>> >
>> http://markmail.org/message/tl7h2fclizgptwnr#query:NGINX%20PHP%20AUTHENTICATION+page:1+mid:f3xw2gjllat6urff+state:results
>>
>> I do not understand your problem.
>> nginx passes client's user:pass in Authorization header transparently.
>>
>> > 2009/7/23 Igor Sysoev <is at rambler-co.ru>
>> >
>> > > On Thu, Jul 23, 2009 at 10:50:12AM +0100, nginx.mailinglist wrote:
>> > >
>> > > > Hello
>> > > > just a quick question
>> > > >
>> > > > in lighttpd i was able to pass the username and pass from the url to
>> php
>> > > > backend
>> > > >
>> > > > but nothing happens in nginx?
>> > > >
>> > > > let me explain
>> > > >
>> > > >
>> > > > lets say you have a URL like this
>> > > >
>> > > > http://userX:passY@example.com/bleh.php
>> > > >
>> > > >
>> > > > i expect my php backend to have user and pass entries in the
>> $_SERVER
>> > > > variable as happens with lighttpd
>> > > >
>> > > > am i missing something with nginx? is it even possible?
>> > >
>> > > $echo userX:passY | perl -MMIME::Base64 -lne 'print encode_base64 $_'
>> > > dXNlclg6cGFzc1k=
>> > >
>> > >      proxy_pass http://example.com/bleh.php;
>> > >      proxy_set_header  Authorization "Basic dXNlclg6cGFzc1k=";
>> > >
>> > >
>> > > --
>> > > Igor Sysoev
>> > > http://sysoev.ru/en/
>> > >
>> > >
>>
>> --
>> Igor Sysoev
>> http://sysoev.ru/en/
>>
>>
>
>
> --
> the sun shines for all
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://nginx.org/pipermail/nginx/attachments/20090723/29c1afb2/attachment.html>

More information about the nginx mailing list