Restful_authentication, Internet Explorer, and unwanted http basic dialog

dacbo · June 27, 2008, 4:59am

I have a fairly bog-standard installation of restful_authentication
and run my app in Rails 2.1. Internet Explorer 6 and 7 are popping up
an http basic authentication dialog instead of doing what all other
browsers do: go to the login page. Any thoughts why?

I’ve modified the following method of authenticated_system.rb, but
there’s no difference before or after.

Before:

def current_user
@current_user ||= (login_from_session || login_from_basic_auth ||
login_from_cookie) unless @current_user == false
end

After:

def current_user
@current_user ||= login_from_session unless @current_user == false
end

Thanks for any help.

dacbo · June 27, 2008, 5:08am

I should qualify that: ‘before’ you can log in with http basic
authentication, but ‘after’ you can’t. My issue is that I don’t want
to see the http basic authentication dialog at all.

dacbo · June 27, 2008, 5:53am

The issue is in this method of authenticated_system.rb:

def access_denied
  respond_to do |format|
    format.html do
      store_location
      redirect_to new_session_path
    end
    format.any do
      request_http_basic_authentication 'Web Password'
    end
  end
end

For some reason Internet Explorer is falling through to format.any -
something’s not quite working with its accept headers, it seems.
Compare:

dacbo · June 27, 2008, 9:43am

Alter access_denied to add this line (right below “def access_denied”):

request.format ||= :html if request.env[‘HTTP_USER_AGENT’] =~ /msie/i

It’s a quick hack but it seems to work fine so far for me. The
problem is, as you’ve stated, IE doesn’t seem to send the right accept
headers (if any) when fetching a URL without an explicit extension in
the URL. For instance if you have a /users/4 URL, it will bring up
the basic authentication dialog, but /users/4.html will correctly
redirect to new_session_path.

-J.

dacbo · May 7, 2009, 6:06am

Chris B. wrote:

I have a fairly bog-standard installation of restful_authentication
and run my app in Rails 2.1. Internet Explorer 6 and 7 are popping up
an http basic authentication dialog instead of doing what all other
browsers do: go to the login page. Any thoughts why?

I’ve modified the following method of authenticated_system.rb, but
there’s no difference before or after.

Before:

def current_user
@current_user ||= (login_from_session || login_from_basic_auth ||
login_from_cookie) unless @current_user == false
end

After:

def current_user
@current_user ||= login_from_session unless @current_user == false
end

Thanks for any help.

I had the same problem. I think that itÂ´s for the Mime Types (I observe
with the debugger that Firefox and IE have differents priorities using
images)…

So I coud fix the problem modifiying the access_denied method from the
lib/AuthenticatedSystem module as follows:

def access_denied
respond_to do |format|
#…particular formats if itÂ´s neccesary
format.any do
store_location
redirect_to new_session_path
end
end
end

I hope this will be useful

Fer
Argentina