Forum: Ruby on Rails iCal / Authentication / Site5 ?

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
Josh on Rails (Guest)
on 2006-05-03 21:09
(Received via mailing list)
So, I'm working on adding iCal support to my app. Since I want to
restrict
users to their own calendars, form-based authentication isn't going to
work,
so I'm using the Basic HTTP Authorization from this page -
http://blogs.23.nu/c0re/stories/7409/

Everything works fine in my dev machine, but on the server (Site5), I
get
the login prompt ad infinitum.

Has anyone run into this? Have other suggestions I could try?

Chasing down another theory, I noticed that "HTTP_AUTHORIZATION" doesn't
appear in request.en -- is it possible/likely that's the source of my
problem?



Thanks!
Josh on Rails (Guest)
on 2006-05-03 21:09
(Received via mailing list)
It looks like this is the issue:

http://wiki.rubyonrails.com/rails/pages/HowtoAuthe...
> If you are using Apache and mod_fastcgi, this method will likely not  work
> out of the box. Apache does not allow CGI scripts access to HTTP
> authorization headers by default. You will need to configure FastCGI  to pass
> the Authorization header to your scripts 
<http://www.fastcgi.com/mod_fastcgi/docs/mod_fastcg...  .
> Short version: add |-pass-header Authorization| to the FastCgiServer  startup
> directive, or |FastCgiConfig -pass-header Authorization|, for  Apache 2, or
> |-pass-header HTTP_AUTHORIZATION| for Apache 1. For this,  you will need
> access to apache's config file.

I've tried the suggested modification to htaccess (eg,
E=X-HTTP_AUTHORIZATION:%{HTTP:Authorization}), but I get an odd
request.env:

"REDIRECT_X_HTTP_AUTHORIZATION"=>""
Dan K. (Guest)
on 2006-05-03 21:09
(Received via mailing list)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Josh,

> Everything works fine in my dev machine, but on the server (Site5),
> I get the login prompt ad infinitum.
>
> Has anyone run into this? Have other suggestions I could try?
>
> Chasing down another theory, I noticed that "HTTP_AUTHORIZATION"
> doesn't appear in request.en -- is it possible/likely that's the
> source of my problem?

When writing CGI's I've fixed the problem with two approaches.  I'm not
entirely sure it will work with FastCGI, but its worth a try.

The first approach is to recompile Apache and tell it to set the
HTTP_AUTHORIZATION environment variable when possible:

   http://httpd.apache.org/dev/apidoc/
apidoc_SECURITY_HOLE_PASS_AUTHORIZATION.html

The second approach is similar to the one you tried.  I simply add the
following three lines into the .htaccess, or in the httpd.conf inside
a <Location> or <Directory> tag:

   RewriteEngine On
   RewriteCond %{HTTP:Authorization} (.*) [NC]
   RewriteRule .*                    -    [E=HTTP_AUTHORIZATION:%1]

- --

Thanks,

Dan
__________________________________________________________________

Dan K.
Autopilot Marketing Inc.

Email: removed_email_address@domain.invalid
Phone: 1 (604) 820-0212
Web:   http://autopilotmarketing.com/
vCard: http://autopilotmarketing.com/~dan.kubb/vcard
__________________________________________________________________



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (Darwin)

iD8DBQFEU+ne4DfZD7OEWk0RAp+FAJ4jYejbJDpyFvtfbxOGRZQaJYPQYQCcCNB3
Nlgf6K24Rq8zqZNmoSbEOyY=
=Kxi1
-----END PGP SIGNATURE-----
This topic is locked and can not be replied to.