Forum: Ruby on Rails optional authentication and HTTP Basic

Announcement (2017-05-07): is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see and for other Rails- und Ruby-related community platforms.
8cf6d14fe2c55b53ad7f0301ad379010?d=identicon&s=25 I. E. Smith-Heisters (Guest)
on 2009-01-13 05:02
(Received via mailing list)
Hi all,

I have an app that originally only supported form-based
authentication, and showed pared-down content to unauthenticated
users. I then layered on HTTP Basic authentication using
authenticate_with_http_basic, which worked fine for scripts like LWP/

However, some web browsers refuse to submit credentials in the URL
(eg. since they never get a
challenge (401) response, since authentication is purely optional.
This is a bigger problem than one might expect, since there's a
desktop client in development that requires the ability to login with
HTTP Basic URL auth.

They way I hacked around it was to create an action that looks like

  def challenge
    authenticate_or_request_with_http_basic APP_NAME do |login,
      @user = User.authenticate(login, password)
    if @user
      self.current_user = @user

so browser clients (including the problematic desktop client) can GET to do explicit HTTP
basic auth.

Is there a better way to do this?

This topic is locked and can not be replied to.