HPE Community read-only access December 15, 2018
This is a maintenance upgrade. You will be able to read articles and posts, but not post or reply.
Hours:
Dec 15, 4:00 am to 10:00 am UTC
Dec 14, 10:00 pm CST to Dec 15, 4:00 am CST
Dec 14, 8:00 pm PST to Dec 15, 2:00 am PST
Operating System - OpenVMS
cancel
Showing results for 
Search instead for 
Did you mean: 

CSWS authentication in URL ?

 
SOLVED
Go to solution
Willem Grooters
Honored Contributor

CSWS authentication in URL ?

Situation: CSWWS 1.3; CGI script, directoryis defined:


Options Indexes FollowSymLinks Multiviews
Order allow,deny
AllowOverride ALL

AuthType Basic
AuthName "Whatever"
AuthOpenVMSuser On
Require valid-user



Mapping of this directory is /wg/cgi/.

The URL http://server:port/wg/cgi/... requests login, under CSWS control.
However, a non-VMS program wants to access this script over the (internal) network, passing username and password in the URL-header, so the interactive login-sequence by CSWS is bypassed; still, MOD_AUTH_OPENVMS should still check the credentials with VMS. The script and accompanying software will do it's own checks, but only if the user is validated against VMS.

I'm told it should be possible with this setup, but I couldn't find how to specify username and password in the URL.

My question is how do I specify these credentials?

(I know http will send data without encryption, but for the moment, this is no issue (closed network). In the future, we'll use https for transport, but for clearity we would do without to start with)
Willem Grooters
OpenVMS Developer & System Manager
9 REPLIES
Cass Witkowski
Trusted Contributor

Re: CSWS authentication in URL ?

http:/username password/server:port/wg/cpi/
Willem Grooters
Honored Contributor

Re: CSWS authentication in URL ?

That doesn't work, at leastr, not using a browser (used to test)
Willem Grooters
OpenVMS Developer & System Manager
Bojan Nemec
Honored Contributor
Solution

Re: CSWS authentication in URL ?

Willem,

The right syntax for defining username and password in URL is:

http://username:password@hostname:port/

See specification at page 17 of the RFC.

http://www.ietf.org/rfc/rfc1738.txt

Bojan
Willem Grooters
Honored Contributor

Re: CSWS authentication in URL ?

Thanks Bojan, just a minor (?) issue. It works for Mozilla, but not in IE6 (and that's what is used in environment)
Willem Grooters
OpenVMS Developer & System Manager
Willem Grooters
Honored Contributor

Re: CSWS authentication in URL ?

I may have found the IE6 issue: For a change, IE seems to adhere to a standard. This RFC states for HTTP:
[quote]
An HTTP URL takes the form:

http://:/?

where and are as described in Section 3.1. If : is omitted, the port defaults to 80. No user name or password is allowed.
[/quote]

Anyway, since it works using FireFox, I can work with it :)
Willem Grooters
OpenVMS Developer & System Manager
Martin Vorlaender
Honored Contributor

Re: CSWS authentication in URL ?

Willem,

>>>
It works for Mozilla, but not in IE6
<<<

IMHO, http://www.end6.org/

cu,
Martin
Bojan Nemec
Honored Contributor

Re: CSWS authentication in URL ?

Willem,

Microsoft explanation:

http://support.microsoft.com/kb/834489

Bojan
Willem Grooters
Honored Contributor

Re: CSWS authentication in URL ?

That explains it.
Willem Grooters
OpenVMS Developer & System Manager
Willem Grooters
Honored Contributor

Re: CSWS authentication in URL ?

See discussion
Willem Grooters
OpenVMS Developer & System Manager