1

my last question was about how to implement basic authentication in perl and i got my answer. after that i tried to write my code.i used -status => '401 Not Authorized' in my http header and when i try to open my programm it wants me to enter user and password.in my code i got peice of header with ENV variable that include this username and password and check if it was what i want.my problem is that when i enter user and password in authentication box like below basic authentication

i should click on cancel button to get response header!!so what is ok button here? its my verification code

print header(-type => 'text/html', -status => '401 Not Authorized',
         'WWW-Authenticate' => 'Basic realm="Videos"');

print "<HTML>";
print "<HEAD>";

print "<TITLE>this is Test-Case</TITLE>";
print "</HEAD>";

my $signin = $ENV{HTTP_AUTHORIZATION};
my($basic,$userpass) = split( ' ', $signin );
($userpass,$eq) = split( '=',$userpass );
$userpass = decode_base64($userpass);
my ($user,$pass) =  split( ':',$userpass );
my $query = new CGI;
if($user eq 'aa' and $pass eq 'aa'){
show something
}
else{
     print "wrong user or pass";
}

i tried to use CGI::Auth::Basic before but it doesnt work for me and show error in module.

Thanks for your answers.

i solved my problem after a while so i decided to tell the answer for who have this problem too. you should firs check if $ENV{HTTP_AUTHORIZATION} is defined or not.if its defined you should check the user pass and if its true you print "Content-Type: text/HTML", "\n\n" that means 200ok!and if the ENV not defined you should print print header(-type => 'text/html', -status => '401 Not Authorized','WWW-Authenticate' => 'Basic realm="Videos"') to show the authentication box.

    $signin = $ENV{HTTP_AUTHORIZATION};
    if(defined $signin){
       check user and password here
       if(true user and password){
          print "Content-Type: text/HTML", "\n\n";
          do your all works here
       }
       else{
          wrong password
       }
    }
    else{
         print header(-type => 'text/html', -status => '401 Not   Authorized','WWW-Authenticate' => 'Basic realm="Videos"');
    }
Improve this question
2
  • Your code looks good. Did you try to output the values of each step inbetween ($signin, $basic, $userpass, $user, $pass) to see if everything is as you thought it would be? Commented May 24, 2016 at 5:52
  • @Sebastian yes i print them and all of them are correct.you know my code works fine.but after i click on ok button then cancel button!i want it to work after i click on ok button. Commented May 24, 2016 at 5:56

1 Answer 1

Reset to default
1

HTTP Basic Auth works in two steps:

First step:

  • Browser sends a request
  • Server replies with a full HTTP Response (header, body) with HTTP status code 401
  • Browser shows a (browser-specific) dialog to ask for username and password
  • "OK" on that dialog typicalls starts step 2
  • "Cancel" on that dialog typically shows the response body received earlier - but that depends on the browser implementation. Don't rely on it!

Second step:

  • Browser re-sends the original request again, but adds an Authorization header
  • Server checks username and password and sends a full response (header, body) with either HTTP status code 200 (OK) or 401 (in this case: "username or password wrong, try again")
  • For code 401: See browser behavior for step 1
  • For code 200: Show the website as usual
  • Any other code is also valid: A 302 to redirect the user, a 500 to show an error, etc.

Hope that answers your question. If not, I didn't understand your problem.

Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

this answer help me a little but my problem didnt solve.when i click on OK the original request re-send with Authorization header and browser shows dialog again,against check username and password to send a response header.when i click on cancel,response header recieved!!i dont want to show dialog again.
Do you always send a 401 response code? You must not send it if the authorization succeeded, use a 200 in this case.
i thought this is problem.when should i send 200 OK response header?can you show me a code?thanks
Move your whole print block below the auth check and remove that -status => '401 Not Authorized' in case auth was ok.
move print header(-type => 'text/html','WWW-Authenticate' => 'Basic realm="Videos"'); to if block??i did this but dialog shows again :((

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.