Is it possible in a web app that uses special handlers e.g. /special/dowhatiwant to use HTTP basic authentication?
My guess is “why not”. Check the request headers. If they don’t have authorization, return a 401 error. If they do, evaluate them. Details of basic auth are here:
Thanks Brad, that was exactly what I need to know.
I made a simple web app. It has a WebLink with URL “/api/basicAuth” and target “New Window” in a WebPage. I added a handler for app.HandleSpecialURL:
[code]Function HandleSpecialURL(Request As WebRequest) As Boolean
dim result as Boolean
dim authHeader, items(), auth, username, password as string
dim i as integer
result = false
if request <> nil then
if request.Path = “basicAuth” then
authHeader = request.GetRequestHeader(“Authorization”)
if authHeader <> "" then
items = authHeader.Split(" ")
for i = items.Ubound downto 0
if items(i) = "" then
items.Remove(i)
end if
next
if items.Ubound = 1 and items(0) = "Basic" then
auth = DecodeBase64(items(1))
username = auth.NthField(":", 1)
password = auth.NthField(":", 2)
request.Print username + "</br>" + password
request.Status = 200
result = true
end if
else
Request.Header("WWW-Authenticate") = "Basic realm=""basicAuth"""
request.Status = 401
result = true
end if
if not result then
Request.Header("WWW-Authenticate") = "Basic realm=""basicAuth"""
request.Status = 401
result = true
end if
end if
end if
return result
End Function
[/code]
When the link is clicked, a new tab will open, and the user will be asked for username and password. A simple page will be displayed with what the user entered. Subsequent reloads will bypass the login because the browser sends up previous authentication data for that realm when requested.
Thanks Brad that is brilliant, I am going to give it a try this evening.