[WEB4LIB] Script for HTTP Basic authentication?

Bouchard, Kerry k.bouchard at tcu.edu
Thu Sep 16 09:25:27 EDT 1999


> 	We've used a home-grown URL-rewriter to do this on our VMS system
> for a few years, and are now using a commercial URL-rewriter program
> called
> EZproxy from Useful Utilities (http://www.usefulutilities.com/) to do it
> on
> our NT server (it's also available for Linux).  The HTTP basic
> authentication scheme (see section 11, "Access Authentication" at
> http://www.w3.org/Protocols/rfc2068/rfc2068.txt) requires that the
> username
> and password be sent from the browser to the server in *every* request
> header.   It would be nice if there was a way to write a script on a
> library
> server that told a patron's browser "The username and password for the
> vendor.com domain is:", but there is no message defined in HTTP to do that
> -- the only message a server can send a browser is the challenge message
> that causes the dialog box to pop up. 
>        So the problem boils down to the same problem as for vendors that
> use
> IP recognition -- you need either a proxy or a URL-rewriter in between the
> browser and the remote site to keep sending the username and password on
> every request.  (I have no idea if any proxies have this capability -- one
> of the reasons we've stuck with the URL-rewriter solution.)  A product
> like
> WebScript that inserts itself long enough to send form data and then "gets
> out of the way" won't solve the problem.
>        In anticipation of possible responses about how URL rewriters are a
> kludge -- I agree.  The best solution would be to persuade the vendor to
> use
> another authentication scheme so that the URL-rewriting (or proxy)
> technique
> would be unnecessary.
> 
> Kerry Bouchard, K.Bouchard at tcu.edu
> Assistant University Librarian for Automated Systems
> Mary Couts Burnett Library, TCU
> 
> > -----Original Message-----
> > From:	Andrew White [SMTP:whitea1 at kea.lincoln.ac.nz]
> > Sent:	Wednesday, September 15, 1999 6:41 PM
> > To:	BOUCHARD at MAIL.TCU.EDU
> > Subject:	[WEB4LIB] Script for HTTP Basic authentication?
> > 
> > Has anyone solved the problem of using a script to automatically 
> > login to sites that use HTTP basic authentication ie. the type that 
> > pop-up a dialog box asking for username and password ?
> > 
> > I have been playing with OCLC's WebScript, the documentation for 
> > which implies it can do it, but without success.
> > 
> > Maybe someome has a PERL script that can achieve 
> > authentication without the user seeing it?
> > 
> > Thanks,
> > 
> > 
> > Andrew White                        email: a.white at lincoln.ac.nz
> > Information Technology Librarian      fax: +64-3-3252944
> > Lincoln University Library        http://www.lincoln.ac.nz/libr/
> > P.O. Box 64, Lincoln University, Canterbury, New Zealand.


More information about the Web4lib mailing list