HTTP Authentication and realms

M

Michael Foord

To be fair this is more a question about http than directly about
python... but I'm trying to work with it from python and would
appreciate some help.

I'm writing a cgiproxy to remotely fetch webpages and am struggling
with authentication. From the comments at
http://aspn.activestate.com/ASPN/Cookbook/Python/Recipe/267197 I took
the code to do basic authentication when a server replies with a 401
error - but that only authenticates the first page. You then need to
use 'realm' information and something like
urllib2.HTTPPasswordMgrWithDefaultRealm (remembering the username and
password for the realm, once you have supplied it). The trouble is
that *my* code is a CGI. This means that for each seperate page access
the process starts afresh - so I would need to save in an external
file the username and password combinations... which is by no means an
ideal solution.

The bottom line for me is that I don't actually understand what a
realm is and how http does authentication beyond the first page access
- does it need the username and password encoded in the headers for
access to every page in that realm ?



Fuzzy

http://www.voidspace.org.uk/atlantibots/pythonutils.html
 
P

Peter van Kampen

In comp.lang.python, you wrote:

[snip]
The bottom line for me is that I don't actually understand what a
realm is

from: http://www.ietf.org/rfc/rfc2617.txt

"[...] realms allow the protected resources on a server to be partitioned
into a set of protection spaces, each with its own authentication scheme
and/or authorization database. The realm value is a string, generally
assigned by the origin server, which may have additional semantics specific
to the authentication scheme. Note that there may be multiple challenges
with the same auth-scheme but different realms."
and how http does authentication beyond the first page access > - does
it need the username and password encoded in the headers for > access to
every page in that realm ?

Yes (HTTP is a stateless protocol). Your browser usually remembers your
username and password for 'realms' you've already authenticated for so you
only enter is once but it sent along with each request.

Hth,

PterK
 
M

Michael Foord

Peter van Kampen said:
In comp.lang.python, you wrote:

[snip]
The bottom line for me is that I don't actually understand what a
realm is

from: http://www.ietf.org/rfc/rfc2617.txt

"[...] realms allow the protected resources on a server to be partitioned
into a set of protection spaces, each with its own authentication scheme
and/or authorization database. The realm value is a string, generally
assigned by the origin server, which may have additional semantics specific
to the authentication scheme. Note that there may be multiple challenges
with the same auth-scheme but different realms."
and how http does authentication beyond the first page access > - does
it need the username and password encoded in the headers for > access to
every page in that realm ?

Yes (HTTP is a stateless protocol). Your browser usually remembers your
username and password for 'realms' you've already authenticated for so you
only enter is once but it sent along with each request.

Hth,

PterK


Thanks for your help Peter.
I was hoping there was some way round this - but it looks like my CGI
will have to store realm-password information for each user... *rats*

Thanks

Fuzzy

http://www.voidspace.org.uk/atlantibots/pythonutils.html
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,483
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top