no worries<br><br>;)<br><br><div class="gmail_quote">On Thu, Jul 23, 2009 at 4:29 AM, nginx.mailinglist <span dir="ltr"><<a href="mailto:nginx.mailinglist@xinio.info">nginx.mailinglist@xinio.info</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">Hmm<div><br></div><div>sorry for mix up i think i confused myself</div><div><br></div><div>whatever happened i now get the following entries in my php's $_SERVER</div>
<div><br></div><div><br></div><div><div>[HTTP_AUTHORIZATION] => Basic dGVzdDEyMzphYmM1Njc=</div>
</div><div><div>[PHP_AUTH_USER] => test123</div><div>[PHP_AUTH_PW] => abc567</div><div><br></div><div><br></div><div>which is exactly what i wanted, i can take the above values now and perfrom authentication against the database</div>
<div><br></div><div>sorry for all the confusion</div><div>i dont think this was an issue at all in first place</div><div>just my tests were wrong</div><div><br></div><div>thanks for the prompt help</div></div><div><div></div>
<div class="h5"><div><br></div>
<div><br><br><div class="gmail_quote">On Thu, Jul 23, 2009 at 12:13 PM, István <span dir="ltr"><<a href="mailto:leccine@gmail.com" target="_blank">leccine@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
he is mixing up two different things<br><br><a href="http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html" target="_blank">http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html</a><br><br><h3><a>14.8</a> Authorization</h3>
<pre> A user agent that wishes to authenticate itself with a server--<br> usually, but not necessarily, after receiving a 401 response--does<br> so by including an Authorization request-header field with the<br>
request. The Authorization field value consists of credentials<br> containing the authentication information of the user agent for<br> the realm of the resource being requested.<br></pre>
<pre> Authorization = "Authorization" ":" credentials<br></pre>
<pre> HTTP access authentication is described in "HTTP Authentication:<br> Basic and Digest Access Authentication" <a rel="bibref" href="http://www.w3.org/Protocols/rfc2616/rfc2616-sec17.html#bib43" target="_blank">[43]</a>. If a request is<br>
authenticated and a realm specified, the same credentials SHOULD<br> be valid for all other requests within this realm (assuming that<br> the authentication scheme itself does not require otherwise, such<br>
as credentials that vary according to a challenge value or using<br> synchronized clocks).<br></pre>
<pre> When a shared cache (see section 13.7) receives a request<br> containing an Authorization field, it MUST NOT return the<br> corresponding response as a reply to any other request, unless one<br> of the following specific exceptions holds:<br>
</pre>
<pre> 1. If the response includes the "s-maxage" cache-control<br> directive, the cache MAY use that response in replying to a<br> subsequent request. But (if the specified maximum age has<br>
passed) a proxy cache MUST first revalidate it with the origin<br> server, using the request-headers from the new request to allow<br> the origin server to authenticate the new request. (This is the<br>
defined behavior for s-maxage.) If the response includes "s-<br> maxage=0", the proxy MUST always revalidate it before re-using<br> it.<br></pre>
<pre> 2. If the response includes the "must-revalidate" cache-control<br> directive, the cache MAY use that response in replying to a<br> subsequent request. But if the response is stale, all caches<br>
MUST first revalidate it with the origin server, using the<br> request-headers from the new request to allow the origin server<br> to authenticate the new request.<br></pre>
<pre> 3. If the response includes the "public" cache-control directive,<br> it MAY be returned in reply to any subsequent request.<br></pre><div><div></div><div><br><br><div class="gmail_quote">
2009/7/23 Igor Sysoev <span dir="ltr"><<a href="mailto:is@rambler-co.ru" target="_blank">is@rambler-co.ru</a>></span><br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div>On Thu, Jul 23, 2009 at 11:22:19AM +0100, nginx.mailinglist wrote:<br>
<br>
> Thank you<br>
> I see that works fine for that particular user:pass combo<br>
><br>
> but (sorry to be a pain)<br>
><br>
> that means i have to encode the user:pass combination into the config file<br>
><br>
> what happens if there are thousands of user:pass combinations?<br>
><br>
> how can this info be dynamically passed to the php backend for<br>
> authentication to occur there (by looking up in a database for example)?<br>
><br>
> i cant be updating the config file everytime a new user is added that can be<br>
> crazy especially if there are thousands or more users<br>
><br>
> Regards<br>
><br>
> edit: i google and found this old email conversation on nginx mailinglist<br>
> <a href="http://markmail.org/message/tl7h2fclizgptwnr#query:NGINX%20PHP%20AUTHENTICATION+page:1+mid:f3xw2gjllat6urff+state:results" target="_blank">http://markmail.org/message/tl7h2fclizgptwnr#query:NGINX%20PHP%20AUTHENTICATION+page:1+mid:f3xw2gjllat6urff+state:results</a><br>
<br>
</div>I do not understand your problem.<br>
nginx passes client's user:pass in Authorization header transparently.<br>
<div><br>
> 2009/7/23 Igor Sysoev <<a href="mailto:is@rambler-co.ru" target="_blank">is@rambler-co.ru</a>><br>
><br>
> > On Thu, Jul 23, 2009 at 10:50:12AM +0100, nginx.mailinglist wrote:<br>
> ><br>
> > > Hello<br>
> > > just a quick question<br>
> > ><br>
> > > in lighttpd i was able to pass the username and pass from the url to php<br>
> > > backend<br>
> > ><br>
> > > but nothing happens in nginx?<br>
> > ><br>
> > > let me explain<br>
> > ><br>
> > ><br>
> > > lets say you have a URL like this<br>
> > ><br>
> > > <a href="http://userX:passY@example.com/bleh.php" target="_blank">http://userX:passY@example.com/bleh.php</a><br>
> > ><br>
> > ><br>
> > > i expect my php backend to have user and pass entries in the $_SERVER<br>
> > > variable as happens with lighttpd<br>
> > ><br>
> > > am i missing something with nginx? is it even possible?<br>
> ><br>
> > $echo userX:passY | perl -MMIME::Base64 -lne 'print encode_base64 $_'<br>
> > dXNlclg6cGFzc1k=<br>
> ><br>
> > proxy_pass <a href="http://example.com/bleh.php" target="_blank">http://example.com/bleh.php</a>;<br>
> > proxy_set_header Authorization "Basic dXNlclg6cGFzc1k=";<br>
> ><br>
> ><br>
> > --<br>
> > Igor Sysoev<br>
> > <a href="http://sysoev.ru/en/" target="_blank">http://sysoev.ru/en/</a><br>
> ><br>
> ><br>
<br>
</div>--<br>
<div><div></div><div>Igor Sysoev<br>
<a href="http://sysoev.ru/en/" target="_blank">http://sysoev.ru/en/</a><br>
<br>
</div></div></blockquote></div><br><br clear="all"><br></div></div><font color="#888888">-- <br>the sun shines for all<br>
</font></blockquote></div><br></div>
</div></div></blockquote></div><br><br clear="all"><br>-- <br>the sun shines for all<br>