Basic Authentication problem with Proxy servers

Basic Authentication problem with Proxy servers

Post by Jeff Lars » Fri, 19 Feb 1999 04:00:00



I run a small commercial web site that offers business to
business order entry.  We are using Basic Authentication
to validate our users.  However it doesn't work if the
user accesses the web via a proxy server.  Is there a
workaround?  What other options are there?

I've considered handling the authentication myself via
CGI forms, but I'm not sure how I would define a "session".

Could cookies work?  I've never used them before.

Some of the areas that require authentication are
static HTML, but most are CGI generated.  How would
you check a cookie when a static page is requested?

Jeff Larsen

 
 
 

Basic Authentication problem with Proxy servers

Post by Peter » Fri, 19 Feb 1999 04:00:00



> We are using Basic Authentication
> to validate our users.  However it doesn't work if the
> user accesses the web via a proxy server.

Any proxy server that cannot handle basic auth requests is seriously broken.

--
The Intel Pentium III chip: it's like a surveillance camera in
your computer screen. Watching you. All the time. Every day.
Boycott Intel. Now.  http://www.privacy.org/bigbrotherinside/

 
 
 

1. proxy server auth w/o basic authentication

I need to set up a proxy server that users can only use after
authenticating themselves with a kerberos database.

I do not want to have the users passwords go across the network
unencrypted but i do not want the proxy server to encrypt every
page that goes by.

Is there a way to do this?

The way i came up with was to have the user authenticate via a
web page on a secure server and then have that server create/modify
an entry in a database that the non-secure proxy server can then check.

The problem with that is that i can not find an easy to way to
identify the user to the proxy server.

I can't figure out how to use a cookie because cookie only
get presented when asking for a URL in the same domain as the proxy.

So the only thing i came up with was to have the user, after
authenticating via the secure web page, then enter their usename
into the browsers authentication pop-up.

It works great, but seems.. uh.. dorky (?) to have to enter the
username twice.

The only other thing i can think of is registering just the IP address
of the host and then allowing that, but i'm not sure that would fly
with the security access folks.

Is there any way to set the authentication username via javascript
or something like that?

Or is there some other thing that i'm missing?

tia

2. http deamon

3. Apache BASIC authentication a Netscape proxy server

4. Secure Network File Systems

5. proxy server auth w/o basic authentication

6. how to have scsi device detected ?

7. how to asked iplanet reverse proxy pass basic authentication to the following webserver

8. Web browser

9. Apache Proxy & authentication problem when going to a Domino server

10. Digest Authentication v Basic Authentication

11. Netscape server group and basic authentication

12. Which browsers/servers do Basic Authentication correctly?

13. Proxy-Server with USER-based authentication?