0

I have a RoR app that has worked fine for quite some time, but after a recent deployment, all of the IE users in the office have been presented with a IE username and password popup dialog when they navigate to the root URL. The dialog is titled "Connect to " and has the text "The server at Web Password requires a username and password."

Characteristics of the problem:

  • Only IE is affected. Firefox/Safari/Chrome on both Windows and Mac are unaffected
  • Only the root url is affected. When we append "/login", IE users see the login page as expected.
  • Happens on both http and https protocols
  • Happens both inside and outside of our network

Ideas? What would cause this?

Other info about the config:

  • Apache 2.0
  • Passenger
  • No directives for this dir.
Mark S.
  • 211
  • 3
  • 6

1 Answers1

1

Ahhh!!!

So this is actually a restful_authentication issue stemming from the "access_denied" method:

def access_denied
  respond_to do |format|
    format.html do
      store_location
      redirect_to new_session_path
    end
    format.any do
      request_http_basic_authentication 'Web Password'
    end
  end
end

The format.any line gets executed by IE (possibly a bug in IE), but the work around is to change the "format.any do" line:

format.any(:js, :xml) do

This will still allow your web services to connect with basic authentication while preventing IE from showing this dialog.

Source: http://rails_security.lighthouseapp.com/projects/15332/tickets/5-using-http-basic-authentication-with-ie-not-working

Mark S.
  • 211
  • 3
  • 6