Stack Overflow
Stack Overflow

Questions tagged [www-authenticate]

64 questions
2
votes
1 answer

Consistent user authorization across url with/without www

I need to clarify a fundamental concept (beginner here). In a Django web app I maintain, I notice that if one logs in via going to example.com, they remain logged out on www.example.com (and can then go on to create a clone account). 1) Why does…
Hassan Baig
  • 15,055
  • 27
  • 102
  • 205
2
votes
1 answer

Authentication Error

I am trying to view a web page, fron an Android app, that requires authentication and get the following message: ----- Android webView error start -------- "You do not have permission to view this directory or page using the credentials that you…
reddog
  • 21
  • 2
2
votes
0 answers

Passport-local and WWW-Authenticate header

I'm using passport-local strategy for a simple API which needs authetication. I use a middleware before all my routes, that handles access to the application var verifyAuth = function(req, res, next) { if (req.originalUrl === '/signup' ||…
jomaora
  • 1,656
  • 3
  • 17
  • 26
2
votes
1 answer

WWW-Authentication / NTLM Negotiate using HttpClient with current user credentials

Looking for a pointer on how to get HttpClient (httpclient 4.3.6) to Authenticate the current user to IIS REST service. I can connect no problem using UrlConnection as it seems to handle the WWW-Authentication protocol out of the box. I have…
Nicholas
  • 572
  • 6
  • 17
2
votes
1 answer

Customize WWW-Authenticate challenge header with Jwt Bearer Authentication middleware in WebAPI

I'm using the JwtBearerAuthentication Katana middleware in a .NET WebAPI project to secure my web API via JWT. So, in my Startup class I'm just doing something simple like: app.UseJwtBearerAuthentication( new…
Peter M
  • 472
  • 5
  • 16
2
votes
1 answer

Programmatically Log Into SSRS

I'm trying to programmatically connect to Microsoft SSRS programmatically. I would assume that this would have to be done using the www-authentication http header in some way or another, however I'm not exactly sure. I'm doing this because I'm…
user1484761
  • 21
  • 2
1
vote
0 answers

Getting a 401 error code on Postman 10.15.4 when it was working just fine on 10.13

I have an API that I was using to obtain a JSON through a GET request. I had to first authenticate my user through POST and then GET the information from the API. This would work just fine until the newest update (10.15.4). Now, I am still able to…
Pratham Mehta
  • 11
  • 1
1
vote
1 answer

What value should WWW_Authenticate be, if my api uses a header to authentivate clients?

Each client has a private key, which they have to send to the server in a header in each request, like this: X-MY-AUTH-CODE: {PRIVATE_KEY} I've found a list about HTTP Authentication Schemes, but I have no idea, which one is this. What sould I…
Iter Ator
  • 8,226
  • 20
  • 73
  • 164
1
vote
1 answer

Enable apache HTTP basic auth only if response page doesnt have his own basic auth

I added a HTTP basic authentication using Apache to access to a PHP application using a .htaccess file: AuthType Basic AuthName "Secure Area" AuthUserFile /path/to/.htpasswd AuthGroupFile /dev/null Require valid-user This is working fine for most…
Seb33300
  • 7,464
  • 2
  • 40
  • 57
1
vote
1 answer

WWW-Authenticate Header CSRF Issue

I've heard from a friend that the WWW-Authenticate header can be explicitly defined within a malicious php file on a remote server and use an image mimetype e.g. image/jpeg or image/png. Hypothetical Situation Say this file is…
Gio Borje
  • 20,314
  • 7
  • 36
  • 50
1
vote
1 answer

Reverse proxy to remove digest authentication

I'm already looking for days for a solution but I'm not able to find something. I have a few IP camera's (Dahua) which don't have an option for unauthorized, public so to say, viewing. I'm now looking for a proxy server which can do the…
Daan Pape
  • 1,100
  • 1
  • 13
  • 25
1
vote
1 answer

Specifying multiple authentication schemes in an www-authenticate header

RFC 7235 states that this header presents two authentication mechanisms: WWW-Authenticate: Newauth realm="apps", type=1, title="Login to \"apps\"", Basic realm="simple" I have problems parsing this grammar and the RFC isn't…
oligofren
  • 20,744
  • 16
  • 93
  • 180
1
vote
1 answer

Given a Ratpack RequestFixture test, how can I have the fixture invoke Request#beforeSend?

This question is in the context of a Ratpack RequestFixture Spock test, for a Ratpack chain authenticating with RatpackPac4j#requireAuth, and employing a workaround for the missing WWW-Authenticate header (as described in the answer to this…
wu-lee
  • 749
  • 4
  • 17
1
vote
1 answer

PHP www-authenticate Basic Popup Loop Issue

Since two days I try to find my issue in a simple sample code:
Korty
  • 309
  • 2
  • 8
  • 19
1
vote
1 answer

Getting HTTP-401 error for SSO application using Apache JMeter 3.0

I am getting HTTP-401 (Unauthorized) error for single sign-on (SSO) application which I am trying to test. I am passing HTTP Authorization Manager with following information: Username/Password/Domain/Mechanism(KERBEROS). I am getting following…
kmodi85
  • 11
  • 2
1
2
3 4 5