• Post Reply Bookmark Topic Watch Topic
  • New Topic

With BASIC authentication, how get reauthentication?

 
Dan Bizman
Ranch Hand
Posts: 387
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
When a person auths with BASIC and they enter the wrong info, they can't try again without closing the browser. Is there a way to overcome this? Can I remove a header from the request? Can i tell the browser to try again?
 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Why do you say they can't try to enter their details again? It has been my experience that it does let you have a few tries first.
 
dema rogatkin
Ranch Hand
Posts: 294
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I think it happens how many times how many times your servlet returned 401. However, to be more certain please specify used browser.
 
Dan Bizman
Ranch Hand
Posts: 387
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'm using IE 5.x and my servlet returns 401 once (and sets the header "WWW-Authenticate" to "basic realm=myrealm"). However, the browser never reprompts for the username/password but instead keeps sending the same data with every request. I've tried emptying out the request and response, but to no avail. On the first 401 (before a login attempt), the browser pops up a login box. I enter the wrong username/password, and it passes that to the server. The server notes that it's wrong and sends the 401 and www-auth header, and the browser simply shows a 401 unauth'd page. A refresh attempt simply sends the same info back to the server, but never reprompts for login info.
 
Sunny Kumar
Ranch Hand
Posts: 57
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Dan Bizman:
A refresh attempt simply sends the same info back to the server, but never reprompts for login info.

Tried controlling the cache?
 
Dan Bizman
Ranch Hand
Posts: 387
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I discovered the problem. My code was setting the "WWW-Authentication" header as:
basic securitydomain="mydomain"
and IE only accepts:
basic realm="mydomain"
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!