logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> Apache View previous topic :: View next topic
Reply to topic   Topic: fcgi authentication
Author
dreuzel



Joined: 30 Jan 2006
Posts: 16
PostPosted: Mon 25 Mar '13 12:48    Post subject: fcgi authentication Reply with quote
just switched from mod_PHP to mod_fcgi and have the classical authentication problems.
I googled around but there is hardly anything relevant to find

A)Hystory
I add authentiction to my PHP apps forcing a DIgest login (no password over the net)
as Apache is requesting a USER or a login ... I allow apache to verify and do a simple session verification in php
as Apache is NOT requesting a USER ..... and the authorisation state is not correct I force a authorisation
digest with the browser verify the user and allow or disallow.

B) using Fcgi this does not seem to work anymore fcgid magicaly filter the authentication.
-Using basic authentication and " FcgidPassHeader Authorization" the authentication seems to pass....
THough it seems not possible to change the realm and change the Authentication making the primitive implementation not very usefull.
-Using Digest authentication I get nothing through.....
Meaning Fcgi is completely useless and as such unusable
Does someone Know how to allow for Digest authentication.

C) Do not understand fcgi commands
I was hoping for a redirect to a dedicated php app on following commands
but I only receive a complaint tat the file is not existing (and it is )
[code]
FcgidAuthorizer F:\loggerin.php
FcgidAuthorizerAuthoritative on
[code]
Can someone explain the command and the intention ?
As it is it seems a crappy implementation, Can you please convince me it is well thought out .
apache doc does not offer a clue how to look at the significance of the setting
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7442
Location: EU, Germany, Next to Hamburg
PostPosted: Tue 26 Mar '13 13:00    Post subject: Reply with quote
You can use your old code!

my test code http://pastebin.com/raw.php?i=KmtpDsQF

The Trick is to use FcgidPassHeader Authorization


my test vhost

http://pastebin.com/ZEaTRjTE
Back to top
dreuzel



Joined: 30 Jan 2006
Posts: 16
PostPosted: Tue 09 Apr '13 19:31    Post subject: Reply with quote
not realy apache authn authz block all access to the PHP
only way i fallback to mod_php
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7442
Location: EU, Germany, Next to Hamburg
PostPosted: Wed 10 Apr '13 10:26    Post subject: Reply with quote
Did you try my complete testing code with the vhost?
Back to top
dreuzel



Joined: 30 Jan 2006
Posts: 16
PostPosted: Wed 10 Apr '13 11:18    Post subject: Reply with quote
absolutely and that works correctly.
it parses and passes the authorisation to PHP.

pd: your link fails error 502 bad Gateway nginx
Back to top


Reply to topic   Topic: fcgi authentication View previous topic :: View next topic
Post new topic   Forum Index -> Apache