I need to be able to accept Basic Auth from programmatic/machine clients (python, curl, etc.) but show Form Auth to human users.
It's not immediately obvious to me how you'd do this, since Basic Auth normally prompts with a 401 response. However, I could require that machine clients proactively send the basic auth info (not waiting for a 401), so the server just attempts to process basic auth, and failing that, does form auth.
Would that be the recommended approach, or can Acegi Security do something more advanced? (e.g. based on user-agent header or something like that).
On 2/9/06,
Ben Alex <[EMAIL PROTECTED]> wrote:
[EMAIL PROTECTED] wrote:
>
> How can one set up acegi to accept either one of basic or digest
> authentication?
>
>
>
Just add them both to the filter chain, and specify your preferred
default (for unauthenticated requests which attempt to access a secure
resource) as the ExceptionTranslationFilter.authenticationEntryPoint.
Best regards
Ben
-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
_______________________________________________
Home: http://acegisecurity.org
Acegisecurity-developer mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
