Yes, I haven't mentioned webserver, so I'm not using IIS. It is Apache on
Linux. And once again, do anybody know what am I doing wrong?
> -----Original Message-----
> From: Rick Osborne [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, August 02, 2000 7:08 PM
> To: [EMAIL PROTECTED]
> Subject: RE: HTTP Authorization
>
>
> [Stanislav Maximov]
> [I'm sure it is possible to implement with PHP and Java servlets (running
> with Apache) via modifying http headers. So what's a problem with Cold
> Fusion?]
>
> As I said, I'm not too familiar with how Apache handles authentication, I
> just know how IIS does it. When IIS sees that your browser has passed
> authentication information back to it, ***before it even calls the CF
> server*** it tries to authenticate that information. To verify the
> authentication, it checks the username and password against the local
> machine, then the domain, then any authentication ISAPI DLLs that are
> installed. If none of these return a successful authentication, ***the CF
> server will never get called*** and IIS wil just return a 403. This means
> that your script never even has a chance to verify the authentication
> information.
>
> -Rick
>
> ------------------------------------------------------------------
> ------------
> Archives: http://www.mail-archive.com/[email protected]/
> To Unsubscribe visit
> http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf
_talk or send a message to [EMAIL PROTECTED] with
'unsubscribe' in the body.
------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/[email protected]/
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
