Http_authorization

4

4u2ges

Perch
I wonder if this can be retrieved from header. It seems that the header sent from server does not contain this variable if page is posted with basic authentication. Normally it should contain " Basic + Base64_encoded_authentication"

Moreover..
When I do "ALL_HTTP" it contains (decoded) ID/Password respectively in: HTTP_HTACCESS_USER and HTTP_HTACCESS_PASSWORD variables
However trying to retrieve authentication directly by:
Request.ServerVariables("HTTP_HTACCESS_USER") and
Request.ServerVariables("HTTP_HTACCESS_PASSWORD") returns a zero length string.

Is this normal?
 
Hello,

This is using ASP in Windows, correct?

This looks to be headers from the htaccess ISAPI filter for webshell/directory protection scheme, I don't you you can readt from them. If you can let me know more what you are trying to do I might can work something out for you.
 
Stephen said:
Hello,

This is using ASP in Windows, correct?

This looks to be headers from the htaccess ISAPI filter for webshell/directory protection scheme, I don't you you can readt from them. If you can let me know more what you are trying to do I might can work something out for you.
Click to expand...

Hi Stephen,
Thank you for the reply.
Yes, it's an ASP.
I'm trying to integrate a Google Checkout gateway model. Google posted instant notifications with Basic Authentication to the specific page. I then have to retrieve authentication from header (posted by Google), decode it and compare to the credentials stored in database. Authentication string normally is retrieved from Http_authorization variable.
Like: Request.ServerVariables("HTTP_AUTHORIZATION")
Return example: Basic WEAyNDIyMjU5MzY3FSfgdrGRk1lN0NPRWNFRnM2SjNWc3c=

But I guess Web Shell handles it differently. Looks as though it rebuilds the header (at list the authentication part). It does automatically decodes the authentication string and assigns it to: HTTP_HTACCESS_USER and HTTP_HTACCESS_PASSWORD
Everything would have been fine if I could’ve retrieve those values directly…(Like Request.ServerVariables("HTTP_HTACCESS_USER ")) but they are ONLY can be retrieved from a mix from Request.ServerVariables("ALL_HTTP"). So I have to do the “durty” work filtering values from the mix.

I’m just trying to figure out if this is the case for all HSphere clients as I have to develop unified scripts for many clients across the net (including HSphere), which should have a reliable routine to retrieve authentication.

Thank you.
Gurgen
 
You must log in or register to reply here.
Back
Top