Forum Discussion
Erich_Rockman_1
Cirrus
CirrusCheck Authorization / WWW-Authenticate headers
Hi. I am trying to make sure that the user what is trying to/has authenticated to a site w/ Basic Auth matches a user in a list. However, I cannot force the server to prompt if the user/pass is not a...
Erich_Rockman_1Cirrus
CirrusI only check if the user matches if the Authorization header is not "". However, even when the user enters an incorrect user and/or password, the Authorization header is set. But if this user and/or pass is incorrect (server auth), I want it to prompt again. Right now, it does not because the Authorization header is set.
Stanislas_Piro2Cumulonimbus
please explain your need with conditions and associated action as I wrote in my previous answer. With Kai, we are trying to help you but we don't understand your need.- Kai_Wilke
MVP
Hi Erich, as Stanislas already told the outlined scenario is for us both still somewhat unclear. So i guess it would be realy helpful to answer the following basic questions at first o understand your specific needs. 1.) Has the server/application any special behavior to overcome? Or is it a RFC compliant Basic authentication via err401 and WWW-Authenticate? 2.) Do you have special security concerns that must be covered? (e.g. allow just a few users to login, change the default behavior of the server in a certain way, etc.) Remark: Please don't think in iRules or TCL Code. Only explain the situation before you've started and the solution you need in the end. Thanks! Cheers, Kai
