Forum Discussion
Erich_Rockman_1
Dec 10, 2015Cirrus
Check Authorization / WWW-Authenticate headers
Hi. I am trying to make sure that the user what is trying to/has authenticated to a site w/ Basic Auth matches a user in a list. However, I cannot force the server to prompt if the user/pass is not a...
Erich_Rockman_1
Cirrus
I only check if the user matches if the Authorization header is not "". However, even when the user enters an incorrect user and/or password, the Authorization header is set. But if this user and/or pass is incorrect (server auth), I want it to prompt again. Right now, it does not because the Authorization header is set.
Kai_Wilke
Dec 11, 2015MVP
Hi Erich,
as Stanislas already told the outlined scenario is for us both still somewhat unclear. So i guess it would be realy helpful to answer the following basic questions at first o understand your specific needs.
1.) Has the server/application any special behavior to overcome? Or is it a RFC compliant Basic authentication via err401 and WWW-Authenticate?
2.) Do you have special security concerns that must be covered? (e.g. allow just a few users to login, change the default behavior of the server in a certain way, etc.)
Remark: Please don't think in iRules or TCL Code. Only explain the situation before you've started and the solution you need in the end.
Thanks!
Cheers, Kai
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects