Closed Bug 149977 Opened 22 years ago Closed 19 years ago

using HTTP authentication, need a way to not request user/pass on a per-auth-method basis

Categories

(Core :: Networking: HTTP, enhancement)

x86
All
enhancement
Not set
normal

Tracking

()

RESOLVED FIXED
Future

People

(Reporter: bjt23, Assigned: darin.moz)

Details

ok, so my summary isn't the best; not sure how to word it properly. not sure if this is a bug per se, maybe a quasi-RFE. think that there needs to be a method (probably defined in the nsIHttpAuthenticator interface) that can be used to query whether or not mozilla should prompt the user for a username and password, or if, for example, the particular authentication method class (i.e. the implementor of nsIHttpAuthenticator) will handle user prompts and the like itself. my real-world example ;-): i'm attempting to implement a proprietary kerberos authentication scheme that uses HTTP's WWW-Authenticate and Authorization headers (as defined in rfc 2617). the scheme we are using uses a separate daemon to prompt the user for username and password and retrieve kerberos tickets from the kdc. the problem is that there doesn't appear to be a way to stop the browser from popping up a box asking for username/password. looking at nsHttpChannel::GetCredentials, the only reason why we _don't_ prompt the user is if the credentials are already in the AuthCache, and they are reuseable. i was going to attempt to be hack-y about it and try to add a dummy entry to the AuthCache in the constructor of my nsIHttpAuthenticator, but i won't have access at that point to data like hostname, realm, etc. that i would need to create such a dummy entry, and the HttpAuthenticator isn't touched again until after a user/passwd prompt is thrown up. i could make a patch for this myself, but i wanted to check and see if this is something that would possibly get checked in before i spend the time to actually do it. i visualise one small change, the addition of 3-5 lines of code to nsHttpChannel::GetCredentials, and one possibly big change (which is why i'm asking first), which is changing the interface of nsIHttpAuthenticator, adding a method such as "boolean promptForUserPass()". this would mean that the current two implementors of nsIHttpAuthenticator, nsHttpBasicAuth and nsHttpDigestAuth would have to be modified to implement the new interface (trivial). so, what are the thoughts on this? i've delved through as much source code as i am able, and i can't find a better method of getting what i need (feel free to correct me).
I don't really understand what you are saying, but it would be an enhancement (marking as such) and I leave it to the component owner to have a look (marking NEW). pi
Severity: normal → enhancement
Status: UNCONFIRMED → NEW
Ever confirmed: true
-> future
Target Milestone: --- → Future
This was fixed a long time ago with negotiateauth.
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.