Closed Bug 149977 Opened 22 years ago Closed 19 years ago

using HTTP authentication, need a way to not request user/pass on a per-auth-method basis

Categories

(Core :: Networking: HTTP, enhancement)

x86
All
enhancement
Not set
normal

Tracking

()

RESOLVED FIXED
Future

People

(Reporter: bjt23, Assigned: darin.moz)

Details

ok, so my summary isn't the best; not sure how to word it properly.  not sure if
this is a bug per se, maybe a quasi-RFE.

think that there needs to be a method (probably defined in the
nsIHttpAuthenticator interface) that can be used to query whether or not mozilla
should prompt the user for a username and password, or if, for example, the
particular authentication method class (i.e. the implementor of
nsIHttpAuthenticator) will handle user prompts and the like itself.

my real-world example ;-):
i'm attempting to implement a proprietary kerberos authentication scheme that
uses HTTP's WWW-Authenticate and Authorization headers (as defined in rfc 2617).
 the scheme we are using uses a separate daemon to prompt the user for username
and password and retrieve kerberos tickets from the kdc.  the problem is that
there doesn't appear to be a way to stop the browser from popping up a box
asking for username/password.  looking at nsHttpChannel::GetCredentials, the
only reason why we _don't_ prompt the user is if the credentials are already in
the AuthCache, and they are reuseable.

i was going to attempt to be hack-y about it and try to add a dummy entry to the
AuthCache in the constructor of my nsIHttpAuthenticator, but i won't have access
at that point to data like hostname, realm, etc. that i would need to create
such a dummy entry, and the HttpAuthenticator isn't touched again until after a
user/passwd prompt is thrown up.

i could make a patch for this myself, but i wanted to check and see if this is
something that would possibly get checked in before i spend the time to actually
do it.  i visualise one small change, the addition of 3-5 lines of code to
nsHttpChannel::GetCredentials, and one possibly big change (which is why i'm
asking first), which is changing the interface of nsIHttpAuthenticator, adding a
method such as "boolean promptForUserPass()".  this would mean that the current
two implementors of nsIHttpAuthenticator, nsHttpBasicAuth and nsHttpDigestAuth
would have to be modified to implement the new interface (trivial).

so, what are the thoughts on this?  i've delved through as much source code as i
am able, and i can't find a better method of getting what i need (feel free to
correct me).
I don't really understand what you are saying, but it would be an enhancement
(marking as such) and I leave it to the component owner to have a look (marking
NEW).

pi
Severity: normal → enhancement
Status: UNCONFIRMED → NEW
Ever confirmed: true
-> future
Target Milestone: --- → Future
This was fixed a long time ago with negotiateauth.
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.