Forum Discussion
Erich_Rockman_1
Cirrus
I have been trying to explain it, but maybe because I have been deep into this, I am not doing a great job of it. I'll try again.
It is a regular web server, 401, Authorization, WWW-Authenticate headers intact.
I am looking to check the user credentials (entered into the browser via 401 challenge) and check that value against a list. That works fine right now. However, I cannot get it to respect the server's response (WWW-Authenticate). I need to be able to continue to prompt the user for creds when they are not correct (as far as Basic Auth is concerned).
My problem is that the WWW-Authenticate comes back on the response side and I am checking the Authorization header on the request side.
Kai_Wilke
Dec 11, 2015MVP
If the server is compliant, then it would send a 401 on each request which is not authenticated. This will repeat endless, since Basic authentication is per-request based and does not have a clue of previous requests. But the browser may supress further auth prompts from poping up after a couple of trys and display instead the content of the 401 response.
If a user is already sucessfull authenticated but the page is not accesible (e.g. the specific user dont have permissions), then the server could either promt for additional credentials or display a 403 access denied message. But this is a vendor/product specific decission/setting.
Which of the above scenarios is not working as desired?
Cheers, Kai