Basic Authentication Required Dialog

Question

For starters; Im not so literate in coding.

I am pretty interested in a script on how to trigger/ or throw a Basic/Standard "Authentication Required" Dialog on a specific directory or site and the credentials that would be inputed there by the users, to be checked against another database thats on another website.

i.e. Like those "Check who blocked you on msn" websites that they get your credentials from their website and they check against the Hotmail database or servers and tell you if the credentials are incorrect (try again) or if its correct it redirects you to the specific website that is implemented by the Administrator. (in this situation Hotmail Contact List)

And also when it checks that the credentials are correct how do I make the script to store those credentials into a specific .txt file or folder?!

The only difference is that I just want it to be Basic Authentication Dialog Like This Example Here But I want this to implement on my sites.

I hope Im comprehensible.

Thank you very much in advance.

Answer 1

You will need to send a 401 response code to the browser which will make the browser prompt for a username and password. Here's an example in PHP taken from the PHP manual:

<?php
if (!isset($_SERVER['PHP_AUTH_USER'])) {
    header('WWW-Authenticate: Basic realm="My Realm"');
    header('HTTP/1.0 401 Unauthorized');
    echo 'Text to send if user hits Cancel button';
    exit;
} else {
    echo "<p>Hello {$_SERVER['PHP_AUTH_USER']}.</p>";
    echo "<p>You entered {$_SERVER['PHP_AUTH_PW']} as your password.</p>";
}
?>

You should be able to do the same thing in the language of your choice, although you will need to research where the username and password variables are stored in the language you use.

As an alternative, you may also be able to configure this in your web server. That way the web server handles authentication and you only need to program your application to get the current user name which is usually found in the "REMOTE_USER" environment variable. In Apache you might restrict access to a specific folder as follows:

<Directory /usr/local/apache/htdocs/secret>
    AuthType Basic
    AuthName "Restricted Files"
    # (Following line optional)
    AuthBasicProvider file
    AuthUserFile /usr/local/apache/passwd/passwords
    Require user rbowen
</Directory>

See the Apache documentation on authentication and access control for more information. Even if you are using a different web server, rest assured that this is a common feature in web servers. I'm sure you will be able to find the equivalent functionality in whatever web server you are using.

Answer 2

Java imports have been excluded...

To show the username/password dialog...

HttpServletResponse httpResponse = (HttpServletResponse) response;
httpResponse.setHeader("WWW-Authenticate", "Basic realm=\"My Realm\"");
httpResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED, "");

To decode the request...

private boolean authenticateRequestOk(HttpServletRequest request)
{
    String authorizationHeader = request.getHeader("Authorization");

    if (authorizationHeader != null)
    {
        byte[] decodedUsernamePassword;
        try
        {
            decodedUsernamePassword = Base64.decode(authorizationHeader.substring("Basic ".length()));
        }
        catch (IOException e)
        {
            log.error("Error decoding authorization header \"" + authorizationHeader + "\"", e);
            return false;
        }

        String usernameAndPassword = new String(decodedUsernamePassword);

        String username = StringUtils.substringBefore(usernameAndPassword, ":");
        String password = StringUtils.substringAfter(usernameAndPassword, ":");

        if (USERNAME.equalsIgnoreCase(username) && PASSWORD.equalsIgnoreCase(password))
        {
            return true;
        }
    }

    return false;
}