Menu
After looking a lot, I've found some solutions that seem working, but not for me...
For example, I have this script:
require 'net/http' require "net/https" @http=Net::HTTP.new('www.xxxxxxx.net', 443) @http.use_ssl = true @http.verify_mode = OpenSSL::SSL::VERIFY_NONE @http.start() {|http| req = Net::HTTP::Get.new('/gb/PastSetupsXLS.asp?SR=31,6') req.basic_auth 'my_user', 'my_password' response = http.request(req) print response.body } When I run it, it gives me a page that requests for authentication, but if I write the following URL in the browser, I get into the website without problems:
https://my_user:[email protected]/gb/PastSetupsXLS.asp?SR=31,6 I have also tried with open-uri:
module OpenSSL module SSL remove_const :VERIFY_PEER end end OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE def download(full_url, to_here) writeOut = open(to_here, "wb") writeOut.write(open(full_url, :http_basic_authentication=>["my_user", "my_password"]).read) writeOut.close end download('https://www.xxxxxxx.net/gb/PastSetupsXLS.asp?SR=31,6', "target_file.html") But the result is the same, the site is asking for user authentication. Any tips of what am I doing wrong?. Must I encode the password in Base 64?
383
Note: The HTTP basic authentication scheme can be considered secure only when the connection between the web client and the server is secure. If the connection is insecure, the scheme does not provide sufficient security to prevent unauthorized users from discovering the authentication information for a server.
Basic authentication involves sending a verified username and password with your request. In the request Authorization tab, select Basic Auth from the Type dropdown list. Enter your API username and password in the Username and Password fields. For additional security, store these in variables.
I wrote a piece of code based on examples given in the Net::HTTP docs and tested it on my local WAMP server - it works fine. Here's what I have:
require 'net/http' require 'openssl' uri = URI('https://localhost/') Net::HTTP.start(uri.host, uri.port, :use_ssl => uri.scheme == 'https', :verify_mode => OpenSSL::SSL::VERIFY_NONE) do |http| request = Net::HTTP::Get.new uri.request_uri request.basic_auth 'matt', 'secret' response = http.request request # Net::HTTPResponse object puts response puts response.body end And my .htaccess file looks like this:
AuthName "Authorization required" AuthUserFile c:/wamp/www/ssl/.htpasswd AuthType basic Require valid-user My .htpasswd is just a one liner generated with htpasswd -c .htpasswd matt for password "secret". When I run my code I get "200 OK" and contents of index.html. If I remove the request.basic_auth line, I get 401 error.
UPDATE:
As indicated by @stereoscott in the comments, the :verify_mode value I used in the example (OpenSSL::SSL::VERIFY_NONE) is not safe for production.
All available options listed in the OpenSSL::SSL::SSLContext docs are: VERIFY_NONE, VERIFY_PEER, VERIFY_CLIENT_ONCE, VERIFY_FAIL_IF_NO_PEER_CERT, out of which (according to the OpenSSL docs) only the first two ones are used in the client mode.
So VERIFY_PEER should be used on production, which is the default btw, so you can skip it entirely.
101
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
