Rails HTTP 基本身份验证失败
我尝试在 Rails 2.3.4 应用程序中使用authenticate_with_http_basic,但未获取用户名和密码。我做了一些侦探工作,发现它失败了,因为请求中没有授权标头。我尝试添加文档中建议的 RewriteRule:
RewriteRule ^(.*)$ dispatch.fcgi [E=X-HTTP_AUTHORIZATION:%{HTTP:Authorization},QSA,L]
不过,无论是使用 Apache/Passenger 还是 Mongrel,我都没有任何运气。我在 Rails 3 应用程序中尝试authenticate_with_http_basic 也没有任何运气。如果我将其更改为authenticate_or_request_with_http_basic,则提示时给出的凭据将起作用,但它会忽略网址中提供的任何凭据。 (这是有道理的,因为它正在调用authenticate_with_http_basic。)我在我的代码中找不到任何应该扰乱请求的内容,而且对我来说,它不能在本地与Mongrel一起工作似乎很奇怪。有什么建议吗?
I'm trying to use authenticate_with_http_basic in a Rails 2.3.4 app, and the username and password aren't being picked up. I did a little detective work and figured out that it's failing because there's no authorization header in the request. I tried adding the RewriteRule suggested in the docs:
RewriteRule ^(.*)$ dispatch.fcgi [E=X-HTTP_AUTHORIZATION:%{HTTP:Authorization},QSA,L]
I haven't had any luck, though, either with Apache/Passenger or Mongrel. I also didn't have any luck trying authenticate_with_http_basic in a Rails 3 app. If I change it to authenticate_or_request_with_http_basic, credentials given at the prompt work, but it ignores any supplied in the url. (Which makes sense, since it's calling authenticate_with_http_basic.) I can't find anything in my code that should be messing with the request, and it seems odd to me that it isn't working locally with Mongrel. Any suggestions?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
我强烈建议使用身份验证 gem/插件,例如 Devise 或 Authlogic。它们都支持基本的 HTTP 身份验证。
设计:https://github.com/plataformatec/devise 和
http://railscasts.com/episodes/209-introducing-devise
Authlogic:https://github.com/binarylogic/authlogic 和
http://railscasts.com/episodes/160-authlogic
I would strongly recommend using an authentication gem/plugin like Devise or Authlogic. They both support basic HTTP authentication.
Devise: https://github.com/plataformatec/devise and
http://railscasts.com/episodes/209-introducing-devise
Authlogic: https://github.com/binarylogic/authlogic and
http://railscasts.com/episodes/160-authlogic
对于任何未来的查看者:如果 Rails 收到的授权标头内容与您认为发送的内容不同,请检查以确保您没有使用 .htaccess/.htpasswd 文件。浏览器显然会记住凭据,并且它会覆盖您发送的任何内容!
只是花了大约 3 个小时试图解决这个问题。我当然希望它能对其他人有所帮助:-)
For any future viewers: if it appears that Rails is receiving something different for the Authorization header than you think you are sending, check to ensure you aren't using .htaccess/.htpasswd files. The browser apparently remembers the credentials and it overrides anything you send!
Just spent like 3 hours trying to figure this out. I sure hope it helps someone else down the line :-)