需要基本身份验证对话框

发布于 2024-10-14 18:58:09 字数 462 浏览 2 评论 0原文

对于初学者来说；我对编码不太了解。

我对如何在特定目录或站点上触发/或抛出基本/标准“需要身份验证”对话框的脚本以及用户在其中输入的凭据非常感兴趣，以便根据另一个数据库上的另一个数据库进行检查网站。

即像那些“检查谁在 msn 上阻止了您”网站一样，他们从他们的网站获取您的凭据，然后根据 Hotmail 数据库或服务器进行检查，并告诉您凭据是否不正确（重试），或者如果正确，则会将您重定向到由管理员实施的特定网站。（在这种情况下 Hotmail 联系人列表）

并且当它检查凭据是否正确时，如何使脚本将这些凭据存储到特定的 .txt 文件或文件夹中？！

唯一的区别是我只是希望它成为基本身份验证对话框像这里的示例但是我希望在我的网站上实现这一点。

我希望我能理解。

预先非常感谢您。

原文

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

街道布景 2024-10-21 18:58:09

您需要向浏览器发送 401 响应代码，这将使浏览器提示输入用户名和密码。以下是取自 PHP 手册的 PHP 示例：

<?php
if (!isset($_SERVER['PHP_AUTH_USER'])) {
    header('WWW-Authenticate: Basic realm="My Realm"');
    header('HTTP/1.0 401 Unauthorized');
    echo 'Text to send if user hits Cancel button';
    exit;
} else {
    echo "<p>Hello {$_SERVER['PHP_AUTH_USER']}.</p>";
    echo "<p>You entered {$_SERVER['PHP_AUTH_PW']} as your password.</p>";
}
?>

您应该能够使用您选择的语言执行相同的操作，尽管您需要研究用户名和密码变量以您使用的语言存储的位置。

作为替代方案，您也可以在 Web 服务器中进行配置。这样，Web 服务器就会处理身份验证，您只需对应用程序进行编程即可获取当前用户名，该用户名通常可以在“REMOTE_USER”环境变量中找到。在 Apache 中，您可以按如下方式限制对特定文件夹的访问：

<Directory /usr/local/apache/htdocs/secret>
    AuthType Basic
    AuthName "Restricted Files"
    # (Following line optional)
    AuthBasicProvider file
    AuthUserFile /usr/local/apache/passwd/passwords
    Require user rbowen
</Directory>

请参阅有关身份验证的 Apache 文档和访问控制以获取更多信息。即使您使用不同的 Web 服务器，请放心，这是 Web 服务器的常见功能。我确信您将能够在您使用的任何网络服务器中找到等效的功能。

You will need to send a 401 response code to the browser which will make the browser prompt for a username and password. Here's an example in PHP taken from the PHP manual:

<?php
if (!isset($_SERVER['PHP_AUTH_USER'])) {
    header('WWW-Authenticate: Basic realm="My Realm"');
    header('HTTP/1.0 401 Unauthorized');
    echo 'Text to send if user hits Cancel button';
    exit;
} else {
    echo "<p>Hello {$_SERVER['PHP_AUTH_USER']}.</p>";
    echo "<p>You entered {$_SERVER['PHP_AUTH_PW']} as your password.</p>";
}
?>

You should be able to do the same thing in the language of your choice, although you will need to research where the username and password variables are stored in the language you use.

As an alternative, you may also be able to configure this in your web server. That way the web server handles authentication and you only need to program your application to get the current user name which is usually found in the "REMOTE_USER" environment variable. In Apache you might restrict access to a specific folder as follows:

<Directory /usr/local/apache/htdocs/secret>
    AuthType Basic
    AuthName "Restricted Files"
    # (Following line optional)
    AuthBasicProvider file
    AuthUserFile /usr/local/apache/passwd/passwords
    Require user rbowen
</Directory>

See the Apache documentation on authentication and access control for more information. Even if you are using a different web server, rest assured that this is a common feature in web servers. I'm sure you will be able to find the equivalent functionality in whatever web server you are using.

回复收藏 0 原文

一绘本一梦想 2024-10-21 18:58:09

Java 导入已被排除...

显示用户名/密码对话框...

HttpServletResponse httpResponse = (HttpServletResponse) response;
httpResponse.setHeader("WWW-Authenticate", "Basic realm=\"My Realm\"");
httpResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED, "");

解码请求...

private boolean authenticateRequestOk(HttpServletRequest request)
{
    String authorizationHeader = request.getHeader("Authorization");

    if (authorizationHeader != null)
    {
        byte[] decodedUsernamePassword;
        try
        {
            decodedUsernamePassword = Base64.decode(authorizationHeader.substring("Basic ".length()));
        }
        catch (IOException e)
        {
            log.error("Error decoding authorization header \"" + authorizationHeader + "\"", e);
            return false;
        }

        String usernameAndPassword = new String(decodedUsernamePassword);

        String username = StringUtils.substringBefore(usernameAndPassword, ":");
        String password = StringUtils.substringAfter(usernameAndPassword, ":");

        if (USERNAME.equalsIgnoreCase(username) && PASSWORD.equalsIgnoreCase(password))
        {
            return true;
        }
    }

    return false;
}

Java imports have been excluded...

To show the username/password dialog...

HttpServletResponse httpResponse = (HttpServletResponse) response;
httpResponse.setHeader("WWW-Authenticate", "Basic realm=\"My Realm\"");
httpResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED, "");

To decode the request...

private boolean authenticateRequestOk(HttpServletRequest request)
{
    String authorizationHeader = request.getHeader("Authorization");

    if (authorizationHeader != null)
    {
        byte[] decodedUsernamePassword;
        try
        {
            decodedUsernamePassword = Base64.decode(authorizationHeader.substring("Basic ".length()));
        }
        catch (IOException e)
        {
            log.error("Error decoding authorization header \"" + authorizationHeader + "\"", e);
            return false;
        }

        String usernameAndPassword = new String(decodedUsernamePassword);

        String username = StringUtils.substringBefore(usernameAndPassword, ":");
        String password = StringUtils.substringAfter(usernameAndPassword, ":");

        if (USERNAME.equalsIgnoreCase(username) && PASSWORD.equalsIgnoreCase(password))
        {
            return true;
        }
    }

    return false;
}

回复收藏 0 原文

~没有更多了~