Use form instead of AuthType Basic (pop-up windows)

--0015174c1cc22fe6a1047daf53f7
Content-Type: text/plain; charset=ISO-8859-1

Hello, this is my first message to this list and I am also a bit new to
mod_perl.
My question is simple, in all the documentation I have found about mod_perl
and auth (like practical mod perl, or writing apache modules in perl and c)
they are always using AuthType Basic, so when the users tries to acess some
protected content, a pop up windows will appear to ask for name/pass.

What I want to do is to use a formulary instead of that pop-up window. As
far as I know looking at AuthCookie, for example, there they define
"AuthType Sample::AuthCookie" and they also define a login.pl and different
configs in the conf files.

I want to know the different steps to define and use a form instead of
AuthType Basic.

Thank you very much,
Juan Manuel Parrilla

--0015174c1cc22fe6a1047daf53f7
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

Hello, this is my first message to this list and I am also a bit new to mod=
_perl. My question is simple, in all the documentation I have found abou=
t mod_perl and auth (like practical mod perl, or writing apache modules in =
perl and c) they are always using AuthType Basic, so when the users tries t=
o acess some protected content, a pop up windows will appear to ask for nam=
e/pass. 
 What I want to do is to use a formulary instead of that pop-up window. =
As far as I know looking at AuthCookie, for example, there they define &quo=
t;AuthType Sample::AuthCookie" and they also define a <a href=3D"http:=
//login.pl">login.pl</a> and different configs in the conf files. 
 I want to know the different steps to define and use a form instead of =
AuthType Basic. Thank you very much, Juan Manuel Parrilla 

--0015174c1cc22fe6a1047daf53f7--

--00032555937a31a475047daf8ad7
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

Thank you for your answer, but I would like to use Authz and Authen like
AuthCookie is doing. (And I think Apache::Session is not doing so).
What I do not now is: how to use a form instead of "AuthType Basic"?

Juan Manuel Parrilla

2010/1/21 David Romero <romdav [at] gmail.com>

> Hi,
>
> Look at Apache::Session module, that module is easy to use and you can
> store any kind of data in the session object like the "login data"
>
> Just store in the session object the login form results where necessary.
>
>
> 2010/1/21 Juan Manuel Parrilla Guti=E9rrez <joanmanel [at] gmail.com>
>
> Hello, this is my first message to this list and I am also a bit new to
>> mod_perl.
>> My question is simple, in all the documentation I have found about
>> mod_perl and auth (like practical mod perl, or writing apache modules in
>> perl and c) they are always using AuthType Basic, so when the users trie=
s to
>> acess some protected content, a pop up windows will appear to ask for
>> name/pass.
>>
>> What I want to do is to use a formulary instead of that pop-up window. A=
s
>> far as I know looking at AuthCookie, for example, there they define
>> "AuthType Sample::AuthCookie" and they also define a login.pl and
>> different configs in the conf files.
>>
>> I want to know the different steps to define and use a form instead of
>> AuthType Basic.
>>
>> Thank you very much,
>> Juan Manuel Parrilla
>>
>
>
>
> --
> David Romero
> -----------------------------------------------------------
>
>

--00032555937a31a475047daf8ad7
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

Thank you for your answer, but I would like to use Authz and Authen like Au=
thCookie is doing. (And I think Apache::Session is not doing so). What I=
do not now is: how to use a form instead of "AuthType Basic"?<br=
>
 Juan Manuel Parrilla <div class=3D"gmail_quote">2010/1/21 David =
Romero <<a href=3D"mailto:romdav [at] gmail.com">romdav [at] gma=
il.com</a>> <blockquote class=3D"gmail_quote" style=3D"border-=
left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left=
: 1ex;">
Hi,<div> </div><div>Look at Apache::Session module, that module is easy =
to use and you can store any kind of data in the session object like the &q=
uot;login data" </div><div>Just store in the session object the=
login form results where necessary.</div>

<div> </div><div> <div class=3D"gmail_quote">2010/1/21 Juan Manuel Pa=
rrilla Guti=E9rrez <<a href=3D"mailto:joanmanel [at] gmail.=
com" target=3D"_blank">joanmanel [at] gmail.com</a>><div><div></div><d=
iv class=3D"h5">
 <blockquote class=3D"gmail_quote" style=3D"border-left: 1px solid rgb(2=
04, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Hello, this is my first message to this list and I am also a bit new to mod=
_perl. My question is simple, in all the documentation I have found abou=
t mod_perl and auth (like practical mod perl, or writing apache modules in =
perl and c) they are always using AuthType Basic, so when the users tries t=
o acess some protected content, a pop up windows will appear to ask for nam=
e/pass. 

 What I want to do is to use a formulary instead of that pop-up window. =
As far as I know looking at AuthCookie, for example, there they define &quo=
t;AuthType Sample::AuthCookie" and they also define a <a href=3D"http:=
//login.pl" target=3D"_blank">login.pl</a> and different configs in the con=
f files. 

 I want to know the different steps to define and use a form instead of =
AuthType Basic. Thank you very much, Juan=
Manuel Parrilla 
</blockquote></div></div></div> -- Davi=
d Romero ----------------------------------------------------------- =
 
</div>
</blockquote></div> 

--00032555937a31a475047daf8ad7--

Juan Manuel Parrilla Gutiérrez wrote:
> Hello, this is my first message to this list and I am also a bit new to
> mod_perl.
> My question is simple, in all the documentation I have found about mod_perl
> and auth (like practical mod perl, or writing apache modules in perl and c)
> they are always using AuthType Basic, so when the users tries to acess some
> protected content, a pop up windows will appear to ask for name/pass.
>
> What I want to do is to use a formulary instead of that pop-up window. As
> far as I know looking at AuthCookie, for example, there they define
> "AuthType Sample::AuthCookie" and they also define a login.pl and different
> configs in the conf files.
>
> I want to know the different steps to define and use a form instead of
> AuthType Basic.
>
Have a look here :
http://cpan.uwinnipeg.ca/htdocs/Apache-AuthCookie/Apache2/Au thCookie.html
and scroll to the section
THE LOGIN SCRIPT

If you install that module, it comes along with examples.
AAA is tricky, and maybe not the easiest way to start playing with
mod_perl. But this documentation is well-done, and should get you
started, if you follow it carefully.

--00151747884ecf0323047daffd59
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

Hello, I am sorry if I didnt explain me properly.
What I want to know is understand how use a formulary instead of AuthType
Basic. I know there are several modules that are doing this, but it is not
about using one, it is about understanding how.

I am doing my own Auth module (just to learn about it and mod_perl) and I
would like to use a form instead of pop up window, and using CGI is not an
option because I want to use Authz and Authen handlers.

What I need are the basic steps to move from AuthType Basic to use a form.

Thank you very much for all your answers,
Juan Manuel Parrilla Gutierrez

2010/1/21 Andr=E9 Warnier <aw [at] ice-sa.com>

> Juan Manuel Parrilla Guti=E9rrez wrote:
>
>> Hello, this is my first message to this list and I am also a bit new to
>> mod_perl.
>> My question is simple, in all the documentation I have found about
>> mod_perl
>> and auth (like practical mod perl, or writing apache modules in perl and
>> c)
>> they are always using AuthType Basic, so when the users tries to acess
>> some
>> protected content, a pop up windows will appear to ask for name/pass.
>>
>> What I want to do is to use a formulary instead of that pop-up window. A=
s
>> far as I know looking at AuthCookie, for example, there they define
>> "AuthType Sample::AuthCookie" and they also define a login.pl and
>> different
>> configs in the conf files.
>>
>> I want to know the different steps to define and use a form instead of
>> AuthType Basic.
>>
>> Have a look here :
> http://cpan.uwinnipeg.ca/htdocs/Apache-AuthCookie/Apache2/Au thCookie.html
> and scroll to the section
> THE LOGIN SCRIPT
>
> If you install that module, it comes along with examples.
> AAA is tricky, and maybe not the easiest way to start playing with
> mod_perl. But this documentation is well-done, and should get you starte=
d,
> if you follow it carefully.
>
>

--00151747884ecf0323047daffd59
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

Hello, I am sorry if I didnt explain me properly. What I want to know is=
understand how use a formulary instead of AuthType Basic. I know there are=
several modules that are doing this, but it is not about using one, it is =
about understanding how. 
 I am doing my own Auth module (just to learn about it and mod_perl) and=
I would like to use a form instead of pop up window, and using CGI is not =
an option because I want to use Authz and Authen handlers. What I ne=
ed are the basic steps to move from AuthType Basic to use a form. 
 Thank you very much for all your answers, Juan Manuel Parrilla Gutie=
rrez <div class=3D"gmail_quote">2010/1/21 Andr=E9 Warnier <<a href=3D"mailto:aw [at] ice-sa.com">aw [at] ice-sa.com</a>><=
br><blockquote class=3D"gmail_quote" style=3D"border-left: 1px solid rgb(20=
4, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Juan Manuel Parrilla Guti=E9rrez wrote: 
<blockquote class=3D"gmail_quote" style=3D"border-left: 1px solid rgb(204, =
204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Hello, this is my first message to this list and I am also a bit new to 
mod_perl. 
My question is simple, in all the documentation I have found about mod_perl=
 
and auth (like practical mod perl, or writing apache modules in perl and c)=
 
they are always using AuthType Basic, so when the users tries to acess some=
 
protected content, a pop up windows will appear to ask for name/pass. 
 
What I want to do is to use a formulary instead of that pop-up window. As<b=
r>
far as I know looking at AuthCookie, for example, there they define 
"AuthType Sample::AuthCookie" and they also define a <a href=3D"h=
ttp://login.pl" target=3D"_blank">login.pl</a> and different 
configs in the conf files. 
 
I want to know the different steps to define and use a form instead of 
AuthType Basic. 
 
</blockquote>
Have a look here : 
<a href=3D"http://cpan.uwinnipeg.ca/htdocs/Apache-AuthCookie/Apache2/AuthCo=
okie.html" target=3D"_blank">http://cpan.uwinnipeg.ca/htdocs/Apache-Aut hCoo=
kie/Apache2/AuthCookie.html</a> 
and scroll to the section 
THE LOGIN SCRIPT 
 
If you install that module, it comes along with examples. 
AAA is tricky, and maybe not the easiest way to start playing with mod_perl=
.. =A0But this documentation is well-done, and should get you started, if yo=
u follow it carefully. 
 
</blockquote></div> 

--00151747884ecf0323047daffd59--

This is a multi-part message in MIME format.
--------------050804090006050407040205
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit

On 1/21/2010 12:25 PM, Juan Manuel Parrilla Gutiérrez wrote:
> Hello, I am sorry if I didnt explain me properly.

Apache2::AuthCookie is what you are looking for. Read through the
source code, understand what it does and why and you will be able to
write your own. No, you cannot use an html form to input credentials
into the clients browser, i.e., replace the pop-up dialog. Hence the
need for an entire access and authentication system.

> Have a look here :
>
> http://cpan.uwinnipeg.ca/htdocs/Apache-AuthCookie/Apache2/Au thCookie.html
> and scroll to the section
> THE LOGIN SCRIPT
>
> If you install that module, it comes along with examples.
> AAA is tricky, and maybe not the easiest way to start playing with
> mod_perl. But this documentation is well-done, and should get you
> started, if you follow it carefully.
>
>

--------------050804090006050407040205
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
On 1/21/2010 12:25 PM, Juan Manuel Parrilla Gutiérrez wrote:
<blockquote
cite="mid:c762bdc01001210925w3735334ckcaff86d360510f79 [at] mail. gmail.com"
type="cite">Hello, I am sorry if I didnt explain me properly.</blockquote>
 
Apache2::AuthCookie is what you are looking for. Read through the
source code, understand what it does and why and you will be able to
write your own. No, you cannot use an html form to input credentials
into the clients browser, i.e., replace the pop-up dialog. Hence the
need for an entire access and authentication system. 
 
<blockquote
cite="mid:c762bdc01001210925w3735334ckcaff86d360510f79 [at] mail. gmail.com"
type="cite">Have a look here : 
<div class="gmail_quote">
<blockquote class="gmail_quote"
style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><a
moz-do-not-send="true"
href="http://cpan.uwinnipeg.ca/htdocs/Apache-AuthCookie/Apac he2/AuthCookie.html"
target="_blank">http://cpan.uwinnipeg.ca/htdocs/Apache-AuthC ookie/Apache2/AuthCookie.html</a> 
and scroll to the section 
THE LOGIN SCRIPT 
 
If you install that module, it comes along with examples. 
AAA is tricky, and maybe not the easiest way to start playing with
mod_perl. But this documentation is well-done, and should get you
started, if you follow it carefully. 
 
</blockquote>
</div>
 
</blockquote>
</body>
</html>

--------------050804090006050407040205--

--00032555f9ca665114047db031a5
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

Thank you for this example but it is talking about how to define the Authz
and Authen handlers, it is asuming that you are using AuthType Basic, " Whe=
n
Apache sends the HTTP header with this code, the browser will normally pop
up a dialog box that prompts the user for login information."

That is just what I want to change, instead of using a pop dialog, the
brower should send the user to a form.

Juan Manuel Parrilla Gutierrez

El 21 de enero de 2010 18:31, Morad IGMIR <sysadmin [at] alliancemca.com>escribi=
=F3:

> http://perl.apache.org/docs/2.0/user/handlers/http.html#Perl AuthenHandle=
r
>
>
>
> this should help
>
>
>
> *De :* Juan Manuel Parrilla Guti=E9rrez [mailto:joanmanel [at] gmail.com]
> *Envoy=E9 :* jeudi 21 janvier 2010 18:26
> *=C0 :* mod_perl list
> *Objet :* Re: Use form instead of AuthType Basic (pop-up windows)
>
>
>
> Hello, I am sorry if I didnt explain me properly.
> What I want to know is understand how use a formulary instead of AuthType
> Basic. I know there are several modules that are doing this, but it is no=
t
> about using one, it is about understanding how.
>
> I am doing my own Auth module (just to learn about it and mod_perl) and I
> would like to use a form instead of pop up window, and using CGI is not a=
n
> option because I want to use Authz and Authen handlers.
>
> What I need are the basic steps to move from AuthType Basic to use a form=
..
>
> Thank you very much for all your answers,
> Juan Manuel Parrilla Gutierrez
>
> 2010/1/21 Andr=E9 Warnier <aw [at] ice-sa.com>
>
> Juan Manuel Parrilla Guti=E9rrez wrote:
>
> Hello, this is my first message to this list and I am also a bit new to
> mod_perl.
> My question is simple, in all the documentation I have found about mod_pe=
rl
> and auth (like practical mod perl, or writing apache modules in perl and =
c)
> they are always using AuthType Basic, so when the users tries to acess so=
me
> protected content, a pop up windows will appear to ask for name/pass.
>
> What I want to do is to use a formulary instead of that pop-up window. As
> far as I know looking at AuthCookie, for example, there they define
> "AuthType Sample::AuthCookie" and they also define a login.pl and
> different
> configs in the conf files.
>
> I want to know the different steps to define and use a form instead of
> AuthType Basic.
>
> Have a look here :
> http://cpan.uwinnipeg.ca/htdocs/Apache-AuthCookie/Apache2/Au thCookie.html
> and scroll to the section
> THE LOGIN SCRIPT
>
> If you install that module, it comes along with examples.
> AAA is tricky, and maybe not the easiest way to start playing with
> mod_perl. But this documentation is well-done, and should get you starte=
d,
> if you follow it carefully.
>
>
>
> No virus found in this incoming message.
> Checked by AVG - www.avg.com
> Version: 9.0.730 / Virus Database: 271.1.1/2635 - Release Date: 01/21/10
> 08:34:00
>

--00032555f9ca665114047db031a5
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

Thank you for this example but it is talking about how to define the Authz =
and Authen handlers, it is asuming that you are using AuthType Basic, "=
; When Apache sends the HTTP header
with this code, the browser will normally pop up a dialog box that
prompts the user for login information." That is just what I wa=
nt to change, instead of using a pop dialog, the brower should send the use=
r to a form. Juan Manuel Parrilla Gutierrez <div class=3D"gma=
il_quote">
El 21 de enero de 2010 18:31, Morad IGMIR <<a href=3D"=
mailto:sysadmin [at] alliancemca.com">sysadmin [at] alliancemca.com</a>> es=
cribi=F3: <blockquote class=3D"gmail_quote" style=3D"border-left: 1px so=
lid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">

<div link=3D"blue" vlink=3D"purple" lang=3D"FR">

<div>

<a href=3D"http://perl.apache.org/docs/2.0/user/hand=
lers/http.html#PerlAuthenHandler" target=3D"_blank">http://perl.apache.org/=
docs/2.0/user/handlers/http.html#PerlAuthenHandler</a>

=A0

this should help

=A0

<div style=3D"border-style: solid none none; border-color: rgb(181, 196, 22=
3) -moz-use-text-color -moz-use-text-color; border-width: 1pt medium medium=
; padding: 3pt 0cm 0cm;">

De=A0:</b=
> Juan Manuel
Parrilla Guti=E9rrez [mailto:<a href=3D"mailto:joanmanel [at] gmail.com" target=
=3D"_blank">joanmanel [at] gmail.com</a>] 
Envoy=E9=A0: jeudi 21 janvier 2010 18:26 
=C0=A0: mod_perl list 
Objet=A0: Re: Use form instead of AuthType Basic (pop-up windows)</s=
pan>

</div><div><div></div><div class=3D"h5">

=A0

Hello, I am sorry if =
I didnt
explain me properly. 
What I want to know is understand how use a formulary instead of AuthType
Basic. I know there are several modules that are doing this, but it is not
about using one, it is about understanding how. 
 
I am doing my own Auth module (just to learn about it and mod_perl) and I w=
ould
like to use a form instead of pop up window, and using CGI is not an option
because I want to use Authz and Authen handlers. 
 
What I need are the basic steps to move from AuthType Basic to use a form.<=
br>
 
Thank you very much for all your answers, 
Juan Manuel Parrilla Gutierrez

<div>

2010/1/21 Andr=E9 Warnier <<a href=3D"mailto:aw [at] i=
ce-sa.com" target=3D"_blank">aw [at] ice-sa.com</a>>

Juan Manuel Parrilla Guti=E9rrez wrote:

Hello, this is my fir=
st message
to this list and I am also a bit new to 
mod_perl. 
My question is simple, in all the documentation I have found about mod_perl=
 
and auth (like practical mod perl, or writing apache modules in perl and c)=
 
they are always using AuthType Basic, so when the users tries to acess some=
 
protected content, a pop up windows will appear to ask for name/pass. 
 
What I want to do is to use a formulary instead of that pop-up window. As<b=
r>
far as I know looking at AuthCookie, for example, there they define 
"AuthType Sample::AuthCookie" and they also define a <a href=3D"h=
ttp://login.pl" target=3D"_blank">login.pl</a> and different 
configs in the conf files. 
 
I want to know the different steps to define and use a form instead of 
AuthType Basic.

Have a look here :<br=
>
<a href=3D"http://cpan.uwinnipeg.ca/htdocs/Apache-AuthCookie/Apache2/AuthCo=
okie.html" target=3D"_blank">http://cpan.uwinnipeg.ca/htdocs/Apache-Aut hCoo=
kie/Apache2/AuthCookie.html</a> 
and scroll to the section 
THE LOGIN SCRIPT 
 
If you install that module, it comes along with examples. 
AAA is tricky, and maybe not the easiest way to start playing with mod_perl=
..
=A0But this documentation is well-done, and should get you started, if you
follow it carefully.

</div>

=A0

</div></div>No virus
found in this incoming message. 
Checked by AVG - <a href=3D"http://www.avg.com" target=3D"_blank">www.avg.c=
om</a> 
Version: 9.0.730 / Virus Database: 271.1.1/2635 - Release Date: 01/21/10
08:34:00

</div>

</div>

</blockquote></div> 

--00032555f9ca665114047db031a5--

--_000_0C4F9AE61E425F4F8C6912AF90E9A9E9C682655FEXSEA19Bantam az_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

I happen to have just finished debugging my latest authen/authz cookie-base=
d authentication module last night, so this is *really* fresh in my head.

So right now you're using AuthType basic. Change that to something else sp=
ecific to your module. The basic auth will no longer respond.

Program an authentication handler (point to with PerlAuthenHandler directiv=
e). It returns Apache2::Const::DECLINED if the ->auth_type doesn't match y=
our custom type. Authen handlers set the ->user of the requestrec object (=
probably by reading and validating a cookie in this case). If authorizatio=
n is required for the request and you didn't set a username, you should pro=
bably return Apache2::Const::FORBIDDEN. If it succeeded or it doesn't matt=
er, you can return Apache2::Const::OK;

Program an authorization handler. (point to with PerlAuthzHandler directiv=
e). This use the Apache2::Access::requires method to get a list of your au=
thentication requirements from the auth config in apache's config file (lik=
e Require valid-user). And Apache2::Access::satisfies to determine how you=
interpret the list of requirements.

If you want to use a straight login page, If Authorization fails, set error=
header 'Location' to the location of your login script and return Apache2:=
:Const::REDIRECT from the handler.

If you want to use an error document, If Authorization fails, return Apache=
2::Const::AUTH_REQUIRED or Apache2::Const::FORBIDDEN from the handler. (co=
nfigure ErrorDocument 401 or 403 respectively)

If authorization succeeds, simply return Apache2::Const::OK.

I also have handlers functions for LOGIN and LOGOUT which set and clear the=
auth cookie. That's different though - Authen/Authz is the part where you=
decide if the user is recognized and is allowed to access, which is what y=
ou asked about.

David

From: Juan Manuel Parrilla Guti=E9rrez [mailto:joanmanel [at] gmail.com]
Sent: Thursday, January 21, 2010 9:26 AM
To: mod_perl list
Subject: Re: Use form instead of AuthType Basic (pop-up windows)

Hello, I am sorry if I didnt explain me properly.
What I want to know is understand how use a formulary instead of AuthType B=
asic. I know there are several modules that are doing this, but it is not a=
bout using one, it is about understanding how.

I am doing my own Auth module (just to learn about it and mod_perl) and I w=
ould like to use a form instead of pop up window, and using CGI is not an o=
ption because I want to use Authz and Authen handlers.

What I need are the basic steps to move from AuthType Basic to use a form.

Thank you very much for all your answers,
Juan Manuel Parrilla Gutierrez
2010/1/21 Andr=E9 Warnier <aw [at] ice-sa.com<mailto:aw [at] ice-sa.com>>
Juan Manuel Parrilla Guti=E9rrez wrote:
Hello, this is my first message to this list and I am also a bit new to
mod_perl.
My question is simple, in all the documentation I have found about mod_perl
and auth (like practical mod perl, or writing apache modules in perl and c)
they are always using AuthType Basic, so when the users tries to acess some
protected content, a pop up windows will appear to ask for name/pass.

What I want to do is to use a formulary instead of that pop-up window. As
far as I know looking at AuthCookie, for example, there they define
"AuthType Sample::AuthCookie" and they also define a login.pl<http://login.=
pl> and different
configs in the conf files.

I want to know the different steps to define and use a form instead of
AuthType Basic.
Have a look here :
http://cpan.uwinnipeg.ca/htdocs/Apache-AuthCookie/Apache2/Au thCookie.html
and scroll to the section
THE LOGIN SCRIPT

If you install that module, it comes along with examples.
AAA is tricky, and maybe not the easiest way to start playing with mod_perl=
.. But this documentation is well-done, and should get you started, if you =
follow it carefully.

--_000_0C4F9AE61E425F4F8C6912AF90E9A9E9C682655FEXSEA19Bantam az_
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr=
osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:x=3D"urn:schemas-microsoft-com:office:excel" xmlns:p=3D"urn:schemas-m=
icrosoft-com:office:powerpoint" xmlns:a=3D"urn:schemas-microsoft-com:office=
:access" xmlns:dt=3D"uuid:C2F41010-65B3-11d1-A29F-00AA00C14882" xmlns:s=3D"=
uuid:BDC6E3F0-6DA3-11d1-A2A3-00AA00C14882" xmlns:rs=3D"urn:schemas-microsof=
t-com:rowset" xmlns:z=3D"#RowsetSchema" xmlns:b=3D"urn:schemas-microsoft-co=
m:office:publisher" xmlns:ss=3D"urn:schemas-microsoft-com:office:spreadshee=
t" xmlns:c=3D"urn:schemas-microsoft-com:office:component:spread sheet" xmlns=
:odc=3D"urn:schemas-microsoft-com:office:odc" xmlns:oa=3D"urn:schemas-micro=
soft-com:office:activation" xmlns:html=3D"http://www.w3.org/TR/REC-html40" =
xmlns:q=3D"http://schemas.xmlsoap.org/soap/envelope/" xmlns:rtc=3D"http://m=
icrosoft.com/officenet/conferencing" xmlns:D=3D"DAV:" xmlns:Repl=3D"http://=
schemas.microsoft.com/repl/" xmlns:mt=3D"http://schemas.microsoft.com/share=
point/soap/meetings/" xmlns:x2=3D"http://schemas.microsoft.com/office/excel=
/2003/xml" xmlns:ppda=3D"http://www.passport.com/NameSpace.xsd" xmlns:ois=
=3D"http://schemas.microsoft.com/sharepoint/soap/ois/" xmlns:dir=3D"http://=
schemas.microsoft.com/sharepoint/soap/directory/" xmlns:ds=3D"http://www.w3=
..org/2000/09/xmldsig#" xmlns:dsp=3D"http://schemas.microsoft.com/sharepoint=
/dsp" xmlns:udc=3D"http://schemas.microsoft.com/data/udc" xmlns:xsd=3D"http=
://www.w3.org/2001/XMLSchema" xmlns:sub=3D"http://schemas.microsoft.com/sha=
repoint/soap/2002/1/alerts/" xmlns:ec=3D"http://www.w3.org/2001/04/xmlenc#"=
xmlns:sp=3D"http://schemas.microsoft.com/sharepoint/" xmlns:sps=3D"http://=
schemas.microsoft.com/sharepoint/soap/" xmlns:xsi=3D"http://www.w3.org/2001=
/XMLSchema-instance" xmlns:udcs=3D"http://schemas.microsoft.com/data/udc/so=
ap" xmlns:udcxf=3D"http://schemas.microsoft.com/data/udc/xmlfile " xmlns:udc=
p2p=3D"http://schemas.microsoft.com/data/udc/parttopart" xmlns:wf=3D"http:/=
/schemas.microsoft.com/sharepoint/soap/workflow/" xmlns:dsss=3D"http://sche=
mas.microsoft.com/office/2006/digsig-setup" xmlns:dssi=3D"http://schemas.mi=
crosoft.com/office/2006/digsig" xmlns:mdssi=3D"http://schemas.openxmlformat=
s.org/package/2006/digital-signature" xmlns:mver=3D"http://schemas.openxmlf=
ormats.org/markup-compatibility/2006" xmlns:m=3D"http://schemas.microsoft.c=
om/office/2004/12/omml" xmlns:mrels=3D"http://schemas.openxmlformats.org/pa=
ckage/2006/relationships" xmlns:spwp=3D"http://microsoft.com/sharepoint/web=
partpages" xmlns:ex12t=3D"http://schemas.microsoft.com/exchange/service s/20=
06/types" xmlns:ex12m=3D"http://schemas.microsoft.com/exchange/service s/200=
6/messages" xmlns:pptsl=3D"http://schemas.microsoft.com/sharepoint/soap/ Sli=
deLibrary/" xmlns:spsl=3D"http://microsoft.com/webservices/SharePointPor tal=
Server/PublishedLinksService" xmlns:Z=3D"urn:schemas-microsoft-com:" xmlns:=
st=3D"" xmlns=3D"http://www.w3.org/TR/REC-html40">

<head>
<meta http-equiv=3DContent-Type content=3D"text/html; charset=3Diso-8859-1"=
>
<meta name=3DGenerator content=3D"Microsoft Word 12 (filtered medium)">
<style>

</style>

</head>

<body lang=3DEN-US link=3Dblue vlink=3Dpurple>

<div class=3DSection1>

I happen to have just finished debugging my latest authen/au=
thz
cookie-based authentication module last night, so this is *really* f=
resh
in my head.<o:p></o:p>

<o:p> </o:p>

So right now you’re using AuthType basic.=A0 Change th=
at to
something else specific to your module.=A0 The basic auth will no longer re=
spond.<o:p></o:p>

<o:p> </o:p>

Program an authentication handler (point to with
PerlAuthenHandler directive).=A0 It returns Apache2::Const::DECLINED if the=
->auth_type
doesn’t match your custom type.=A0 Authen handlers set the ->user =
of the
requestrec object (probably by reading and validating a cookie in this case=
).=A0
If authorization is required for the request and you didn’t set a
username, you should probably return Apache2::Const::FORBIDDEN.=A0 If it
succeeded or it doesn’t matter, you can return Apache2::Const::OK;<o:=
p></o:p>

<o:p> </o:p>

Program an authorization handler.=A0 (point to with PerlAuth=
zHandler
directive).=A0 This use the Apache2::Access::requires method to get a list =
of
your authentication requirements from the auth config in apache’s con=
fig
file (like Require valid-user).=A0 And Apache2::Access::satisfies to determ=
ine
how you =A0interpret the list of requirements.<o:p></o:p>

<o:p> </o:p>

If you want to use a straight login page, If Authorization
fails, set error header ‘Location’ to the location of your logi=
n
script and return Apache2::Const::REDIRECT from the handler.<o:p></o:p></sp=
an>

<o:p> </o:p>

If you want to use an error document, If Authorization fails=
, return
Apache2::Const::AUTH_REQUIRED or Apache2::Const::FORBIDDEN from the handler=
..=A0
(configure ErrorDocument 401 or 403 respectively)<o:p></o:p>

<o:p> </o:p>

If authorization succeeds, simply return Apache2::Const::OK.=
<o:p></o:p>

<o:p> </o:p>

I also have handlers functions for LOGIN and LOGOUT which se=
t
and clear the auth cookie.=A0 That’s different though – Authen/=
Authz
is the part where you decide if the user is recognized and is allowed to ac=
cess,
which is what you asked about.<o:p></o:p>

<o:p> </o:p>

David<o:p></o:p>

<o:p> </o:p>

<o:p> </o:p>

<o:p> </o:p>

<div style=3D'border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in =
0in 0in'>

From: Juan Manuel
Parrilla Guti=E9rrez [mailto:joanmanel [at] gmail.com] 
Sent: Thursday, January 21, 2010 9:26 AM 
To: mod_perl list 
Subject: Re: Use form instead of AuthType Basic (pop-up windows)<o:p=
></o:p>

</div>

<o:p> </o:p>

Hello, I am sorry if I =
didnt
explain me properly. 
What I want to know is understand how use a formulary instead of AuthType
Basic. I know there are several modules that are doing this, but it is not
about using one, it is about understanding how. 
 
I am doing my own Auth module (just to learn about it and mod_perl) and I w=
ould
like to use a form instead of pop up window, and using CGI is not an option
because I want to use Authz and Authen handlers. 
 
What I need are the basic steps to move from AuthType Basic to use a form.<=
br>
 
Thank you very much for all your answers, 
Juan Manuel Parrilla Gutierrez<o:p></o:p>

<div>

2010/1/21 Andr=E9 Warnier <<a href=3D"mailto:aw [at] ice=
-sa.com">aw [at] ice-sa.com</a>><o:p></o:p>

Juan Manuel Parrilla Guti=E9rrez wrote:<o:p></o:p>

Hello, this is my first=
message
to this list and I am also a bit new to 
mod_perl. 
My question is simple, in all the documentation I have found about mod_perl=
 
and auth (like practical mod perl, or writing apache modules in perl and c)=
 
they are always using AuthType Basic, so when the users tries to acess some=
 
protected content, a pop up windows will appear to ask for name/pass. 
 
What I want to do is to use a formulary instead of that pop-up window. As<b=
r>
far as I know looking at AuthCookie, for example, there they define 
"AuthType Sample::AuthCookie" and they also define a <a
href=3D"http://login.pl" target=3D"_blank">login.pl</a> and different 
configs in the conf files. 
 
I want to know the different steps to define and use a form instead of 
AuthType Basic.<o:p></o:p>

Have a look here : 
<a
href=3D"http://cpan.uwinnipeg.ca/htdocs/Apache-AuthCookie/Ap ache2/AuthCooki=
e.html"
target=3D"_blank">http://cpan.uwinnipeg.ca/htdocs/Apache-Aut hCookie/Apache2=
/AuthCookie.html</a> 
and scroll to the section 
THE LOGIN SCRIPT 
 
If you install that module, it comes along with examples. 
AAA is tricky, and maybe not the easiest way to start playing with mod_perl=
..
But this documentation is well-done, and should get you started, if y=
ou
follow it carefully.<o:p></o:p>

</div>

<o:p> </o:p>

</div>

</body>

</html>

--_000_0C4F9AE61E425F4F8C6912AF90E9A9E9C682655FEXSEA19Bantam az_--

--00032555a4e6519bd3047db0c2c0
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable

Thank you for the information. I didnt know that what login and logout
scripts were doing was setting/clearing the cookie.

Juan Manuel Parrilla

El 21 de enero de 2010 19:15, Ihnen, David <dihnen [at] amazon.com> escribi=F3:

> I happen to have just finished debugging my latest authen/authz
> cookie-based authentication module last night, so this is **really** fres=
h
> in my head.
>
>
>
> So right now you=92re using AuthType basic. Change that to something els=
e
> specific to your module. The basic auth will no longer respond.
>
>
>
> Program an authentication handler (point to with PerlAuthenHandler
> directive). It returns Apache2::Const::DECLINED if the ->auth_type doesn=
=92t
> match your custom type. Authen handlers set the ->user of the requestrec
> object (probably by reading and validating a cookie in this case). If
> authorization is required for the request and you didn=92t set a username=
, you
> should probably return Apache2::Const::FORBIDDEN. If it succeeded or it
> doesn=92t matter, you can return Apache2::Const::OK;
>
>
>
> Program an authorization handler. (point to with PerlAuthzHandler
> directive). This use the Apache2::Access::requires method to get a list =
of
> your authentication requirements from the auth config in apache=92s confi=
g
> file (like Require valid-user). And Apache2::Access::satisfies to determ=
ine
> how you interpret the list of requirements.
>
>
>
> If you want to use a straight login page, If Authorization fails, set err=
or
> header =91Location=92 to the location of your login script and return
> Apache2::Const::REDIRECT from the handler.
>
>
>
> If you want to use an error document, If Authorization fails, return
> Apache2::Const::AUTH_REQUIRED or Apache2::Const::FORBIDDEN from the
> handler. (configure ErrorDocument 401 or 403 respectively)
>
>
>
> If authorization succeeds, simply return Apache2::Const::OK.
>
>
>
> I also have handlers functions for LOGIN and LOGOUT which set and clear t=
he
> auth cookie. That=92s different though =96 Authen/Authz is the part wher=
e you
> decide if the user is recognized and is allowed to access, which is what =
you
> asked about.
>
>
>
> David
>
>
>
>
>
>
>
> *From:* Juan Manuel Parrilla Guti=E9rrez [mailto:joanmanel [at] gmail.com]
> *Sent:* Thursday, January 21, 2010 9:26 AM
> *To:* mod_perl list
> *Subject:* Re: Use form instead of AuthType Basic (pop-up windows)
>
>
>
> Hello, I am sorry if I didnt explain me properly.
> What I want to know is understand how use a formulary instead of AuthType
> Basic. I know there are several modules that are doing this, but it is no=
t
> about using one, it is about understanding how.
>
> I am doing my own Auth module (just to learn about it and mod_perl) and I
> would like to use a form instead of pop up window, and using CGI is not a=
n
> option because I want to use Authz and Authen handlers.
>
> What I need are the basic steps to move from AuthType Basic to use a form=
..
>
> Thank you very much for all your answers,
> Juan Manuel Parrilla Gutierrez
>
> 2010/1/21 Andr=E9 Warnier <aw [at] ice-sa.com>
>
> Juan Manuel Parrilla Guti=E9rrez wrote:
>
> Hello, this is my first message to this list and I am also a bit new to
> mod_perl.
> My question is simple, in all the documentation I have found about mod_pe=
rl
> and auth (like practical mod perl, or writing apache modules in perl and =
c)
> they are always using AuthType Basic, so when the users tries to acess so=
me
> protected content, a pop up windows will appear to ask for name/pass.
>
> What I want to do is to use a formulary instead of that pop-up window. As
> far as I know looking at AuthCookie, for example, there they define
> "AuthType Sample::AuthCookie" and they also define a login.pl and
> different
> configs in the conf files.
>
> I want to know the different steps to define and use a form instead of
> AuthType Basic.
>
> Have a look here :
> http://cpan.uwinnipeg.ca/htdocs/Apache-AuthCookie/Apache2/Au thCookie.html
> and scroll to the section
> THE LOGIN SCRIPT
>
> If you install that module, it comes along with examples.
> AAA is tricky, and maybe not the easiest way to start playing with
> mod_perl. But this documentation is well-done, and should get you starte=
d,
> if you follow it carefully.
>
>
>

--00032555a4e6519bd3047db0c2c0
Content-Type: text/html; charset=windows-1252
Content-Transfer-Encoding: quoted-printable

Thank you for the information. I didnt know that what login and logout scri=
pts were doing was setting/clearing the cookie. Juan Manuel Parrilla=
 <div class=3D"gmail_quote">El 21 de enero de 2010 19:15, Ihnen, Dav=
id <<a href=3D"mailto:dihnen [at] amazon.com">dihnen [at] amazon=
..com</a>> escribi=F3: 
<blockquote class=3D"gmail_quote" style=3D"border-left: 1px solid rgb(204, =
204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">

<div link=3D"blue" vlink=3D"purple" lang=3D"EN-US">

<div>

I happen to have just finished debugging my latest authen/authz
cookie-based authentication module last night, so this is *really* f=
resh
in my head.

=A0

So right now you=92re using AuthType basic.=A0 Change that to
something else specific to your module.=A0 The basic auth will no longer re=
spond.

=A0

Program an authentication handler (point to with
PerlAuthenHandler directive).=A0 It returns Apache2::Const::DECLINED if the=
->auth_type
doesn=92t match your custom type.=A0 Authen handlers set the ->user of t=
he
requestrec object (probably by reading and validating a cookie in this case=
).=A0
If authorization is required for the request and you didn=92t set a
username, you should probably return Apache2::Const::FORBIDDEN.=A0 If it
succeeded or it doesn=92t matter, you can return Apache2::Const::OK;=


=A0

Program an authorization handler.=A0 (point to with PerlAuthzHandler
directive).=A0 This use the Apache2::Access::requires method to get a list =
of
your authentication requirements from the auth config in apache=92s config
file (like Require valid-user).=A0 And Apache2::Access::satisfies to determ=
ine
how you =A0interpret the list of requirements.

=A0

If you want to use a straight login page, If Authorization
fails, set error header =91Location=92 to the location of your login
script and return Apache2::Const::REDIRECT from the handler.

=A0

If you want to use an error document, If Authorization fails, return
Apache2::Const::AUTH_REQUIRED or Apache2::Const::FORBIDDEN from the handler=
..=A0
(configure ErrorDocument 401 or 403 respectively)

=A0

If authorization succeeds, simply return Apache2::Const::OK.</=
p>

=A0

I also have handlers functions for LOGIN and LOGOUT which set
and clear the auth cookie.=A0 That=92s different though =96 Authen/Authz
is the part where you decide if the user is recognized and is allowed to ac=
cess,
which is what you asked about.

=A0

David

=A0

=A0

=A0

<div style=3D"border-style: solid none none; border-color: rgb(181, 196, 22=
3) -moz-use-text-color -moz-use-text-color; border-width: 1pt medium medium=
; padding: 3pt 0in 0in;">

From:=
 Juan Manuel
Parrilla Guti=E9rrez [mailto:<a href=3D"mailto:joanmanel [at] gmail.com" target=
=3D"_blank">joanmanel [at] gmail.com</a>] 
Sent: Thursday, January 21, 2010 9:26 AM 
To: mod_perl list 
Subject: Re: Use form instead of AuthType Basic (pop-up windows)</sp=
an>

</div>

=A0

Hello, I am sorry if =
I didnt
explain me properly. 
What I want to know is understand how use a formulary instead of AuthType
Basic. I know there are several modules that are doing this, but it is not
about using one, it is about understanding how. 
 
I am doing my own Auth module (just to learn about it and mod_perl) and I w=
ould
like to use a form instead of pop up window, and using CGI is not an option
because I want to use Authz and Authen handlers. 
 
What I need are the basic steps to move from AuthType Basic to use a form.<=
br>
 
Thank you very much for all your answers, 
Juan Manuel Parrilla Gutierrez

<div>

2010/1/21 Andr=E9 Warnier <<a href=3D"mailto:aw [at] i=
ce-sa.com" target=3D"_blank">aw [at] ice-sa.com</a>>

Juan Manuel Parrilla Guti=E9rrez wrote:

Hello, this is my fir=
st message
to this list and I am also a bit new to 
mod_perl. 
My question is simple, in all the documentation I have found about mod_perl=
 
and auth (like practical mod perl, or writing apache modules in perl and c)=
 
they are always using AuthType Basic, so when the users tries to acess some=
 
protected content, a pop up windows will appear to ask for name/pass. 
 
What I want to do is to use a formulary instead of that pop-up window. As<b=
r>
far as I know looking at AuthCookie, for example, there they define 
"AuthType Sample::AuthCookie" and they also define a <a href=3D"h=
ttp://login.pl" target=3D"_blank">login.pl</a> and different 
configs in the conf files. 
 
I want to know the different steps to define and use a form instead of 
AuthType Basic.

Have a look here :<br=
>
<a href=3D"http://cpan.uwinnipeg.ca/htdocs/Apache-AuthCookie/Apache2/AuthCo=
okie.html" target=3D"_blank">http://cpan.uwinnipeg.ca/htdocs/Apache-Aut hCoo=
kie/Apache2/AuthCookie.html</a> 
and scroll to the section 
THE LOGIN SCRIPT 
 
If you install that module, it comes along with examples. 
AAA is tricky, and maybe not the easiest way to start playing with mod_perl=
..
=A0But this documentation is well-done, and should get you started, if you
follow it carefully.

</div>

=A0

</div>

</div>

</blockquote></div> 

--00032555a4e6519bd3047db0c2c0--

--_000_0C4F9AE61E425F4F8C6912AF90E9A9E9C68265C7EXSEA19Bantam az_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

I suppose it is not obvious that when using login page authentication that =
you are responsible for the creation of the mechanism by which you identify=
the user?

I could point out that merely the fact you are utilizing a login form does =
not mean you HAVE to use cookies - it just has less ramifications than othe=
r possibilities.

That is, whether the request is

GET /index.html HTTP/1.1
Host: myserver.com
Cookie: AuthTicket=3Dusername-ABCDEFGHIJKLM

Or the request is

GET /username-ABCDEFGHIJKLM/index.html HTTP/1.1
Host: myserver.com

Your authorization handler can get the string 'username-ABCDEFGHIJKLM' and =
use it for the purposes of authentication/authorization. Just in the latte=
r case, you'll be adding a PerlMapToStorageHandler to map around the extra =
auth information in the url and still access the file!

(I've used this strategy of embedding auth tickets in urls for download and=
media links handled by external programs that won't have the cookie)

David

From: Juan Manuel Parrilla Guti=E9rrez [mailto:joanmanel [at] gmail.com]
Sent: Thursday, January 21, 2010 10:21 AM
To: Ihnen, David
Cc: mod_perl list
Subject: Re: Use form instead of AuthType Basic (pop-up windows)

Thank you for the information. I didnt know that what login and logout scri=
pts were doing was setting/clearing the cookie.

Juan Manuel Parrilla
El 21 de enero de 2010 19:15, Ihnen, David <dihnen [at] amazon.com<mailto:dihnen=
[at] amazon.com>> escribi=F3:
I happen to have just finished debugging my latest authen/authz cookie-base=
d authentication module last night, so this is *really* fresh in my head.

So right now you're using AuthType basic. Change that to something else sp=
ecific to your module. The basic auth will no longer respond.

Program an authentication handler (point to with PerlAuthenHandler directiv=
e). It returns Apache2::Const::DECLINED if the ->auth_type doesn't match y=
our custom type. Authen handlers set the ->user of the requestrec object (=
probably by reading and validating a cookie in this case). If authorizatio=
n is required for the request and you didn't set a username, you should pro=
bably return Apache2::Const::FORBIDDEN. If it succeeded or it doesn't matt=
er, you can return Apache2::Const::OK;

Program an authorization handler. (point to with PerlAuthzHandler directiv=
e). This use the Apache2::Access::requires method to get a list of your au=
thentication requirements from the auth config in apache's config file (lik=
e Require valid-user). And Apache2::Access::satisfies to determine how you=
interpret the list of requirements.

If you want to use a straight login page, If Authorization fails, set error=
header 'Location' to the location of your login script and return Apache2:=
:Const::REDIRECT from the handler.

If you want to use an error document, If Authorization fails, return Apache=
2::Const::AUTH_REQUIRED or Apache2::Const::FORBIDDEN from the handler. (co=
nfigure ErrorDocument 401 or 403 respectively)

If authorization succeeds, simply return Apache2::Const::OK.

I also have handlers functions for LOGIN and LOGOUT which set and clear the=
auth cookie. That's different though - Authen/Authz is the part where you=
decide if the user is recognized and is allowed to access, which is what y=
ou asked about.

David

From: Juan Manuel Parrilla Guti=E9rrez [mailto:joanmanel [at] gmail.com<mailto:j=
oanmanel [at] gmail.com>]
Sent: Thursday, January 21, 2010 9:26 AM
To: mod_perl list
Subject: Re: Use form instead of AuthType Basic (pop-up windows)

Hello, I am sorry if I didnt explain me properly.
What I want to know is understand how use a formulary instead of AuthType B=
asic. I know there are several modules that are doing this, but it is not a=
bout using one, it is about understanding how.

I am doing my own Auth module (just to learn about it and mod_perl) and I w=
ould like to use a form instead of pop up window, and using CGI is not an o=
ption because I want to use Authz and Authen handlers.

What I need are the basic steps to move from AuthType Basic to use a form.

Thank you very much for all your answers,
Juan Manuel Parrilla Gutierrez
2010/1/21 Andr=E9 Warnier <aw [at] ice-sa.com<mailto:aw [at] ice-sa.com>>
Juan Manuel Parrilla Guti=E9rrez wrote:
Hello, this is my first message to this list and I am also a bit new to
mod_perl.
My question is simple, in all the documentation I have found about mod_perl
and auth (like practical mod perl, or writing apache modules in perl and c)
they are always using AuthType Basic, so when the users tries to acess some
protected content, a pop up windows will appear to ask for name/pass.

What I want to do is to use a formulary instead of that pop-up window. As
far as I know looking at AuthCookie, for example, there they define
"AuthType Sample::AuthCookie" and they also define a login.pl<http://login.=
pl> and different
configs in the conf files.

I want to know the different steps to define and use a form instead of
AuthType Basic.
Have a look here :
http://cpan.uwinnipeg.ca/htdocs/Apache-AuthCookie/Apache2/Au thCookie.html
and scroll to the section
THE LOGIN SCRIPT

If you install that module, it comes along with examples.
AAA is tricky, and maybe not the easiest way to start playing with mod_perl=
.. But this documentation is well-done, and should get you started, if you =
follow it carefully.

--_000_0C4F9AE61E425F4F8C6912AF90E9A9E9C68265C7EXSEA19Bantam az_
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; charset=3Diso-8859-=
1">
<html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr=
osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:x=3D"urn:schemas-microsoft-com:office:excel" xmlns:p=3D"urn:schemas-m=
icrosoft-com:office:powerpoint" xmlns:a=3D"urn:schemas-microsoft-com:office=
:access" xmlns:dt=3D"uuid:C2F41010-65B3-11d1-A29F-00AA00C14882" xmlns:s=3D"=
uuid:BDC6E3F0-6DA3-11d1-A2A3-00AA00C14882" xmlns:rs=3D"urn:schemas-microsof=
t-com:rowset" xmlns:z=3D"#RowsetSchema" xmlns:b=3D"urn:schemas-microsoft-co=
m:office:publisher" xmlns:ss=3D"urn:schemas-microsoft-com:office:spreadshee=
t" xmlns:c=3D"urn:schemas-microsoft-com:office:component:spread sheet" xmlns=
:odc=3D"urn:schemas-microsoft-com:office:odc" xmlns:oa=3D"urn:schemas-micro=
soft-com:office:activation" xmlns:html=3D"http://www.w3.org/TR/REC-html40" =
xmlns:q=3D"http://schemas.xmlsoap.org/soap/envelope/" xmlns:rtc=3D"http://m=
icrosoft.com/officenet/conferencing" xmlns:D=3D"DAV:" xmlns:Repl=3D"http://=
schemas.microsoft.com/repl/" xmlns:mt=3D"http://schemas.microsoft.com/share=
point/soap/meetings/" xmlns:x2=3D"http://schemas.microsoft.com/office/excel=
/2003/xml" xmlns:ppda=3D"http://www.passport.com/NameSpace.xsd" xmlns:ois=
=3D"http://schemas.microsoft.com/sharepoint/soap/ois/" xmlns:dir=3D"http://=
schemas.microsoft.com/sharepoint/soap/directory/" xmlns:ds=3D"http://www.w3=
..org/2000/09/xmldsig#" xmlns:dsp=3D"http://schemas.microsoft.com/sharepoint=
/dsp" xmlns:udc=3D"http://schemas.microsoft.com/data/udc" xmlns:xsd=3D"http=
://www.w3.org/2001/XMLSchema" xmlns:sub=3D"http://schemas.microsoft.com/sha=
repoint/soap/2002/1/alerts/" xmlns:ec=3D"http://www.w3.org/2001/04/xmlenc#"=
xmlns:sp=3D"http://schemas.microsoft.com/sharepoint/" xmlns:sps=3D"http://=
schemas.microsoft.com/sharepoint/soap/" xmlns:xsi=3D"http://www.w3.org/2001=
/XMLSchema-instance" xmlns:udcs=3D"http://schemas.microsoft.com/data/udc/so=
ap" xmlns:udcxf=3D"http://schemas.microsoft.com/data/udc/xmlfile " xmlns:udc=
p2p=3D"http://schemas.microsoft.com/data/udc/parttopart" xmlns:wf=3D"http:/=
/schemas.microsoft.com/sharepoint/soap/workflow/" xmlns:dsss=3D"http://sche=
mas.microsoft.com/office/2006/digsig-setup" xmlns:dssi=3D"http://schemas.mi=
crosoft.com/office/2006/digsig" xmlns:mdssi=3D"http://schemas.openxmlformat=
s.org/package/2006/digital-signature" xmlns:mver=3D"http://schemas.openxmlf=
ormats.org/markup-compatibility/2006" xmlns:m=3D"http://schemas.microsoft.c=
om/office/2004/12/omml" xmlns:mrels=3D"http://schemas.openxmlformats.org/pa=
ckage/2006/relationships" xmlns:spwp=3D"http://microsoft.com/sharepoint/web=
partpages" xmlns:ex12t=3D"http://schemas.microsoft.com/exchange/service s/20=
06/types" xmlns:ex12m=3D"http://schemas.microsoft.com/exchange/service s/200=
6/messages" xmlns:pptsl=3D"http://schemas.microsoft.com/sharepoint/soap/ Sli=
deLibrary/" xmlns:spsl=3D"http://microsoft.com/webservices/SharePointPor tal=
Server/PublishedLinksService" xmlns:Z=3D"urn:schemas-microsoft-com:" xmlns:=
st=3D"" xmlns=3D"http://www.w3.org/TR/REC-html40">

<head>

<meta name=3DGenerator content=3D"Microsoft Word 12 (filtered medium)">
<style>

</style>

</head>

<body lang=3DEN-US link=3Dblue vlink=3Dpurple>

<div class=3DSection1>

I suppose it is not obvious that when using login page
authentication that you are responsible for the creation of the mechanism b=
y
which you identify the user?<o:p></o:p>

<o:p> </o:p>

I could point out that merely the fact you are utilizing a l=
ogin
form does not mean you HAVE to use cookies – it just has less ramific=
ations
than other possibilities.<o:p></o:p>

<o:p> </o:p>

That is, whether the request is<o:p></o:p>

<o:p> </o:p>

GET /index.html HTTP/1.1<o:p></o:p>

Host: myserver.com<o:p></o:p>

Cookie: AuthTicket=3Dusername-ABCDEFGHIJKLM<o:p></o:p></span=
>

<o:p> </o:p>

Or the request is <o:p></o:p>

<o:p> </o:p>

GET /username-ABCDEFGHIJKLM/index.html HTTP/1.1<o:p></o:p></=
span>

Host: myserver.com<o:p></o:p>

<o:p> </o:p>

Your authorization handler can get the string ‘usernam=
e-ABCDEFGHIJKLM’
and use it for the purposes of authentication/authorization.=A0 Just in the
latter case, you’ll be adding a PerlMapToStorageHandler to map around=
the extra
auth information in the url and still access the file!<o:p></o:p></p=
>

<o:p> </o:p>

(I’ve used this strategy of embedding auth tickets in =
urls for
download and media links handled by external programs that won’t have=
the
cookie)<o:p></o:p>

<o:p> </o:p>

David<o:p></o:p>

<o:p> </o:p>

<o:p> </o:p>

<div style=3D'border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in =
0in 0in'>

From: Juan Manuel
Parrilla Guti=E9rrez [mailto:joanmanel [at] gmail.com] 
Sent: Thursday, January 21, 2010 10:21 AM 
To: Ihnen, David 
Cc: mod_perl list 
Subject: Re: Use form instead of AuthType Basic (pop-up windows)<o:p=
></o:p>

</div>

<o:p> </o:p>

Thank you for the infor=
mation.
I didnt know that what login and logout scripts were doing was setting/clea=
ring
the cookie. 
 
Juan Manuel Parrilla<o:p></o:p>

<div>

El 21 de enero de 2010 19:15, Ihnen, David <<a
href=3D"mailto:dihnen [at] amazon.com">dihnen [at] amazon.com</a>> escribi=F3:<o:p=
></o:p>

<div>

<div>

I happen to have just finished deb=
ugging
my latest authen/authz cookie-based authentication module last night, so th=
is
is *really* fresh in my head.<o:p></o:p>

 <o:p></o:p>

So right now you’re using Au=
thType
basic. Change that to something else specific to your module. T=
he
basic auth will no longer respond.<o:p></o:p>

 <o:p></o:p>

Program an authentication handler =
(point
to with PerlAuthenHandler directive). It returns Apache2::Const::DECL=
INED
if the ->auth_type doesn’t match your custom type. Authen ha=
ndlers set
the ->user of the requestrec object (probably by reading and validating =
a
cookie in this case). If authorization is required for the request an=
d
you didn’t set a username, you should probably return
Apache2::Const::FORBIDDEN. If it succeeded or it doesn’t matter=
, you can
return Apache2::Const::OK;<o:p></o:p>

 <o:p></o:p>

Program an authorization handler.&=
nbsp;
(point to with PerlAuthzHandler directive). This use the
Apache2::Access::requires method to get a list of your authentication
requirements from the auth config in apache’s config file (like Requi=
re
valid-user). And Apache2::Access::satisfies to determine how you
interpret the list of requirements.<o:p></o:p>

 <o:p></o:p>

If you want to use a straight logi=
n
page, If Authorization fails, set error header ‘Location’ to th=
e location of
your login script and return Apache2::Const::REDIRECT from the handler.</sp=
an><o:p></o:p>

 <o:p></o:p>

If you want to use an error docume=
nt, If
Authorization fails, return Apache2::Const::AUTH_REQUIRED or
Apache2::Const::FORBIDDEN from the handler. (configure ErrorDocument =
401
or 403 respectively)<o:p></o:p>

 <o:p></o:p>

If authorization succeeds, simply =
return
Apache2::Const::OK.<o:p></o:p>

 <o:p></o:p>

I also have handlers functions for=
LOGIN
and LOGOUT which set and clear the auth cookie. That’s differen=
t though –
Authen/Authz is the part where you decide if the user is recognized and is
allowed to access, which is what you asked about.<o:p></o:p>

 <o:p></o:p>

David<o:p></o:p>

 <o:p></o:p>

 <o:p></o:p>

 <o:p></o:p>

<div style=3D'border:none;border-top:solid windowtext 1.0pt;padding:3.0pt 0=
in 0in 0in;
border-color:-moz-use-text-color -moz-use-text-color'>

From: Juan
Manuel Parrilla Guti=E9rrez [mailto:<a href=3D"mailto:joanmanel [at] gmail.com"
target=3D"_blank">joanmanel [at] gmail.com</a>] 
Sent: Thursday, January 21, 2010 9:26 AM 
To: mod_perl list 
Subject: Re: Use form instead of AuthType Basic (pop-up windows)</sp=
an><o:p></o:p>

</div>

 <o:p></o:p>

Hello,
I am sorry if I didnt explain me properly. 
What I want to know is understand how use a formulary instead of AuthType B=
asic.
I know there are several modules that are doing this, but it is not about u=
sing
one, it is about understanding how. 
 
I am doing my own Auth module (just to learn about it and mod_perl) and I w=
ould
like to use a form instead of pop up window, and using CGI is not an option
because I want to use Authz and Authen handlers. 
 
What I need are the basic steps to move from AuthType Basic to use a form.<=
br>
 
Thank you very much for all your answers, 
Juan Manuel Parrilla Gutierrez<o:p></o:p>

<div>

2010/1/21
Andr=E9 Warnier <<a href=3D"mailto:aw [at] ice-sa.com" target=3D"_blank">aw [at] i=
ce-sa.com</a>><o:p></o:p>

Juan
Manuel Parrilla Guti=E9rrez wrote:<o:p></o:p>

Hello,
this is my first message to this list and I am also a bit new to 
mod_perl. 
My question is simple, in all the documentation I have found about mod_perl=
 
and auth (like practical mod perl, or writing apache modules in perl and c)=
 
they are always using AuthType Basic, so when the users tries to acess some=
 
protected content, a pop up windows will appear to ask for name/pass. 
 
What I want to do is to use a formulary instead of that pop-up window. As<b=
r>
far as I know looking at AuthCookie, for example, there they define 
"AuthType Sample::AuthCookie" and they also define a <a
href=3D"http://login.pl" target=3D"_blank">login.pl</a> and different 
configs in the conf files. 
 
I want to know the different steps to define and use a form instead of 
AuthType Basic.<o:p></o:p>

Have a
look here : 
<a
href=3D"http://cpan.uwinnipeg.ca/htdocs/Apache-AuthCookie/Ap ache2/AuthCooki=
e.html"
target=3D"_blank">http://cpan.uwinnipeg.ca/htdocs/Apache-Aut hCookie/Apache2=
/AuthCookie.html</a> 
and scroll to the section 
THE LOGIN SCRIPT 
 
If you install that module, it comes along with examples. 
AAA is tricky, and maybe not the easiest way to start playing with mod_perl=
..
But this documentation is well-done, and should get you started, if y=
ou
follow it carefully.<o:p></o:p>

</div>

 <o:p></o:p>

</div>

</div>

</div>

<o:p> </o:p>

</div>

</body>

</html>

--_000_0C4F9AE61E425F4F8C6912AF90E9A9E9C68265C7EXSEA19Bantam az_--

Use form instead of AuthType Basic (pop-up windows)

Re: Use form instead of AuthType Basic (pop-up windows)

Re: Use form instead of AuthType Basic (pop-up windows)

Re: Use form instead of AuthType Basic (pop-up windows)

Re: Use form instead of AuthType Basic (pop-up windows)

Re: Use form instead of AuthType Basic (pop-up windows)

RE: Use form instead of AuthType Basic (pop-up windows)

Re: Use form instead of AuthType Basic (pop-up windows)

RE: Use form instead of AuthType Basic (pop-up windows)