2

I'm trying to use authenticate_with_http_basic in a Rails 2.3.4 app, and the username and password aren't being picked up. I did a little detective work and figured out that it's failing because there's no authorization header in the request. I tried adding the RewriteRule suggested in the docs:

RewriteRule ^(.*)$ dispatch.fcgi [E=X-HTTP_AUTHORIZATION:%{HTTP:Authorization},QSA,L]

I haven't had any luck, though, either with Apache/Passenger or Mongrel. I also didn't have any luck trying authenticate_with_http_basic in a Rails 3 app. If I change it to authenticate_or_request_with_http_basic, credentials given at the prompt work, but it ignores any supplied in the url. (Which makes sense, since it's calling authenticate_with_http_basic.) I can't find anything in my code that should be messing with the request, and it seems odd to me that it isn't working locally with Mongrel. Any suggestions?

Improve this question

2 Answers 2

Reset to default
3

I would strongly recommend using an authentication gem/plugin like Devise or Authlogic. They both support basic HTTP authentication.

Devise: https://github.com/plataformatec/devise and http://railscasts.com/episodes/209-introducing-devise

Authlogic: https://github.com/binarylogic/authlogic and http://railscasts.com/episodes/160-authlogic

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

I'm using Authlogic, but the problem is not so much how to authenticate the user but why the data isn't coming through. And even if I can find a different approach, I'm curious about why authenticate_with_http_basic isn't working!
0

For any future viewers: if it appears that Rails is receiving something different for the Authorization header than you think you are sending, check to ensure you aren't using .htaccess/.htpasswd files. The browser apparently remembers the credentials and it overrides anything you send!

Just spent like 3 hours trying to figure this out. I sure hope it helps someone else down the line :-)

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.