HTTP Basic Authentication

Presentation

For now, this feature is only supported by Apache handler.

Extract from the Wikipedia article:

In the context of an HTTP transaction, the basic access authentication is a method designed to allow a web browser, or other client program, to provide credentials – in the form of a user name and password – when making a request.

Before transmission, the username and password are encoded as a sequence of base-64 characters. For example, the user name Aladdin and password open sesame would be combined as Aladdin:open sesame – which is equivalent to QWxhZGRpbjpvcGVuIHNlc2FtZQ== when encoded in Base64. Little effort is required to translate the encoded string back into the user name and password, and many popular security tools will decode the strings "on the fly".

So HTTP Basic Authentication is managed trough an HTTP header (Authorization), that can be forged by LL::NG, with this precautions:

Configuration

The Basic Authentication relies on a specific HTTP header, as described above. So you have just to declare this header for the virtual host in Manager.

For example, to forward login ($uid) and password ($_password if password is stored in session):

Authorization => "Basic ".encode_base64("$uid:$_password", "")
Don't forget to add an empty string as second argument of encode_base64 to avoid insert of "newline" characters

LL::NG provides a special function named basic to build this header.

So the above example can also be written like this:

Authorization => basic($uid,$_password)
The basic function will also force conversion from UTF-8 to ISO-8859-1, which should be accepted by most of HTTP servers.