Hi,It's a bit of a challenge to determine where to post this question; while I mention PHP, my problem really concerns the digest authentication mechanism, so I am trying here, where the mechanism is probably best understood.
I'm trying to edit a php application that generates postscript files from html pages pages, html2ps/pdf (http://www.tufat.com/ script19.htm), to automatically authenticate with an apache server using digest authentication. Conceptually, while any visiting client can interact with the application, the page requests that the application itself makes appear to the web server to be originating from the application, and not from the client's browser. Thus, as far as I can tell, it becomes necessary for the application to be able to complete the authentication process entirely autonomously, creating a 'digest authentication session' (as I'll call it) that the end user does not necessarily even need to have access to.
I've reviewed the digest authentication example provided on the PHP Manual page titled, 'HTTP authentication with PHP' (http://us.php.net/ features.http-auth), and can certainly see how to build the necessary reply headers once the web server has accepted a username and password. However, the following things confuse me:
1. I'm not sure how to automatically provide the response to the server's initial 'HTTP/1.0 401 Unauthorized' response. With basic authentication this can easily be skipped by forming a request in the format: user:password@xxxxxxxxxxxxxxx, but this obviously doesn't work with digest authentication.
2. I'm not sure how the php application itself creates or maintains its own session.
3. Logically, the $_SERVER['PHP_AUTH_DIGEST'] variable then could not even contain the correct username, nonce, etc., because this would only be able to reflect the 'session' data of the end client, and not the data of the 'session' created by the application itself.
If anyone can even provide some theory, I could likely produce the necessary code, though any sample code, or pointers to such samples, would be greatly appreciated! So far, my searches have met with little success.
Thanks, Steven Stromer --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|