I don't see where your code does anything to authenticate the user
(ie: create the "authorization" header that gets sent to the server).
As I said in my original post, when the server receives an
un-authenticated "post" or "get", it issues a code 401 response. This
causes the browser to pop up its built-in prompt for userid and
password. When that is returned to the server, the server can accept
or reject. If it accepts, then through some mechanism that I don't
fully understand, all further exchanges with that client will contain
a valid "authorization" header. I have my server-side scripting set up
to check this header on every "post" and every "get" to control what
that particular user sees.
I was hoping that I could serve my own page (instead of sending a code
401) that would accomplish the same thing - apparently I can't. Any
other approach I take (including what you suggested) means that I have
to keep track of the user's session manually in some manner so that he
doesn't have to log in for every different page he wants to look at.
As to what's "wrong" with the standard pop up prompt: nothing really -
I just wanted to have a unique page that visually matched the rest of
the pages. Also, I have some thoughts of using a "PIN" number to
control access instead of the traditional userid and password.
On Tue, 19 Oct 2004 14:45:32 +0100, Philip Ronan
<ph***********@virgin.net> wrote:
Martin wrote:
In my case, all I want to do is provide a custom interface for the
user to key in his userid and password. :(
Perhaps you could have said that before...
<FORM action=""
onsubmit="location.href='http://' +
this.n.value + ':' + this.pw.value +
'@www.yourdomain.com/protectedfolder/';
return false;">
<LABEL>Name: <INPUT type="text" name="n"></LABEL><BR>
<LABEL>Password: <INPUT type="password" name="pw"></LABEL><BR>
<INPUT type="submit" value="Submit">
</FORM>
Obviously this won't work in browsers where Javascript is unavailable.
What's wrong with the standard interface?
Phil