RE: [Zope] Has anyone tried authentication accross multiple serve rs?
-----Original Message----- From: Michel Pelletier [mailto:michel@digicool.com] Sent: Thursday, 8 April 1999 23:36 To: Phillip J. Eby; Jay, Dylan; 'zope@zope.org' Subject: RE: [Zope] Has anyone tried authentication accross multiple serve rs?
-----Original Message----- From: Phillip J. Eby [mailto:pje@telecommunity.com] Sent: Wednesday, April 07, 1999 11:10 PM To: Jay, Dylan; 'zope@zope.org' Subject: Re: [Zope] Has anyone tried authentication accross multiple servers?
At 11:29 AM 4/8/99 +1000, Jay, Dylan wrote:
I need this for a website I'm setting up so that users can download from several different locations around the world. I don't want users to have to type in their password twice. I presume there is no way to do this via basic authentication which leaves cookies. Has anyone tried this?
I'm in the midst of figuring out how to do authentication with cookies. The only way I can see to get ZPublisher to work intelligently with cookies is to hack the "unauthorized" method of the ModulePublisher class so that a login page can be called.
One caveat for your project: cookies will only work across servers if the servers share a common domain, e.g.: foo.bar.com and baz.bar.com.
UserDb and etcUserFolder can both do cookie based authentication. It's not too tricky and kinda snazzy in that you can create your own login/logout pages, etc. Check out the source of either package for the details.
I've tried using cookie authentication with UserDB but so far can not get it to work. Everytime I try to login in it presents me with the normal basic authentication header. I believe this maybe something to do with permissions but so far can't figure it out. I am using IIS4 and have turned of basic authentication.
On Fri, 9 Apr 1999, Jay, Dylan wrote:
I've tried using cookie authentication with UserDB but so far can not get it to work. Everytime I try to login in it presents me with the normal basic authentication header. I believe this maybe something to do with permissions but so far can't figure it out. I am using IIS4 and have turned of basic authentication.
I ran into the same problem, but found a workaround. Quite your browser. Totally. Then, reload it and go to the page in question. Apparently, once you've authenticated using the old style auth, cookie based auth doesn't work. It keeps trying to use the name you authenticated with previously, in the browser's cache, thus preventing the cookie-auth's mechanisms from working correctly. At least, that's my theory. :) This is kind of cumbersome, because once you login as manager to modify a page, you're hosed as far as testing cookie-based auth goes. Well, not hosed, you just have to quit your browser and restart it. Unfortunately, that can put quite a slowdown on the development cycle. :) Hope this helps. jkh
participants (2)
-
Jay, Dylan -
Jeff K. Hoffman