HTTP Authentication with LWP

Im writing a program that wants to access a password protected
website. I use the credentials() function of LWP::UserAgent to setup
the username and password for this site but my script makes no use of
it, because the webserver doesn't answer with 401 Unauthorized.
Instead he says 200 OK and gives me a page with two textfields for
login/password. I made a workaround by enabling cookies and then
sending those values to the server but I hope there is a better way by
somehow getting credentials() to deal with that.

Re: HTTP Authentication with LWP

Just add an appropriate authorization header before you send the
request.

use MIME::Base64;

$req->header('Authorization', 'Basic '.encode_base64('Aladdin:open
sesame'));


Cheers,
Steffen

Re: HTTP Authentication with LWP

On Fri, 16 Nov 2007 01:19:34 -0800, Christian Schwarze wrote:
> Im writing a program that wants to access a password protected
> website. I use the credentials() function of LWP::UserAgent to setup
> the username and password for this site but my script makes no use of
> it, because the webserver doesn't answer with 401 Unauthorized.
> Instead he says 200 OK and gives me a page with two textfields for
> login/password. I made a workaround by enabling cookies and then
> sending those values to the server but I hope there is a better way by
> somehow getting credentials() to deal with that.

You don't want credentials(), you want to fill out a form. Whether the
server then supplies a cookie or does something else to log you in
shouldn't be your concern. Use WWW::Mechanize, visit the login page, then
use set_visible() to supply the username and password.

--
Peter Scott
http://www.perlmedic.com/
http://www.perldebugged.com/

Re: HTTP Authentication with LWP

sheinrich@my-deja.com wrote in news:3f1cbdbb-2d82-4360-b5cd-6b8fc04f48d9
@l1g2000hsa.googlegroups.com:

> Just add an appropriate authorization header before you send the
> request.

Just quote an appropriate amount of the message to which you are
responding.

> use MIME::Base64;
>
> $req->header('Authorization', 'Basic '.encode_base64('Aladdin:open
> sesame'));

The OP's problem is that the server he is contacting is *not* using HTTP
authentication. Therefore, sending headers will not help.

As Paul points out, the OP needs to write code to populate the fields in
the form and submit it.

As a further caution, if the page includes hidden fields or Javascript
that pre-processes form fields before submission, the OP may need to
figure out what other fields need to be supplied or transformations must
be carried out on form data before it is submitted.

Sinan

--
A. Sinan Unur <1usa@llenroc.ude.invalid>
(remove .invalid and reverse each component for email address)
clpmisc guidelines:

Re: HTTP Authentication with LWP

Christian Schwarze wrote:
> Im writing a program that wants to access a password protected
> website. I use the credentials() function of LWP::UserAgent to setup
> the username and password for this site but my script makes no use of
> it, because the webserver doesn't answer with 401 Unauthorized.
> Instead he says 200 OK and gives me a page with two textfields for
> login/password. I made a workaround by enabling cookies and then
> sending those values to the server but I hope there is a better way by
> somehow getting credentials() to deal with that.

That's the way to go then. Enable cookies, do a (GET|POST) request
passing the login data - whatever the login form wants - then do the
actual request(s). If a site doesn't do integrated authentication (and
this one doesn't, as it fails to return a 401 status), any attempts
with credentials() are futile.

-Chris

Re: HTTP Authentication with LWP

>
> The OP's problem is that the server he is contacting is *not* using HTTP
> authentication. Therefore, sending headers will not help.
He didn't say that.
He said his script made no use of credentials because a login form was
received instead of a 401 . This could also be attributed to a server
redirect upon a missing authentication in the initial request.

>
> As Paul points out, the OP needs to write code to populate the fields in
> the form and submit it.
(Who's Paul?)
>
> As a further caution, if the page includes hidden fields or Javascript
> that pre-processes form fields before submission, the OP may need to
> figure out what other fields need to be supplied or transformations must
> be carried out on form data before it is submitted.
I just thought that enforce an authentication header with the first
request might well be worth a try before undertaking more hassle.
And this can be also tried out even more easily with the
'user:password@server' syntax directly in a browser that is
configured to support it.

>
> Sinan
>

Cheers,
Steffen

Re: HTTP Authentication with LWP

sheinrich@my-deja.com wrote in news:31ad6838-059c-4950-8773-07bd2c845498
@d61g2000hsa.googlegroups.com:

>>
>> The OP's problem is that the server he is contacting is
>> *not* using HTTP authentication. Therefore, sending headers
>> will not help.
....

> He didn't say that.

You did not quote what he said. I went back to the original message and
read between the lines. I might, of course, be wrong.

> He said his script made no use of credentials because a login form was
> received instead of a 401 . This could also be attributed to a server
> redirect upon a missing authentication in the initial request.

HTTP authentication and login forms (assuming we are talking about an
HTML form rather than the login prompt from the browser) are different
beasts.

>> As Paul points out, the OP needs to write code to populate the fields
>> in the form and submit it.
> (Who's Paul?)

I meant Peter (Scott) who replied elsethread.

> And this can be also tried out even more easily with the
> 'user:password@server' syntax directly in a browser that is
> configured to support it.

Again, that requires HTTP authentication, not form based authentication.

Sinan

--
A. Sinan Unur <1usa@llenroc.ude.invalid>
(remove .invalid and reverse each component for email address)
clpmisc guidelines:

Re: HTTP Authentication with LWP

I didn't mean to a argument with my first post here, so I want to
clear this.
1) Server supports Basic Auth
2) Server is somehow configured to not return 401
3) Adding the header with $req->header('Authorization', 'Basic ' .
MIME::Base64::encode("$user:$pass")); does the trick

Thanks everybody.

Re: HTTP Authentication with LWP

On Nov 16, 11:36 pm, Christian Schwarze
wrote:
> I didn't mean to a argument with my first post here, so I want to
> clear this.
> 1) Server supports Basic Auth
> 2) Server is somehow configured to not return 401
> 3) Adding the header with $req->header('Authorization', 'Basic ' .
> MIME::Base64::encode("$user:$pass")); does the trick
>
> Thanks everybody.

Thank you as well, Christian


:-)

Steffen

Re: HTTP Authentication with LWP

sheinrich@my-deja.com wrote in news:1f545b93-217a-4eea-b09d-
c26e496e9c0e@w34g2000hsg.googlegroups.com:

> On Nov 16, 11:36 pm, Christian Schwarze
> wrote:
>> I didn't mean to a argument with my first post here, so I want to
>> clear this.
>> 1) Server supports Basic Auth
>> 2) Server is somehow configured to not return 401
>> 3) Adding the header with $req->header('Authorization', 'Basic ' .
>> MIME::Base64::encode("$user:$pass")); does the trick
>>
>> Thanks everybody.
>
> Thank you as well, Christian
>
>
>:-)

Points (1) and (2) could have been stated clearly by the OP to avoid the
argument. Anyway, congratulations on your superior psychic abilities ;-)

Sinan

--
A. Sinan Unur <1usa@llenroc.ude.invalid>
(remove .invalid and reverse each component for email address)
clpmisc guidelines: