Forcing a Basic Dialog Box

luislavena · December 30, 2011, 4:15am

I am trying to use the new postgres module and cant figure out how to
force a “Basic” dialog on the browser to do auth.

I am running v 1.0.11

The auth is working correctly ie: http://user:[email protected] correctly
authenticates.

The thing I want to happen is force the Basic dialog in the browser to
pass the credentials.

Here is my config.

Thanks.

location / {
auth_basic “Restricted”;
root /var/www/web/;
auth_request /auth;

     try_files $uri $uri/ @upstream;
 }

location /auth {
internal;

         postgres_escape   $user $remote_user;
         postgres_escape   $pass $remote_passwd;

         postgres_pass     database;
         postgres_query    "SELECT login FROM users WHERE

login=$user AND pass=$pass";
postgres_rewrite no_rows 403;
postgres_output none;
}

david · December 30, 2011, 12:51pm

Hello!

On Thu, Dec 29, 2011 at 10:14:58PM -0500, David wrote:

Here is my config.

Thanks.

location / {
auth_basic “Restricted”;

Just a side note: this line is useless.

    root        /var/www/web/;
    auth_request      /auth;

Browser will show auth dialog as long as it gets 403 with
WWW-Authenticate header. With auth_request it’s auth script
responsibility to provide this header.

        postgres_pass     database;
        postgres_query    "SELECT login FROM users WHERE
login=$user AND pass=$pass";
postgres_rewrite no_rows 403;
postgres_output none;
}

No idea if postgres module is able to set one.

Maxim D.

david · December 30, 2011, 1:01pm

Hi,

On Thu, Dec 29, 2011 at 10:14:58PM -0500, David wrote:

Here is my config.

it looks like your configuration file little bit different than
“Sample configuration #4” from ngx_postgres-0.9/README.md

location / {
auth_basic “Restricted”;
root /var/www/web/;
auth_request /auth;
    try_files $uri $uri/ @upstream;
}

-location /auth {
+location = /auth {

Also, “location /” below that “location = /auth”.
Could you please try original example.

–
Sergey A. Osokin
[email protected]
[email protected]

david · January 2, 2012, 10:47am

Fantastic.

That worked great. I didnt realize I needed the extra $more_headers
package.

Appreciate your help.

Thank you!

david · January 2, 2012, 5:14am

Hi,
diff inline.

Please note that you’ll also need ngx_headers_more module:

location / {
auth_basic “Restricted”;

-auth_basic “Restricted”;

     root        /var/www/web/;
     auth_request      /auth;

     try_files $uri $uri/ @upstream;
 }

location /auth {

-location /auth {
+location = /auth {

         internal;

         postgres_escape   $user $remote_user;
         postgres_escape   $pass $remote_passwd;

         postgres_pass     database;
         postgres_query    "SELECT login FROM users WHERE

login=$user AND pass=$pass";
postgres_rewrite no_rows 403;

-postgres_rewrite no_rows 403;
+postgres_rewrite no_rows 401;
+more_set_headers -s 401 ‘WWW-Authenticate: Basic realm=“Restricted”’;

         postgres_output   none;
     }

Best regards,
Piotr S. < [email protected] >