[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

How is mixed authentication/anonymous access implemented

From: Avalon <third-chance_at_gmx.de>
Date: Tue, 28 Dec 2010 14:35:08 +0100

Hi,

SVN features a mixed authentication/anonymous access (see http://svnbook.red-bean.com/nightly/en/svn.serverconfig.httpd.html#svn.serverconfig.httpd.authz.perdir.ex-3).

I want to achieve the same functionality using a PHP script: allow anonymous access until accessing some special content and than request authentification which should be checked according to a
htaccess-file.
As far as i understand the SVN example the authentification is performed by the Apache modules.

I configured the ".htaccess" file to look similar:
   Order allow,deny
   Allow from all
   AuthType Basic
   AuthName "Realm"
   AuthUserFile "/path/to/.htusers"
   require valid-user
   Satisfy any

Additionally a PHP script is inside the same folder.
When you now browse to the URL of the PHP script, you can access it without any credentials requested.

At some point the PHP script "decides" that authentification is required (e.g. when passing a param like "?need-auth=1").
I suppose this is similar to how the mixed authentication/anonymous access in SVN works (?).

Therefore it sends the following two headers:
   WWW-Authenticate: Basic realm="Realm"
   HTTP/1.x 401 Unauthorized

Then the user is asked to insert username/password for the basic auth.
But now comes the problem:
The apache will ALWAYS let the user pass as anonymous access is always granted.
I suppose the webserver does not even try to authenticate the user credentials.
Therefore it is not possible to decide in PHP if the user is anonymous or has been successfully authenticated.

How is this performed in SVN for the mixed authentication/anonymous access?

What i do not want is:
- check the credentials in PHP (due to the many different auth-methods which could be configured with Apache)
- have a dummy anonymous user like "guest" with password "guest"
- split anonymous and authenticated parts in separate folders (to use separate .htaccess-files)

I hope to get some enlightenment from the way SVN realizes this feature.

Any feedback is highly appreciated.

Thank you
Dirk
Received on 2010-12-28 14:35:40 CET

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.