Re: How is mixed authentication/anonymous access implemented

From: Daniel Shahaf <d.s_at_daniel.shahaf.name>
Date: Wed, 29 Dec 2010 04:25:03 +0200

I think you're looking for this:
http://blogs.open.collab.net/svn/2007/03/authz_and_anon_.html

Also, I didn't quite understand your post, but unless it's about the
development of Subversion (i.e., implementing a new feature or asking
about internal implementation details), please follow up on the users@
list and not on the dev@ list.

Thanks.

Avalon wrote on Tue, Dec 28, 2010 at 14:35:08 +0100:
> Hi,
>
> SVN features a mixed authentication/anonymous access (see http://svnbook.red-bean.com/nightly/en/svn.serverconfig.httpd.html#svn.serverconfig.httpd.authz.perdir.ex-3).
>
> I want to achieve the same functionality using a PHP script: allow
> anonymous access until accessing some special content and than request
> authentification which should be checked according to a htaccess-file.
> As far as i understand the SVN example the authentification is performed by the Apache modules.
>
> I configured the ".htaccess" file to look similar:
> Order allow,deny
> Allow from all
> AuthType Basic
> AuthName "Realm"
> AuthUserFile "/path/to/.htusers"
> require valid-user
> Satisfy any
>
> Additionally a PHP script is inside the same folder.
> When you now browse to the URL of the PHP script, you can access it without any credentials requested.
>
> At some point the PHP script "decides" that authentification is required (e.g. when passing a param like "?need-auth=1").
> I suppose this is similar to how the mixed authentication/anonymous access in SVN works (?).
>
> Therefore it sends the following two headers:
> WWW-Authenticate: Basic realm="Realm"
> HTTP/1.x 401 Unauthorized
>
> Then the user is asked to insert username/password for the basic auth.
> But now comes the problem:
> The apache will ALWAYS let the user pass as anonymous access is always granted.
> I suppose the webserver does not even try to authenticate the user credentials.
> Therefore it is not possible to decide in PHP if the user is anonymous or has been successfully authenticated.
>
> How is this performed in SVN for the mixed authentication/anonymous access?
>
> What i do not want is:
> - check the credentials in PHP (due to the many different auth-methods which could be configured with Apache)
> - have a dummy anonymous user like "guest" with password "guest"
> - split anonymous and authenticated parts in separate folders (to use separate .htaccess-files)
>
> I hope to get some enlightenment from the way SVN realizes this feature.
>
> Any feedback is highly appreciated.
>
> Thank you
> Dirk
Received on 2010-12-29 03:28:14 CET

This message: [ Message body ]
Next message: Stefan Fuhrmann: "Re: [Be|Na]gging for review"
Previous message: Mark Phippard: "Re: svn commit: r1053461 - /subversion/site/publish/doap.rdf"
In reply to: Avalon: "How is mixed authentication/anonymous access implemented"
Next in thread: Avalon: "Re: How is mixed authentication/anonymous access implemented"
Reply: Avalon: "Re: How is mixed authentication/anonymous access implemented"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]