Rick Strahl wrote: > Thanks Geoff, > > >>I think you need a Require directive > > > Yes I do <g>... but as soon as I put a Require in there it tries to validate > every request into the directory.
yes it does :) > This is not what's requried. > > I need conditional authentication that's generated through the application. > I can do this with my own implementation of course, but it seems Apache > should allow me to do this under program control. IIS handles this no > problem... Apache isn't IIS :) > > There's an update to where I'm at here: > > http://west-wind.com/weblog/posts/1211.aspx > > I now at least have Authentication working, but it's still not what I'd like > to see for the app server with users getting the ability to simply ask for > auth from within the application by sending a 401 header. that isn't how Apache works, really. or http for that matter. you can send a 401 response/WWW-Authenticate header to your browser, and the browser will send an appropriate Authorization header, but on the next request. _that_ incoming request needs to be authenticated, and the way apache does that is via the authen/authz phases. without the Require directive those phases won't be run, so no authentication will take place. so, typically what you need to do for conditional authentication is apply the Require directive to enable authentication, then _disable_ auth for the requests that don't require it. one way is to use the Satisfy directive with the "Any" option and code your access phase according to your specifications. anyway, at this point the conversation doesn't really belong on [EMAIL PROTECTED] since this is a developer list and you're having a user/config issue. you might want to try #apache on irc.freenode.net for more pointers. HTH --Geoff
