[英]Clash between .htpasswd and Website Authentication
I have some of my Drupal website contents exposed through a Json rest service.我的一些 Drupal 网站内容通过 Json 休息服务公开。 To access them I perform an http request with the Basic Auth protocol (ie, adding the Authorization header).为了访问它们,我使用 Basic Auth 协议执行 http 请求(即,添加 Authorization 标头)。
My problem is that this website must be published in a folder protected by the AuthUserFile method (ie, the .htaccess + .htpasswd).我的问题是该网站必须发布在受AuthUserFile方法(即 .htaccess + .htpasswd)保护的文件夹中。 Both methods require the same request header "Authorization", so i have no idea how to put them both on the request.这两种方法都需要相同的请求标头“授权”,所以我不知道如何将它们都放在请求中。
A request example would be:请求示例是:
curl -X GET \
http://exmple.com/restendpoint \
-H 'Authorization: Basic YWRtaslkdskdfhlskdjfgksdfgjpbmlzaA==' \
-H 'Content-Type: application/json'
Now, this request (given the corresponding credentials) works if I have only .htaccess authentication, or if I have only website authentication, but not both.现在,如果我只有 .htaccess 身份验证,或者如果我只有网站身份验证,而不是两者,则此请求(给定相应的凭据)有效。 I also tried to set same user and password for both the mechanism, but this doesn't work, I always can't access the content.我还尝试为这两种机制设置相同的用户和密码,但这不起作用,我总是无法访问内容。
Is there any way to make these two mechanisms coexist?有没有办法让这两种机制共存?
It is by definition not possible to include two different sets of credentials to a single request.根据定义,不可能在单个请求中包含两组不同的凭据。 Therefor you need to avoid multiple authentication requests by eg ip wildcards for your htaccess file.因此,您需要通过 htaccess 文件的例如 ip 通配符来避免多次身份验证请求。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.