Extension blocks access to some pages which are protected by .htaccess files

Question

Extension blocks access to some pages which are protected by .htaccess files

rms5566 opened this issue 4 years ago · 11 comments

rms5566 commented 4 years ago

Expected behavior

If you visit a website which is secured by .htaccess you should get a prompt for the passwort on your Mooltipass

Actual behavior

It won't work. Sometimes the website isn't displayed or it won't accept the credentials

Browser extension

Google Chrome

Moolticute Version

v0.44.1-testing

Operating System

Windows 10 Enterprise 2016 LTSB
Mooltipass Device
The Mooltipass Mini BLE

Answer 1 · 2021-01-24T14:38:25.000Z

Do you mean basic HTTP authentication? It's possible to use many different kinds of login prompts using .htaccess, including for example Shibboleth.

Answer 2 · 2021-01-26T07:16:50.000Z

I think it is Shibboleth.

Answer 3 · 2021-01-26T09:10:34.000Z

I see, so you are redirected to a Shibboleth IdP webpage? That should actually behave exactly the same as a normal web page or OAuth authentication in that case. I've used several Shibboleth IdPs (as I'm in the academic field) from many different websites and never experienced any problems. Perhaps you may want to provide some kind of link or procedure for us to replicate this problem you are experiencing.

Answer 4 · 2021-01-26T09:15:14.000Z

The Website is only available in our network. I tried to find a simmilar website but I found nothing. It reply with 401 - OK - Fehler

Answer 5 · 2021-01-26T09:19:26.000Z

A 401 error could be many things, including both basic HTTP authentication and Shibboleth, though it sounds more like basic HTTP authentication then. Could you perhaps use a screen capture program to create a video of the steps you go through? Or maybe take a bunch of screenshots?

Answer 6 · 2021-01-26T09:22:21.000Z

rms5566 commented 4 years ago

Answer 7 · 2021-01-26T09:30:20.000Z

So just the error doesn't really tell me much. The screenshots we need are a basic step by step overview of what you do. So you go to some kind of website, do you then get redirected? Do you press a login button? Do you get a login form or some other prompt for credentials? Does the Mooltipass ask to enter those? Are you redirected many times and at what stage exactly?

Based on the little information you supplied, I'm guessing this is a website at the Free University of Berlin, sometimes the right local or general IT administrator responsible for the login or application you are using, might be willing to assist. You could perhaps get them involved and have them respond to this issue on GitHub if you are unsure how to proceed. However, to be clear, with the current information none of the developers are going to be able to do much. It's simply not clear enough what is even happening on your end.

Answer 8 · 2021-01-26T09:41:28.000Z

I ask the IT administrator which is responisble for the website.

Answer 9 · 2023-05-22T10:04:46.000Z

@bertvandepoel It uses standard NTMLv2 Authentication with impersination.

Answer 10 · 2023-05-25T07:20:18.000Z

Oh, this is a very old issue. I didn't expect there would be any further updates. I'm guessing you mean NTLM and not NTML. NTLM is the windows hashing backend thing, so that would make sense. However, that technology you don't interact with directly. I expect some kind of overlay is used, like apache integration for example. That should mean it's just simple HTTP basic authentication, which normally works fine.

Could you verify that the issue is still there (there have been many many updates to the extension in the past 2+ years) and create the step-by-step, screenshot-based description I asked for previously?

Answer 11 · 2023-06-01T05:45:05.000Z

Soon I'll create the step-by-step you asked for previously. But the main Problem is that you can't really test it yourself because you don't have access to it.