Why does local(HTTP) connection work but not online(HTTPS)?

Question

Why does local(HTTP) connection work but not online(HTTPS)?

manzowa opened this issue 5 years ago · 16 comments

I am testing the SLIM structure for my new API REST project.

I installed SLIM on my Apache CGI server online with SSL certificate: ok, it works! I can access my resource from my computer (http://domaine.fr/v1/test for example)

I tested with basic authentication through the htaccess file. I type user / password to access my resource: it works!

Now, "I would like to test with basic authentication in SLIM with https://github.com/tuupola/slim-basic-auth

But it does not work! It always asks me for the login and password!

Answer 1 · 2020-06-10T07:31:31.000Z

Without seeing any code or having any useful information it is impossible to think about an answer.

Answer 2 · 2020-06-10T08:16:54.000Z

First, thank you for your quick response. Here is the local code
Local URL =>http://noe//v3/connecteurs

It works very well locally

And here is the code online
Online URL => https://noe300-dev.developpement-lanteas.fr/v3/connecteurs
.

it works very local but online it continues to ask for authentication.

Answer 3 · 2020-06-10T08:41:44.000Z

First thing I would do is to find out what is the difference between your local (development) and online (live) environments. For example what is the return value of noeUser().

Answer 4 · 2020-06-10T09:00:40.000Z

En Locally it is WAMPSERVER on windows and online is LAMP. The noeUser() function returns a table like [username => password].

Answer 5 · 2020-06-10T09:11:48.000Z

Yes. Now debug what noeUser() actually returns and what is different between the servers which causes live authorization to fail.

Code obviously works since it works in dev. Problem is some difference in live.

Answer 6 · 2020-06-10T09:27:49.000Z

The function returns an array like those
[ 'silex100' => '$ 2y $ 10 $ .VspSemhS8o7pswjJPkIxOWeD / CDARiXl6zsiCQdovfFfod.Lm8ya',
'admin' => '$ 2y $ 10 $ vNt9Sv6wRBd8QKNjNuIVqelGAMn8IZCqgqSx52q7Uxj3Maz5fKROO'
],
I even changed the configuration code to test

Answer 7 · 2020-06-10T09:37:47.000Z

If you are 100% sure that you are using the correct password start to look what is different with your server. For example does it pass the Authorization header to PHP (do a print_r($request) somewhere).

Answer 8 · 2020-06-10T10:50:32.000Z

The only difference is the secure parameter which changes to true.

Answer 9 · 2020-06-10T11:14:03.000Z

The secure parameter does not affect authentication. Look for differences in your server setup. Did you already check if PHP receives the Authorization header?

Answer 10 · 2020-06-10T11:49:00.000Z

I ran the phpinfo () function to see the difference between my local and online server. I find the absence of global variable $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW'] in server online.

Answer 11 · 2020-06-10T12:01:40.000Z

Thanks for the help.

Answer 12 · 2020-06-10T12:43:02.000Z

It seems that PHP is not getting the Authorization header. Server might be using FastCGI. The following might help:

https://github.com/tuupola/slim-basic-auth#usage-with-fastcgi

Or if using Apache you might try adding the following to .htaccess.

RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

Answer 13 · 2020-06-11T13:24:39.000Z

Thank you very much I managed to work

Answer 14 · 2020-06-11T14:38:21.000Z

Great! How did you fix it?

Answer 15 · 2020-06-15T14:29:42.000Z

I added RewriteRule. * - [E = HTTP_AUTHORIZATION:% {HTTP: Authorization}] in the .htaccess
Like these:

Answer 16 · 2020-06-16T09:05:57.000Z

Ok. Thanks for info!