I'm trying to get http basic authentication working on my rails app. I am running the app with nginx and passenger. I have the authlogic gem working and my authentication works. I have even used the single_access_token successfully. For some reason though, I am not able to authenticate using http basic authentication. As I understand, I shouldn't need to set anything up for it to work as it is enabled by default. I don't even know where to look through logs to figure this out.
I did some further testing and found out that i can authenticate with basic http authentication using curl on my mac but on my linux box wget does not work, using the same username/password. I have also tried with firefox from my linux box with no success.
This ground has been covered on SO previously.
Related
I have website running in my intranet, currently all users login to the website using LDAP - they need to write down their username and password.
I know that in ASP.NET, I can have Windows Authentication, which will remove the login process in my intranet.
How can I do this in Ruby on Rails using Nginx? I saw options for using IIS as proxy.. before I will quit and do this, do you have any idea?
This is answer for you question: http://wiki.phys.ethz.ch/readme/devise_with_ldap_for_authentication_in_rails_3
I havn't tested out this module, but this is what you want:
https://github.com/fintler/nginx-mod-auth-kerb
Kerberos is the way to go with this one, there's also an Apache module out there.
I'm not entirely certain where it would give you the Username - let me know if you find where it gets set
I have a Rails website that allows an authenticated client to post XML to a specific URL. In this particular instance, the post request is coming from a BizTalk 2009 server. Rails keeps responding with 401 Unauthorized and I'm not sure why.
The authentication on the Rails side is handled by Restful Authentication via HTTP basic auth. I have tested posting XML to the production site using curl and the credentials of the client in question and it appears to work fine. The owner of the BizTalk server and I have verified the credentials and the URL.
Is there something particular about the way BizTalk handles its basic authentication? Or is there something weird with Rails or Restful Auth? Any ideas? The web server on the Rails side is Nginx with Passenger 3.
What credentials are you using to authenticate? It would need to be that of the BizTalk service account that is sending the request. What adapter are you using?
Unfortunately, the problem went away undetected. I had to modify the auth code to deal with authentication problems in Internet Explorer (see http://rails_security.lighthouseapp.com/projects/15332/tickets/5-using-http-basic-authentication-with-ie-not-working). It's possible that BizTalk would have the same problem, but I can't verify.
It's also possible that the owner of the BizTalk server updated the credentials used to contact our service, but again I can't verify.
As we have bigger fish to fry, it's not worth it to us to track down the exact issue since all is working fine now. Of course that could change and I'll dig deeper and perhaps update this thread.
I have a rails 3 app hosted on heroku which contains sensitive data which is why i want to implement SSL. The info I learned from google searching doesn't exactly match my use case as I want to SSL the entire site. I'd like your help understanding the following.
Is there a simple way to force all app requests to use SSL? I want the landing page to even have SSL as the landing page has a sign in form. It seems like it'd be a lot simpler to SSL everything than select SSL on a per page basis. That being said, do I need a gem for this?
Thank you
Look for a Rack middleware that accomplishes this.
https://github.com/tobmatth/rack-ssl-enforcer
I found this post today which is updated and looks like a good solution:
http://www.simonecarletti.com/blog/2011/05/configuring-rails-3-https-ssl/
I am using SSL Enforcer with Heroku and it works great. However, I had a lot of trouble setting up SSL on my dev machine (Ubuntu 11.04).
First, Webrick did not work with SSL, so I found a hack which worked for a while. But then I had a weird javascript and Google Visualization API problem with it.
Now I installed Thin (which was easy), but it is not working with SSL Enforcer.
If you have the time to install and configure Apache, SSL will work. But I don't think Heroku uses Apache, so that's not so good...
I can see why people don't want to figure out how to run SSL on their local machine...maybe it's not worth it if you have a staging or QA server that does run SSL.
Can Rails integration tests hit another server for OpenId authentication?
When my Rails application, running on http://localhost:3000/, redirects to http://localhost:1123/server for OpenId authentication, Rails fake browser actually goes to http://localhost:3000/server. It seems like the fake browser used in the integration tests is ignoring the hostname and port, and just picking up the directory part of the path.
Any ideas how to allow that redirect to arrive at a separate server?
The 'fake browser' indeed only accesses the Rails application, and nothing from without. Which is good, because your tests would fail if you OpenID server is down.
The best solution is to use the 'fakeweb' gem. This allows you to emulate a remote response and test your applications behaviour accordingly.
I believe that we can allow Firefox to sent NTLM data to SharePoint sites to do automatic authentication, and I think that this is doable with IIS.
I'd like to do the same thing with an internal Rails site.
Does anyone know of way that I could authenticate NTLM type user information through a Apache/mongrel setup (provided of course that it's already running on a Windows box inside of an Active Directory domain)?
I created tutorial on how to install patched mod_ntlm module for Apache on Linux and how to pass NTLM authenticated username to Rails and how create Rails session from that. So as a result you do not need Windows server for running Rails application.
There you can find also how to enable automatic NTLM authentication in Firefox — enter "about:config" in location field and then search for "network.automatic-ntlm-auth.trusted-uris". There you can enter servers for which you would like to use automatic NTLM authentication.
Bit of extra info in case anyone stumbles across this.
I wanted to do something which I thought should be pretty simple - extract the users windows username using NTLM from a Rails app running on Mongrel/Windows (InstantRails actually). Having written the basic code manage the various handshaking operations (using the great NTLMRuby library at http://rubyforge.org/projects/rubyntlm/) and having got it to work wonderfully in Firefox I was somewhat frustrated to find IE not working.
Mongrel doesn't support keep-alives during the type1/2/3 message exchange (at least natively, I believe there's a hack/fix for it), which IE demands and Firefox gets by without.
So authenticating a Rails server running on Windows against a remote NTLM service (e.g. Sharepoint or another web site) is reasonably straight forward, but authenticating an IE browser against a Rails server running on Windows not so much with Mongrel. IIS would be an option, as might be basic Apache with FastCGI. The former feels a bit clunky and the latter won't be as fast as Mongrel.
I'm assuming you've already worked out which HTTP headers you need to send in order to get firefox and IE to send back the NTLM authentication stuff, and are just needing to handle that on the server side?
You could use some of ruby's win32 libraries to access the underlying windows authentication functions which handle the NTLM.
I'd suggest the path of least resistance might be to see if there is a COM component which can do the authentication for you, and if so, to use it using the Win32OLE ruby library.
If there's no COM component, you might be able to find something in one of those other libraries which can invoke the native win32 methods for you.
If you can't find that, you'd have to write a ruby C extension. I've done this on linux, and extending ruby is pretty easy, but you may find the microsoft authentication API's a bit painful.
Hope that gets you started on the right track :-)
You could also use the Apache ntlm module, which should pass a header onwards to your application with the username of the authenticated user. That module looks a bit old, but suggests some other modules that may suit your needs.
Old question I know but I came across this looking for a similar answer.
you could use the methods described here (http://blog.rayapps.com/2008/12/02/ntlm-windows-domain-authentication-for-rails-application/). However mod_ntlm is for windows authentication on a UNIX/linux machine. mod_auth_sspi is what you'll need for winNT authentication from apache under windows.
This particular project looks promising and is looking for contributors:
Rack middleware for transparent authentication with NTLM.
I haven't yet tried this out. For the moment I plan on implementing Raimonds' solution as it appears to have a lot of success.
Check out Waffle. It provides SSO on Windows to Java servers using Win32 API. There're a number of implemented filters (servlet, tomcat valve, spring-security).