IOS keep asking password with nginx auth_basic

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

IOS keep asking password with nginx auth_basic

j94305
Hi there,
I'm using nginx auth_basic "Restricted area" to protect website. So users
have to enter user/pass one time to access, it work fine in computer.
However, When testing with Ipad, everytime access to particular page which
page extension is .ivp, it will require a credential, once I submit
user/password, I can continue to work in this website. I think my issue
similar to
https://stackoverflow.com/questions/6178507/mp4-in-safari-fails-with-htaccess-authentication,
but I did not using .htaccess to try with the solution mentioned in this
topic.

As you can see in access log https://pastebin.com/6vWhtb3Y, when I submited
a POST request, then browser will have GET request to ivp page, and got a
401 code which is require to enter user/password. Any idea of what might be
causing this?
Thanks.

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,285874,285874#msg-285874

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: IOS keep asking password with nginx auth_basic

j94305
Hi everyone,
any idea about this issue?

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,285874,285908#msg-285908

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: IOS keep asking password with nginx auth_basic

J. Lewis Muir
On 10/17, tiendungitd wrote:
> any idea about this issue?

Are you serving over HTTPS?

Are you positive that you are *not* serving any content over HTTP from
HTTPS?

Can you create an MCVE (minimal, complete, and verifiable example) for a
".txt" file over HTTP?  For a ".txt" file over HTTPS?  For a ".ivp" file
over HTTP?  For a ".ivp" file over HTTPS?

In your Pastebin access log, I see occurrences of "$1" in your requests.
Is that intentional, or is that a bug?

What Content-Type header field are you sending in your response to the
request for a resource ending in ".ivp"?

Can you try adding a user name and password for the website on the iPad
under Settings > Passwords & Accounts > Website & App Passwords?

What happens if you try Firefox and Google Chrome on the iPad?  Do they
work?

Lewis
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: IOS keep asking password with nginx auth_basic

j94305
Hi Lewis,
>
> Are you serving over HTTPS?
>
Yes, all content over HTTPS

> Can you create an MCVE (minimal, complete, and verifiable example) for
> a
> ".txt" file over HTTP?  For a ".txt" file over HTTPS?  For a ".ivp"
> file
> over HTTP?  For a ".ivp" file over HTTPS?
>
Sorry, I don't know how to create this.
> In your Pastebin access log, I see occurrences of "$1" in your
> requests.
> Is that intentional, or is that a bug?
>
Yes, that is intentional.

> What Content-Type header field are you sending in your response to the
> request for a resource ending in ".ivp"?
>
They are text/xml;charset=UTF-8 and application/json.

> Can you try adding a user name and password for the website on the
> iPad
> under Settings > Passwords & Accounts > Website & App Passwords?
>
Yes, I already do this, but the browsers still promp password
> What happens if you try Firefox and Google Chrome on the iPad?  Do
> they
> work?
>
neither of them work in Ipad/Iphone.

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,285874,285934#msg-285934

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: IOS keep asking password with nginx auth_basic

Francis Daly
In reply to this post by j94305
On Mon, Oct 14, 2019 at 11:07:43PM -0400, tiendungitd wrote:

Hi there,

> As you can see in access log https://pastebin.com/6vWhtb3Y, when I submited
> a POST request, then browser will have GET request to ivp page, and got a
> 401 code which is require to enter user/password. Any idea of what might be
> causing this?

The access log that I see there does not seem to show me what you
describe.

Am I missing something?

Anyway -- the overall issue sounds like either an incorrect web server
configuration, or a broken client.

Can you show an nginx configuration that leads to the problem that
you report?

Does nginx just serve from the filesystem, or does it proxy_pass to an
upstream server?


If the problem is "wrong config", then possibly the config can be changed
to be right. If it is "broken client", then you must decide whether you
want to wait for the client to be fixed, or to change your config to
work with this client.

Cheers,

        f
--
Francis Daly        [hidden email]
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: IOS keep asking password with nginx auth_basic

j94305
> The access log that I see there does not seem to show me what you
describe.
Well, I just hightlight what I described, see http://prntscr.com/pm2qhl
> Can you show an nginx configuration that leads to the problem that you
report?
Sure, you can see in https://pastebin.com/iagU4XFC
> Does nginx just serve from the filesystem, or does it proxy_pass to an
upstream server?
It proxy_pass to the upstream server.
I tried which some IOS devices, they all got this issues.
Here is my nginx version

nginx version: nginx/1.13.6
built by gcc 4.8.4 (Ubuntu 4.8.4-2ubuntu1~14.04.3)
built with OpenSSL 1.0.1f 6 Jan 2014
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx
--modules-path=/usr/lib/nginx/modules --conf-path=/etc/nginx/nginx.conf
--error-log-path=/var/log/nginx/error.log
--http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid
--lock-path=/var/run/nginx.lock
--http-client-body-temp-path=/var/cache/nginx/client_temp
--http-proxy-temp-path=/var/cache/nginx/proxy_temp
--http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp
--http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp
--http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx
--with-compat --with-file-aio --with-threads --with-http_addition_module
--with-http_auth_request_module --with-http_dav_module
--with-http_flv_module --with-http_gunzip_module
--with-http_gzip_static_module --with-http_mp4_module
--with-http_random_index_module --with-http_realip_module
--with-http_secure_link_module --with-http_slice_module
--with-http_ssl_module --with-http_stub_status_module --with-http_sub_module
--with-http_v2_module --with-mail --with-mail_ssl_module --with-stream
--with-stream_realip_module --with-stream_ssl_module
--with-stream_ssl_preread_module --with-cc-opt='-g -O2 -fstack-protector
--param=ssp-buffer-size=4 -Wformat -Werror=format-security
-Wp,-D_FORTIFY_SOURCE=2 -fPIC' --with-ld-opt='-Wl,-Bsymbolic-functions
-Wl,-z,relro -Wl,-z,now -Wl,--as-needed -pie'

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,285874,285950#msg-285950

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: IOS keep asking password with nginx auth_basic

Francis Daly
On Mon, Oct 21, 2019 at 02:56:41AM -0400, tiendungitd wrote:

Hi there,

> > The access log that I see there does not seem to show me what you
> describe.
> Well, I just hightlight what I described, see http://prntscr.com/pm2qhl

Ok. In the first highlighted section, I see a POST which got a HTTP 200
reply. That is "success".

In the second highlighted section, I see a GET which got a HTTP 401 reply,
followed by a GET of the same url with a username includes, and a HTTP
302 reply.

> > Can you show an nginx configuration that leads to the problem that you
> report?
> Sure, you can see in https://pastebin.com/iagU4XFC

I think that the log file you show does not come from this config.

This config has:

  location = /403.html
  location ~ /(ivy/error)
  location ~ /(ivy/wf/)
  location ~* /favicon(.*)
  location /
  location /ivy/

The log shows requests that start with //faces/ or //pro/, and do not
include the string /ivy/.

Those requests should be handled in the "location /" block, which just
has "return 301 /ivy;"

The log shows no 301 responses.


I agree that something strange is happening.

But I think that you have not shown any evidence that nginx is involved
in the strange thing.

Can you build a test system with a very small config, and see if that
shows the same problems?

        f
--
Francis Daly        [hidden email]
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx