I'm trying to find what causes the Basic login dialog to prompt when accessing a protected endpoint. we are behind SSL and using Taffy REST framework.
The http basic login I'm referring is like this https://www.httpwatch.com/httpgallery/authentication/#showExample10 (click on the "Display Image" button)
Our onTaffyRequest code
function onTaffyRequest(verb, cfc, requestArguments, mimeExt, headers, methodMetadata, matchedURI){
//get username and password
structAuth = structnew();
structAuth = getBasicAuthCredentials();
structAuth.authenticated = false;
local.status = "forbidden";
/*<!--- Get request from ColdFusion page contenxt. --->*/
objRequest = GetPageContext().GetRequest();
/*<!--- Get requested URL from request object. --->*/
requestArguments.strUrl = objRequest.GetRequestUrl().Append(
"?" & objRequest.GetQueryString()
).ToString();
/* CATCH NO BASIC auth*/
//if username is blank return false
if (structAuth.username is ""){
return representationOf( local.status ).withStatus(401);
}
//check invalid password
if(structAuth.password is ""){
return representationOf( local.status ).withStatus(401);
}
return true;
}
Is the objRequest = GetPageContext().GetRequest(); making the login prompt appear?
If you remove the
objRequest = GetPageContext().GetRequest()bits, does it still give you the basic authentication prompt?I suspect you probably have an
.htaccessfile in the directory where your API is located that is requesting basic auth via Apache (or, if using IIS, you have basic auth required through IIS) which is presenting the login prompt.That's a server level dialog and unlikely to be something you can conjure up through code.