Login/password for demo TDS: boss:bossadmin
This is an example on making custom redirection types using Files, and on the Files feature capabilities overall.
A few words on HTTP basic authetification.
This is a standard HTTP authentification technique suported by every browser available. In the browser it works the following way:
- A visitor tries to access some protected recource (URL);
- The server replies with a 401 response having the WWW-Authenticate: Basic realm="Some welcome text" HTTP Header;
- The browser shows login/password dialog to the visitor;
- The visitor inputs login and password;
- The browser concatentates login and password with ':' symbol as delimiter, encodes the resulting string as Base64 and sends to the server a new request with the Authorization: Basic [Base64-encoded string] HTTP Header;
- The server extracts the Base64-encoded credentials and compares them to the list of known login/password pairs. If the credentials match one of the pairs, access to the resource gets granted.
So we would want to implement the following: if no Authorization header presents in the request - send the 401 response with
WWW-Authenticate header. If there is such header and it has
Base64-encoded boss:bossadmin string - redirect to yahoo.com with a countdown from 10 to 1. If it has
Base64-encoded tds:bosstds string - redirect to bing.com with a countdown from 10 to 1.
Base64("boss:bossadmin") = Ym9zczpib3NzYWRtaW4=
Base64("tds:bosstds") = dGRzOmJvc3N0ZHM=
We need to create two Files.
The first File, named httpbasic, is used to return 401 response with WWW-Authenticate header having "Please login with boss:bossadmin or tds:bosstds" as a welcome message.
We use a scheme named "auth". Open this link in another tab. To see all the scheme properties click on change button in the rightmost column.
In the scheme properties we set IN Url and Name to auth. Rest properties are left with default values.
Now we need to add a few OUTs in the Sequential OUTs section of the scheme.
The first OUT will be the one which sends 401 response with WWW-Authenticate header when the visitor is not authentificated. We add whatever we want in the URL field (as it won't be used). Choose Redirection Method : File and in File/Flash choose httpbasic - the name of one of the files we created on the previous step.
The second OUT will be the one
which redirects to yahoo.com. We add http://yahoo.com in the URL field.
Redirection Method : File and in
File/Flash choose countdown - the name of
the file with countdown script we created on the previous step.
Then we add a single rule of the HTTP Header type. In the rule we select accept only, input authorization as the header name and ^Basic Ym9zczpib3NzYWRtaW4=$ as the regular expression the header value must match.
So now this OUT accepts requests which have authorization header with value equal to Basic Ym9zczpib3NzYWRtaW4=.
The third OUT will be the one which redirects to bing.com. We add http://bing.com in the URL field. It will have the same properties as the secound OUT, but in the HTTP Header rule we have ^Basic dGRzOmJvc3N0ZHM=$ as the value.
Now we need to navigate to the list of the OUTs and rearrange them, so the one which sends 401 response would be the last in the list. Because this OUT should be used only when neither of the redirecting OUTs accepted the request.
Click on this link (http://demotds.bosstds.com/in/auth/) and see what actually happens.