Restful_authentication, Internet Explorer, and unwanted http basic dialog

I have a fairly bog-standard installation of restful_authentication
and run my app in Rails 2.1. Internet Explorer 6 and 7 are popping up
an http basic authentication dialog instead of doing what all other
browsers do: go to the login page. Any thoughts why?

I've modified the following method of authenticated_system.rb, but
there's no difference before or after.

Before:

def current_user
   @current_user ||= (login_from_session || login_from_basic_auth ||
login_from_cookie) unless @current_user == false
end

After:

def current_user
    @current_user ||= login_from_session unless @current_user == false
end

Thanks for any help.

I should qualify that: 'before' you can log in with http basic
authentication, but 'after' you can't. My issue is that I don't want
to see the http basic authentication dialog at all.

The issue is in this method of authenticated_system.rb:

    def access_denied
      respond_to do |format|
        format.html do
          store_location
          redirect_to new_session_path
        end
        format.any do
          request_http_basic_authentication 'Web Password'
        end
      end
    end

For some reason Internet Explorer is falling through to format.any -
something's not quite working with its accept headers, it seems.
Compare:
http://rituonrails.wordpress.com/2006/12/10/strane-behaviour-of-respond_to-in-ie/

Alter access_denied to add this line (right below "def access_denied"):

request.format ||= :html if request.env['HTTP_USER_AGENT'] =~ /msie/i

It's a quick hack but it seems to work fine so far for me. The
problem is, as you've stated, IE doesn't seem to send the right accept
headers (if any) when fetching a URL without an explicit extension in
the URL. For instance if you have a /users/4 URL, it will bring up
the basic authentication dialog, but /users/4.html will correctly
redirect to new_session_path.

-J.

Chris Bartlett wrote:

I have a fairly bog-standard installation of restful_authentication
and run my app in Rails 2.1. Internet Explorer 6 and 7 are popping up
an http basic authentication dialog instead of doing what all other
browsers do: go to the login page. Any thoughts why?

I've modified the following method of authenticated_system.rb, but
there's no difference before or after.

Before:

def current_user
   @current_user ||= (login_from_session || login_from_basic_auth ||
login_from_cookie) unless @current_user == false
end

After:

def current_user
    @current_user ||= login_from_session unless @current_user == false
end

Thanks for any help.

I had the same problem. I think that it´s for the Mime Types (I observe
with the debugger that Firefox and IE have differents priorities using
images)...

So I coud fix the problem modifiying the access_denied method from the
lib/AuthenticatedSystem module as follows:

def access_denied
    respond_to do |format|
      #...particular formats if it´s neccesary
      format.any do
        store_location
        redirect_to new_session_path
      end
    end
  end

I hope this will be useful

Fer
Argentina