Perhaps this is a somewhat broad question, but I am currently relying on shots in the dark …
We sometimes provide access to some web URLs (running Apache 2.4) protected by basic password protection.
I have never seen it myself, but every now and then I hear from external users that they are immediately seeing a
401 Unauthorized error. While it is true that the server reply is by design a 401 error code, it is also accompanied by a
www-authenticate header, and this should trigger a login dialog at the user’s end (where they should enter the credentials we gave them). In the cases in question, it is reported that no login dialog appeared. Unfortunately, I never have direct contact with the affected external users that would allow me a deeper analysis.
- Does there exist a somewhat common browser that does not understand the www-authenticate machanism?
suggests that Sfari and Opera are problematic – however I just made a
successfull test with one of them.
- Do there exist other common obstacles, e.g., firewall policies that rigorously strip the needed http headers?
- Any other ideas what could be going wrong in these cases, or what I could test?