#StackBounty: #http-basic-authentication #http-error-401.2 Are there common situations that cause a "401 Error" being display…

Bounty: 50

Perhaps this is a somewhat broad question, but I am currently relying on shots in the dark …

We sometimes provide access to some web URLs (running Apache 2.4) protected by basic password protection.
I have never seen it myself, but every now and then I hear from external users that they are immediately seeing a 401 Unauthorized error. While it is true that the server reply is by design a 401 error code, it is also accompanied by a www-authenticate header, and this should trigger a login dialog at the user’s end (where they should enter the credentials we gave them). In the cases in question, it is reported that no login dialog appeared. Unfortunately, I never have direct contact with the affected external users that would allow me a deeper analysis.

  • Does there exist a somewhat common browser that does not understand the www-authenticate machanism?
    CanIUse surprisingly
    suggests that Sfari and Opera are problematic – however I just made a
    successfull test with one of them.
  • Do there exist other common obstacles, e.g., firewall policies that rigorously strip the needed http headers?
  • Any other ideas what could be going wrong in these cases, or what I could test?


Get this bounty!!!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.