Thin over HTTP and REMOTE_USER/AUTH_USER
9 posts
• Page 1 of 1
Thin over HTTP and REMOTE_USER/AUTH_USER
Is there anyway to get IIS to set REMOTE_USER or AUTH_USER when using helicon zoo to serve rails apps using thin over http?.
With windows authentication enabled the "HTTP_AUTHORIZATION"=>"Negotiate " header is passed through to thin. It looks like thin is running behind a proxy in this configuration, so it would be impossible to have thin actually use that information.
It would be great if IIS/the thin task could set either REMOTE_USER or AUTH_USER for the rails app. Thus allowing me to have IIS authenticate the user, rather than doing this inside the rails app.
With windows authentication enabled the "HTTP_AUTHORIZATION"=>"Negotiate " header is passed through to thin. It looks like thin is running behind a proxy in this configuration, so it would be impossible to have thin actually use that information.
It would be great if IIS/the thin task could set either REMOTE_USER or AUTH_USER for the rails app. Thus allowing me to have IIS authenticate the user, rather than doing this inside the rails app.
- HeliconAndrew
- Posts: 1264
- Joined: 07 Mar 2012, 10:16
Re: Thin over HTTP and REMOTE_USER/AUTH_USER
hello,
That's for the idea! In the mean time you ,ay try using RewriteHeader from Ape or ISAPI_rewrite instead.
Regards
Andrew
That's for the idea! In the mean time you ,ay try using RewriteHeader from Ape or ISAPI_rewrite instead.
Regards
Andrew
Re: Thin over HTTP and REMOTE_USER/AUTH_USER
Thanks for your response andrew.
How would I accomplish this?. From what I can glean helicon zoo is reverse proxying the rails requests to an instance of thin it spins up on its own.
I'm using the web.config obtained from the helicon zoo page, but obviously running the handler for "Ruby 1.9 over HTTP, using thin as a back-end application server".
I've got the feeling this handler is doing url-rewritey things on it's own, would I be able to add the entry in the sites web.config file?
How would I accomplish this?. From what I can glean helicon zoo is reverse proxying the rails requests to an instance of thin it spins up on its own.
I'm using the web.config obtained from the helicon zoo page, but obviously running the handler for "Ruby 1.9 over HTTP, using thin as a back-end application server".
I've got the feeling this handler is doing url-rewritey things on it's own, would I be able to add the entry in the sites web.config file?
- HeliconAndrew
- Posts: 1264
- Joined: 07 Mar 2012, 10:16
Re: Thin over HTTP and REMOTE_USER/AUTH_USER
This issue can not be done in web.config solely. You need either ISAPI_Rewrite or Ape. Although we're going to make this possible for Zoo in the nearest future(couple weeks).
Currently you may use either Ape or ISAPI_Rewrite and see the following documentation in ISAPI_rewrite or Ape regarding the syntax of RewriteHeader directive.
Regards
Andrew
Currently you may use either Ape or ISAPI_Rewrite and see the following documentation in ISAPI_rewrite or Ape regarding the syntax of RewriteHeader directive.
Regards
Andrew
Re: Thin over HTTP and REMOTE_USER/AUTH_USER
All these variables are now set in the latest version of Zoo!
Absolutely fantastic!. I can now get the users name from rails!, (and no doubt this applies to any other frameworks you want to run behind IIS!)
Absolutely fantastic!. I can now get the users name from rails!, (and no doubt this applies to any other frameworks you want to run behind IIS!)
- HeliconAndrew
- Posts: 1264
- Joined: 07 Mar 2012, 10:16
Re: Thin over HTTP and REMOTE_USER/AUTH_USER
Yes, the variables are set now. In case there're any issues keep us posted, we'll be happy to assist.
Regards
Andrew
Regards
Andrew
- johnjeni33
- Posts: 3
- Joined: 17 Aug 2012, 06:23
Re: Thin over HTTP and REMOTE_USER/AUTH_USER
I was not able to get the user name passed from cosign to any services running with mod_proxy. Specifically I was testing on a rails app running on Thin and when dumping the environment variables nothing containing the user was present.However I'd found this module this module which did make all of this work (mod-proxy-add-user). [1] It describes the header for REMOTE_USER not being set in the right phase. I didn't know what this meant, but it got it all to work. Would be nice to not need this extra module.
Re: Thin over HTTP and REMOTE_USER/AUTH_USER
I'm trying to use this functionality with Python and WSGI under Server 2008, but I'm seeing the same thing beau was - no REMOTE_USER in the environment and a long Authorization: Negotiate header. The authentication does seem to be working on the IIS side. Is there a setting I have to change?
Thanks,
Mark
Thanks,
Mark
- stinklyonion
- Posts: 9
- Joined: 10 Oct 2012, 00:15
Re: Thin over HTTP and REMOTE_USER/AUTH_USER
beau wrote:All these variables are now set in the latest version of Zoo!
Absolutely fantastic!. I can now get the users name from rails!, (and no doubt this applies to any other frameworks you want to run behind IIS!)
Absolutely right. Haven't got any problems getting users name from the rails.
9 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 22 guests