urllib2 and HTTPBasicAuthHandler

Hi all,
I started to use urllib2 library and HTTPBasicAuthHandler class in order to authenticate with a http server (Zope in this case).
I don't know why but it doesn't work, while authenticating with direct headers manipulation works fine!

WinXP Sp2
Python 2.4.4

Thanks in advance for your help/comments

# TestAuthHandler.py
import base64, httplib, urllib2
httplib.HTTPConnection.debuglevel = 1
#
def TestAuth(method):
data = {'prot':'http','user':'admin','pass':'xxxxxx','host':'localhost','port':'8080','path':'manage','realm':'Zope'}
url = '%(prot)s://%(host)s:%(port)s/%(path)s' % data
req = urllib2.Request(url)
#
if (method == 'headers'):
base64string = base64.encodestring('%s:%s' % (data['user'], data['pass']))[:-1]
req.add_header("Authorization", "Basic %s" % base64string)
elif (method == 'handler'):
auth_url = '%(host)s:%(port)s/%(path)s' % data
auth_handler = urllib2.HTTPBasicAuthHandler()
auth_handler.add_password(data['realm'], auth_url, data['user'], data['pass'])
opener = urllib2.build_opener(auth_handler)
urllib2.install_opener(opener)
#
f = urllib2.urlopen(req)
data = f.read()
print data
#
TestAuth('headers')
TestAuth('handler')
-------------------------
output:
-------------------------
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd";>
<html>
<head>
<title>Zope on http://localhost:8080</title>
</head>
.... all right page ...
</html>


Traceback (most recent call last):
File "C:\Test\TestAuthHandler.py", line 25, in ?
TestAuth('handler')
File "C:\Test\TestAuthHandler.py", line 20, in TestAuth
f = urllib2.urlopen(req)
File "C:\Python\Lib\urllib2.py", line 130, in urlopen
return _opener.open(url, data)
File "C:\Python\Lib\urllib2.py", line 364, in open
response = meth(req, response)
File "C:\Python\Lib\urllib2.py", line 471, in http_response
response = self.parent.error(
File "C:\Python\Lib\urllib2.py", line 402, in error
return self._call_chain(*args)
File "C:\Python\Lib\urllib2.py", line 337, in _call_chain
result = func(*args)
File "C:\Python\Lib\urllib2.py", line 480, in http_error_default
raise HTTPError(req.get_full_url(), code, msg, hdrs, fp)
urllib2.HTTPError: HTTP Error 401: Unauthorized

Process "Python" completed with Exit Code 1, at 16/01/2007 16:51:18.
.

Relevant Pages

  • Re: NTLM 24-byte response generated by giving windows APIs a chal
    ... authenticate as someone else rather than the current user, ... basically is provide a response to a challenge ... I also spent some time messing with type-2 message flags to disable the ... "short circuit" that occurs if you login to the local system using ...
    (microsoft.public.platformsdk.security)
  • Re: WSE 2.0 and french text
    ... My Web Service is sending a response encoding with ISO-8859-1. ... If i change the settings of my HTTP Server in order to send a response ... >> These Web Services retrieve datas from an Oracle database. ...
    (microsoft.public.dotnet.framework.webservices.enhancements)
  • Re: VNC authentication weakness
    ... > authenticate without knowing the password simply by connecting within ... > response as the legitimate client. ... Since DES ignores the low bit of each byte ... can easily precompute every possible challenge the VNC server would send ...
    (Bugtraq)
  • RE: Application center test
    ... Thanks for your response. ... Forms authentication relies on login ... and it's the login form which is responsible for authenticate the ...
    (microsoft.public.vsnet.enterprise.tools)
  • Re: Please Help me- Creating Custom tokens
    ... So before he his given access to the Web Method, ... Directory(Using UsernameTokenManagers- Authenticate Method). ... is authenticated in the Web method before the response is sent I will ... >> There may be a security caveat breach though, anyone can do a MITM attack ...
    (microsoft.public.dotnet.framework.webservices.enhancements)