Problem with HTTP authorization

Having problems with building or using CEF's C/C++ APIs? This forum is here to help. Please do not post bug reports or feature requests here.

Problem with HTTP authorization

Postby rado » Tue May 11, 2021 12:57 am

I have problem when invalid username/pasword is provided to HTTP authorization. Tested in my application and also in cefclient cef_binary_90.4.3+gc48a797+chromium-90.0.4430.51_windows32_beta and cef_binary_88.2.4+gf3c4ca9+chromium-88.0.4324.150_windows32.
I think it used to work in past (haven't tested this for long time, so I'm not sure), but now the GetAuthCredentials() and http request is fired many times and it ends like this:

Page failed to load.
URL: https://jigsaw.w3.org/HTTP/Basic/
Error: UNKNOWN (-375)
ERR_TOO_MANY_RETRIES

It is easy to reproduce, just modify username in ClientHandler::GetAuthCredentials() and visit https://jigsaw.w3.org/HTTP/Basic/
I'm not sure if it is bug, or am I supposed to handle repetitive calls to to GetAuthCredentials() and avoid passing the same username/password?
rado
Expert
 
Posts: 145
Joined: Wed Oct 05, 2011 3:32 am

Re: Problem with HTTP authorization

Postby magreenblatt » Tue May 11, 2021 1:14 pm

What behavior are you expecting? You need to cancel the authorization if you don't want it to retry.
magreenblatt
Site Admin
 
Posts: 12382
Joined: Fri May 29, 2009 6:57 pm

Re: Problem with HTTP authorization

Postby rado » Tue May 11, 2021 1:50 pm

I was expecting that when invalid login/password is provided, text request with the same login/pass would be cancelled automatically, but when I think about that, it would not allow to retry with the same password.
How can I detect invalid password to avoid retrying? The username/password is provided to my application ahead, it has no visible UI so I cannot offer user to provide other password or cancel. Can I expect that with good password CEF won't call GetAuthCredentials() again? In that case I could cancel all requests except first one.
rado
Expert
 
Posts: 145
Joined: Wed Oct 05, 2011 3:32 am

Re: Problem with HTTP authorization

Postby magreenblatt » Tue May 11, 2021 1:55 pm

Can I expect that with good password CEF won't call GetAuthCredentials() again? In that case I could cancel all requests except first one.

For the same request, yes.
magreenblatt
Site Admin
 
Posts: 12382
Joined: Fri May 29, 2009 6:57 pm

Re: Problem with HTTP authorization

Postby rado » Tue May 11, 2021 2:26 pm

By same request do you mean origin_url, or realm? I'm not sure whether I need to keep list of origin_url or realms or just one global bool.
rado
Expert
 
Posts: 145
Joined: Wed Oct 05, 2011 3:32 am

Re: Problem with HTTP authorization

Postby magreenblatt » Tue May 11, 2021 2:43 pm

I would start with the (url, realm) pair and see how that works out.
magreenblatt
Site Admin
 
Posts: 12382
Joined: Fri May 29, 2009 6:57 pm

Re: Problem with HTTP authorization

Postby greenleaf » Thu Jun 10, 2021 7:41 am

did you find a solution for this? I have same problem, credential are passed through a different application. I have issue that if user provides wrong password then CEF tries the authentication multiple times. Afterwards the windows account is locked.
greenleaf
Newbie
 
Posts: 1
Joined: Thu Jun 10, 2021 7:17 am

Re: Problem with HTTP authorization

Postby rado » Mon Jul 05, 2021 6:47 am

In my case browser is dedicated to one domain in it's lifespan, so in my authorization handler I send user/password only once, I'm cancelling other authorization requests because I suppose those are invoked because first authorization have failed.
rado
Expert
 
Posts: 145
Joined: Wed Oct 05, 2011 3:32 am


Return to Support Forum

Who is online

Users browsing this forum: No registered users and 46 guests