Reputation: 759
Private RSS Feed
How can I force basic http authentication instead of cookie authentication for one url / browser view and not to switch complete site away from cookie thing. We do not want to allow login parameters in url anymore.: /foren/RSS?__ac_name=meinloginname&__ac_password=meinpassword So feed readers need basic http authentication to access the feed.
Upvotes: 1
Views: 667
Answers (1)
Reputation: 1123710
Basic authentication is always supported; if a basic auth header is present the cookie-based login form redirect will not be shown.
Presumably you want to disable the redirect for the RSS feed instead, so when basic auth headers are not present a 401 auth-required response is sent instead of a redirect?
If so, then you'll need to provide PluggableAuthService plugin, implementing the IChallengePlugin interface to intercept the challenge() call and make sure unathorized is raised before the CookieAuthHelper plugin can redirect.
Upvotes: 3