I know my way around Drupal but I'm not a programmer. I don't really understand how I am supposed to configure http authentication.

I'm running a website with Drupal 6.2 with all nodes only accessible to specific roles. That means login is required. However I want to give all my users the possibility to access nodes also via a feed reader such as Google reader. I have searched the forum back and forth and from what I read I gather that HTTP authentication is the right module, or is it? On the configuration page for the module I have a text field where I am supposed to 'Promote HTTP authentication on pages'.

What am I supposed to do? Type in the name of the page that I want to give access to? Or the name of the feed? Can anyone help and give an example? What would I have to type in if I would like to give access to one specific feed? What, if I would want to give access to all feeds of my site?

Any help and/or more detailed documentation would be very much appreciated.

cheers, Axel

Comments

decafdennis’s picture

decafdennis commented
Title: don't understand documentation » Don't understand how to configure HTTP authentication

I think the problem is that the documentation is missing, and I apologize for that.

If you have enabled HTTP authentication, all pages can be accessed using HTTP authentication. However, most clients (browsers and RSS readers) will not use HTTP authentication until they're explicitly asked to do so, in which case they'll usually show a dialog for the user to enter a username and password.

There are two ways to tell Drupal to ask a client to use HTTP authentication:

  • add authenticate to the URL query string (e.g. /feed becomes /feed?authenticate and /?q=feed becomes /?q=feed&authenticate);
  • or by automatically promoting (as in advertising) HTTP authentication on certain pages, when an access denied page would've been shown instead.

If anonymous users do not have the access content permission, the RSS feed URL should show an access denied page when not logged in. In this case you will need to enter */feed (all URLs ending in feed) and rss.xml (front page feed) in the Promote HTTP authentication on pages field. Users should then be automatically asked for a username or password when they add the feed to their RSS reader.

If anonymous users do have the access content permission --- so only a part of the nodes are protected --- then you will have to tell users to add authenticate to the feed URL in order to see protected nodes in the feed.

Does that help?

Axel_V’s picture

Axel_V commented

Hi Naquah,

that was incredibly helpful. Now I understand a bit better. I am a step closer but not there yet. I put the lines

*/feed 
rss.xml

in the configuration text box.
I then tried to add one of my feeds to the Feedreader software:
It prompts a login box but when I type my login it comes up with the following message:
error adding feed: HTTP/1.1 401;
My logfiles show repeated 'access denied' for anonymous user messages

Google Reader:
does not prompt a login box but comes up with the following message:
no feed available for http://www.smartlabphd.com/phd/?q=taxonomy/term/2/0/feed
again logfiles show error messages

any ideas?

I would also like to try the other option you mention:

add authenticate to the URL query string (e.g. /feed becomes /feed?authenticate and /?q=feed becomes /?q=feed&authenticate);

Can you be so kind to elaborate on this a bit? Where exactly would I have to make these changes. Would I have to touch the code of the Drupal core?

Thank you very much for your time!
Axel

Axel_V’s picture

Axel_V commented

Hi Naquah,

sorry for being a bit slow in understanding things. After rereading your post I now understand what you mean with adding authenticate to the query string. I've used both methods but it does not work. Both Feedreader and GoogleReader reject the feed with the error messages being pretty much the same (see above).

Any help would be very much appreciated. Thanks, Axel

decafdennis’s picture

decafdennis commented

I don't think Google Reader supports authenticated RSS feeds, sorry. You could try to enter the username and password in the feed URL, like http://username:password@www.example.com/feed. This might or might not work.

As for Feedreader, does the Drupal log, besides an access denied entry, also contain an entry like "Login attempt failed for [user]" ?

Axel_V’s picture

Axel_V commented

Hi Naquah,

the http://username:password@www.example.com/feed for Google does not work

As to Feedreader: This is the exact status report that I get:
access denied 06/18/2008 - 23:09 taxonomy/term/2/0/feed Anonymous
I just tried to log in once from Feedreader and the log-files showed 5 attempts that were denied

Just so that you know: when for test purposes I give anonymous the rights to view the feeds the feeds, they appear fine in both Google and Feedreader (without http authentication obviously).

Axel

decafdennis’s picture

decafdennis commented

In that case either Feedreader isn't authenticating properly, or Httpauth isn't detecting the authentication information.

Are you using PHP in CGI mode? (See README.txt.)

decafdennis’s picture

decafdennis commented
Status: Active » Postponed (maintainer needs more info)
Axel_V’s picture

Axel_V commented

Thanks Naquah. I will respond on your comment but it might take two or three weeks as I'm currently working on other things.
Axel

decafdennis’s picture

decafdennis commented
Status: Postponed (maintainer needs more info) » Closed (won't fix)